Re: Re (2): Multiplicity of accounts.

[Richard Owlett <rowlett@cloud85.net>]

peasthope@shaw.ca wrote:
> From:	Joel Rees <joel.rees@gmail.com>
> Date:	Wed, 2 Oct 2013 15:30:26 +0900
> > On MSWindows XP, ... surfing the net as the primary admin user
> >   ... was the primary path of ingress and the primary cause of the
> > proliferation of 'bot nets.
>
> A flaw in Windows to contrast with Debian?
>
> > And accessing your bank logged in as the same user that you use to
> > surf random sites is one of the primary causes of leaked bank account
> > numbers and passwords.
>
> The banking information is stored in a cookie.  Subsequently a site other
> than the bank is allowed to read the cookie?  A failure of the browser.
> Correct?  Prior to studying this thoroughly, I might stick to personal banking.
>
> > What does Puppy have to do with anything?
>
> Merely an example contrasting a multi-user installation.  It's the best
> example I could conjure.
>
> > And what does using permissions improperly to allow several people to
> > edit a document have to do with anything?
>
> Certainly permissions should be used correctly.
>
> There can be more than one solution to a problem.  To learn more about
> a wiki server and how it can support cooperative editing of a document
> and whether it can run on a single user system, I'll have to study further.
>
> > I'm sorry to be rude, but I'm in a bad mood today.
>
> No obligation.  Your first response was helpful already.  Hundreds of other
> bright people read this an can contribute.
>
> > I'm not going to
> > try to carefully explain to you why you don't want your son or your
> > best friend to log in as root ...
>
> That is exactly what might happen with Puppy Linux.  But not every
> computer is time shared.
> http://en.wikipedia.org/wiki/Time_sharing
> Physical security of a personal machine can exclude everyone but the
> owner and personal ownership of computers is commonplace.  Cell
> phones alone must outnumber desktop machines by a factor of 1000 or more.
>
> > ... you don't want all your users having full access to every document
> > on your system.
>
> The fixed disk drive is no longer the only working storage.  Data can be
> on a flash store which is removed when the user leaves the machine.
>
> Our discussion emphasizes that I also need to convince myself that
> browser data is not left in /tmp or in ~/.config at logout.  ~/.bash_logout
> might be my last resort to remove data left by sloppy software and I need to
> study further.  Seems the topic should be in http://wiki.debian.org/.
>
> Regards,             ... Peter E.

Hummmm. Looks as though there be some here that might agree with 
my thought patterns, if not my conclusions and resultant actions.

I have three machines. I am the *ONLY* person with access to any 
of them.

One machine has my projects and associated data. There is an 
image of its hard drive on a 1TB USB drive which is currently not 
connected. This machine is physically incapable of connecting to 
the internet.

My second machine is effectively dedicated to email and web 
browsing. As I am on dial-up there is only a connection when 
actively in use. JavaScript and cookies are initialized to OFF 
each tine load SeaMonkey.

As I said in my original post 
(http://lists.debian.org/5245CCD2.9010107@cloud85.net), the third 
machine is set aside for experimenting OS installs. Thus the only 
"data" not from install media are boot menus and configuration info.

So why shouldn't I want the same privileges in the GUI as I have 
after issuing su in the command line mode?