[maemo-users] [maemo-users] Re: Brocken a third time

From: Aniello Del Sorbo anidel at gmail.com
Date: Tue Feb 13 19:32:03 EET 2007
Paul Klapperich wrote:
 > On 2/13/07, *Aniello Del Sorbo* <anidel at gmail.com 
<mailto:anidel at gmail.com>> wrote:
 >     Zoran Kolic wrote:
 >      >> Why should the installer need to be root to do so?
 >      >
 >      > Looks like 770/800 is not ready for user-space apps. It is a 
new kind
 >      > of philosophy on unix field. Personaly, I don't like it much, 
but a
 >      > lot of folks have stars in the eyes.
 >     Yes it is a rather new philosophy. Ubuntu and Mac OS X embraced it
 >     already.
 >     It can help. A user app cannot mess with the system UNLESS the user
 >     enters a password.
 >     It's different than just clicking "OK" on a warning.
 > Ubuntu does not, not sure about Mac OS X. Ubuntu /always/ requires a 
password to install anything because dpkg is run as root. Ubuntu uses 
the same old philosophy as the other systems. The only difference is 
Ubuntu runs with the actual root account disabled and sudo as the only 
method to gain root, similar to our Nokias. This idea isn't new, it's 
just not common to be setup that way by default.
You're right. Ubuntu asks for password just because dpkg requires it.

Mac OS X is different. They have what they call Application Bundle.
You just (as user) drag the application you want to install into the 
Application folder (owned by root, writable by admin). If you are an 
admin you can copy it with no problem, otherwise an admin login and 
password are asked.
Of course this is intended as : I own my Mac, I want my kid to use it.
I am the admin, he is not. I can install, he can run.

Some application require to run an installer. If you are the admin it 
would simply install, if the application needs to be root, it'll ask for 
you password (to exec sudo I suppose). If you are a regular user a login 
and password of an admin are asked.

It does not add real security. But I can limit damage.
My kid can destroy his own photos by mistake, an app he ran can lock 
down the whole system and a reboot would be required. But the 
application he ran cannot (unless smart enough) brick the Mac.
And he cannot brick the Mac unless I give him an admin password.

On the other side, I could just use the Mac as a regular user. I might 
not be confident with this computer thingy. So I don't want to mess with it.
Whenever I need to install an app, I am asked with admin credentials. 
And I enter them. Otherwise I won't.
Some app probably could be just dragged onto my desktop as regular user 
and be used straightaway. They cannot harm my Mac. They can just bring 
it to a state were a reboot would be needed. They can, however, remove 
all my pictures.

Some ideas, from this scenario, could be brought into my tablet.

Regular applications that do not need root, can be installed right away 
(with just the Nokia butt-cover warning).
If I run or want to install an application that needs to mess with the 
system I can type in my admin password (along with the usual Nokia 
butt-cover warning).

What's wrong with that?
I am a regular "USER". And I don't want to mess and brick my device. Or 
bettere rephrased: I don't want it to be MY fault.

Installing openssh IS NOT a regular user action. Almost no user ever 
needs it.
But if some other application needs it, I would be glad if you, nokia 
tablet, would tell me that is a system app and that to install it I need 
to enter this mighty state.
I want to know that this application CAN do real damage. That's it, more 
than removing my photos.
(even if I agree that deleting my picture IS real damage, to me. But 
nothing can be done here).

 > AFAIK, user-space-apps are more like what you were describing: some 
apps require root to install, others do not. I don't know of any 
distribution setup this way by default.
Unfortunately seems there are none.


More information about the maemo-users mailing list