Leif Johnson wrote:
If this argument is true, have you looked at the crazy processes that run to support a GNOME session ? It's wack. I really like using my panel applets, and I think nautilus is fun, but I'm not sure that means it's a smart idea to trust bonobo-activation (for example) with root permissions.
No, it's no "stupider" an idea to run bonobo-activation with root permissions than it is to run it with uid permissions. All your important information (documents, school work, job work, personal data, credit card numbers, passwords, code, etc.) is stored in your home folder, under your uid. Are you afraid of your existing bonobo-activation destroying that data? Why not?
The problem is that unix-heads tend to be inconsistent in their paranoia. They'll run unstable server processes from debian sid. They'll run random software as their UID with permission to destroy all their important personal data. But god forbid -- they WON'T run little old bonobo-activation as root for fear that it will destroy some "sensitive" information. This is totally irrational.
Seriously, most files owned by root are LESS sensitive than files owned by users. How disastrous would it be if /usr/lib gets wiped out -- no problem, you can DOWNLOAD that stuff! Just back up your /etc and /home folder, reinstall debain, and you've fully recovered! Or if you have another debian box available, just use cp -a! The real danger is in losing something like ~/schoolwork or $MAIL, for which there is no recovery solution available. And surprise -- you're already 100% vulnerable to this type of disaster. You just don't care because it's not likely to happen.
Well, the same with running a gui as root. A disaster is not likely to happen. If you really wanted to get users not to fuck things up, you'd need to disallow them access to their home directories. But that would be irrational, wouldn't it?