Re: [RFC] User Accesable Filesystem Hierarchy Standard

[Alan Cox <alan redhat com>]

On Tue, Apr 06, 2004 at 09:36:24PM -0400, Jamethiel Knorth wrote:
> Actually, the idea does allow people to install shared programs. Part of 
> the purpose of this is that a user can install a shared program without 
> escalating their privileges. Of course, a system can be set up to prevent 
> this. The main advantage in a home environment is that, if a user does 
> install something, it needn't be installed with root permissions.

Your typical home user will install prebuilt packages using the tools
provided with the system. In a non home environment you rarely want users
installing anything, and with SELinux you can go so far as to make
just about anything user originated (scripts included tho its a bit
tricky) non-executable. This is good as it turns "I got this cool christmas
card and ran it" into "I asked the sysadmin why it wouldnt run and she told me
about trojans".

> Looking at the current situation with Windows, it's fairly reasonable to 
> assume that regular users will intentionally install programs without 
> properly checking what they are and who made them. If they do this with 
> root privileges, the program could influence every portion of their system 
> and this could cause catastrophic problems.

"Other people fire shotguns at random without warning, lets all do that"

Maybe there is an argument for a /usr/local/ with default labels that
prohibit privileged roles using the contents and which doesn't require
total superuser rights to write into.

That also solves
	- The 10,000 private installations of epic problem
	- The cross platform problem
	- Non-exec /home

Alan