On Tue, May 16, 2000 at 06:11:49PM +0200, Thomas wrote: <snip> > I am not saying that we should move all user-specific options in an LDAP db, but > it would be much cleaner if user configs options were kept in the same place. > The problem is of course file access perms on this file, but some suid packages > could handle this (like chsh) the LAST thing we need is more set[ug]id programs to create security holes. besides that I think that denying the user the ability to modify his own environment HOWEVER he wants is evil. your plan would require a special editor otherwise all other user's environments would be compromised. it also sounds like everything would end up being in a *cough* regisitry. no thanks ill take my .files in my $HOME please. > It would allow us to write a generic program (probably patch debconf, or > web-driven interface), with a nice-UI, that would be run by an user whenever he > needs to change some settings on his account. *cough* WinNT *cough* GUI only *cough* no thanks. > I think this would be especially usefull on large networks where users are not > really Linux-friendly. I have set up xterms in my school, and students just log > in as netscape and get a netscape. I would like each user to get his own > account, but to get this working, I need to be able to make template-accounts > and replicate them (which is quite easy) but I will also need to make changes to > all users, which is really harder. not really, for the `dummy' accounts where the users are too clueless to maintian thier environment (otherwise why would you be screwing with it) just make all there .files symlinks to a global profile say /home/clueless you need to make changes to all the accounts at once you just modify the .files in /home/clueless. simple. for multiple machines things like cfengine, rsync and others can easily take care of syncing /home/clueless from machine to machine. > Something great would be to allow users to change their default window manager, > shell, password, ... using > a web interface, but I don't feel like writing a perl script clever enough to do > that. If we had a database, which replaced .bash_rc, .xsession, and password > command, with fields descriptions it would be pretty easy to do. you don't need to ruin what is great about unix to accomplish that, just write a Pointy clicky app that presents options for all the various things that the user would want to change and have it change the appropriate .files, if they change the windowmanager it changes ~/.xsession they change the passwd it runs /usr/bin/passwd. taking away the control of the expert users and tossing all the config into a *cough* registry just to make a pointy clicky app slightly easier is just laziness. sorry. > We can't change the way every Linux programs handle user specific configuration, nor should you, instead of trying to microsoftify *nix write utilities that use the underlying system AS IS. > but we could improve the way most-used parameters are handled. > Have you ever heard of something like that ? (I think debian developpers are > able to change their passwords on the web) Can you do more than passwords ? > Where can I learn more on it ? > > What do you think ? I think your intentions are good but your ideas are misguided. This is the exact kind of idea that makes people say `don't make GNU/Linux easy that will just turn it into Windows' what they are worried about is someone coming along and deciding to get rid of the text based .files that we have now and replacing it with some monolithic (probably binary) registry that only the pointy clicky newbie program knows (or has access too in your plan!) how to edit. if that occured the hackers who primarly use *nix now would no longer be able to hack ~/.bashrc with vi, joe, or emacs. that argument is usually considered paranoid silliness for the reason that writing a pointy clicky app to modify ~/.bashrc is quite easy and need not change the format nor eliminate ~/.bashrc as it exists now, meaning if your a hacker and have no need for bloated point and drool interfaces you just fire up vi and hack .bashrc however you please. so in short i don't like your proposal, if you want to make tools that make it easy for newbies to configure thier environment fine, but they MUST simple edit the existing human readable .files in the users home directory. no backend databases, no registries, no global files shared by mulitple users and edited by security killing set[ug]id programs. for mass numbers of clueless user accounts that (if you feel they must) be shared among several accounts use something like the symlink trick i mentioned above or cfengine, rsync or some other equivilent tool. [try not to take my somewhat acerbic attitude as a flame, im not flaming] -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpFnHp0UsTWD.pgp
Description: PGP signature