[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SEUL: Target user for SEUL

Simon Waldman wrote:
>This raises a question: is the end-user granted root access? Remember a
>Win95 convert will be used to a single-user system. They will not wish
>to know about such things, and will occasionally need root privilages,
>but should not be root all the time to avoid screwing their system up
>too easily!


>            Is it practical to have some kind of daemon that senses when
>the user doesn't have the privilages needed, and automatically runs su,
>with a suitable warning? This may be virtually impossible, I'm just

A daemon might be a bad idea, IMO.  I honestly don't think it's beyond
the abilities of the average user to learn that some functions require
superuser priveleges.

I do think, however, that we shouldn't grant root access automatically
whenever needed, because doing so would be, for all practical purposes,
just as bad as having the user run as root.

Perhaps all graphical administration tools should, when asked to modify
protected aspects of the system, pop up some sort of su dialog, saying:
"The function you have selected requires administrator privileges.  Enter
the root password below and select OK, or select Cancel to exit."

>> Yes; a "simple end-user" should never be *required* to learn vi, but
>> it's
>> always a good idea to tuck in vi or something at least as useful.
>> Perhaps our motto should be "You can do anything, but you don't have
>> to."

I agree completely.  Here's a suggestion:

   * Even though SEUL should be usable by non-hacker endusers, it
     should also be a system that developers/hackers should be happy
     to use.

I would like to be able to install SEUL on my Linux box, with _no_
loss of functionality.  Keep in mind that the greatest strength of
Linux is its versitility; if we start to chop off tools and servers
that "the end-user won't want", we'll cripple the system's versatility
and alienate the developers of the Linux community.

So by all means, let's not force the users to ever dirty their hands with 
vi, grep, tar, or gcc.  Let's make ftpd and httpd completely optional --
and non-installed by default.  If we can, let's make xterms totally 

...but let's not tell the users that they _can't_ use the Unix tools they
may have gotten used to.

In the title "Simple End-User Linux", it's the "Linux" that's meant to be
"Simple", not the "End-User".  :)

Nick Mathewson