Re: desktop security

To: Custom Debian Distributions <debian-custom@lists.debian.org>
Subject: Re: desktop security
From: Michael Banck <mbanck@debian.org>
Date: Sat, 8 May 2004 17:54:53 +0200
Message-id: <20040508155453.GB1087@blackbird.oase.mhn.de>
In-reply-to: <200405081722.25742.c.gatzemeier@tu-bs.de>
References: <408FE8F4.9080402@cox.net> <200405071818.01928.c.gatzemeier@tu-bs.de> <20040507175409.GA28572@zombie.inka.de> <200405081722.25742.c.gatzemeier@tu-bs.de>

On Sat, May 08, 2004 at 05:22:25PM +0200, C. Gatzemeier wrote:
> Am Friday 07 May 2004 19:54 schrieb Eduard Bloch:
> 
> > > - The Desktop should generally equal (show) the $HOME directory btw.
> >
> > Parse error... or what is it good for?
> 
> Oops, how did I slip that in there.
> I believe it is in many cases preferable to have the desktop show the content 
> of the $HOME directory instead of $HOME/Desktop. In many cases ~/Desktop is 
> an unecessary differentiation. Using $HOME would generate less confusion, 
> users get used to their homedir right away and are more likely to keep it 
> tidy. For KDE try putting 
> 
> [Paths]
> Desktop=$HOME
> 
> into ~/.kde/share/config/kdeglobals (or /etc/kde3/kdeglobals)

Eh:

blackbird~$ ls | wc -l
284

I would be highly annoyed if I had 284 Icons on my desktop.

Sun threw insane amounts of money for usability studies on how GNOME can
be modified to be more usable. Seems having $HOME and $DESKTOP seperate
was deemed good.

> > > Depending on your preferences uncritical things like webbrowser or
> > > openoffice etc. can just be used out of the box, running as user "guest".
> > >  Other things like mail you may prefer running as a separate private id.
> >
> > I guess I know what you mean but I do not like it. Too confusing and too
> > high risk for potential security holes.
> 
> Please elaborate. I would be interested why it would be more confusing/higher 
> risk then having to create a new user account for (each) guest you have at 
> home. (without all the things you've set up to work for you before)
> 
> This idea was for a "just has to work" scenario *without* throwing system 
> restrictions out to "ease" things with bad side effects. In a case where 
> local access to the PC is considered save.
> 
> It should just work securely for everyone at your home and if you want to 
> separate somthing more privately you run the program as or change completely 
> to a different user id.  It is defenitely more secure than just letting 
> anyone work under the same ID which would probably be the obvious choice for 
> many otherwise.

I can't really follow you here. Please consider the following
scenario:

I'm logged into my box. A friend comes around and wants to check his
Webmail.

Do you propose to have the webbrowser run as 'guest' by default and if I
want to access privacy-sensible sites, I have to change to my own ID?

What's the problem with having a 'guest' user to which the $DISPLAY
should be switched, perhaps with a fast-user-switching tool.

Added IDs on the fly seems to be way more confusing to me, but perhaps
I've misunderstood you.

-- 
Michael Banck
Debian Developer
mbanck@debian.org
http://www.advogato.org/person/mbanck/diary.html

Reply to:

Follow-Ups:
- Re: desktop security
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>

References:
- Re: desktop security
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>
- Re: desktop security
  - From: Eduard Bloch <edi@gmx.de>
- Re: desktop security
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>

Prev by Date: Re: desktop security
Next by Date: Presentation ...
Previous by thread: Re: desktop security
Next by thread: Re: desktop security
Index(es):
- Date
- Thread