Privacy (su UID value in desktop entry standard)

C. Gatzemeier c.gatzemeier at tu-bs.de
Fri Mar 19 20:32:35 EET 2004 

Am Freitag, 19. März 2004 16:22 schrieb Linas Vepstas:

> From the "User Experience" persepective, I think you've described it
> exactly.
>
> From the 'how to actually implement this' I suspect that there are
> a number of devilish details, especially in the interaction between
> the finder and other apps.

I was thinking more along the lines of how to use what is already there, and 
not implementing an additional locking abstraction.

>  e.g. where on the desktop do locked files
> appear? Does the 'guest' desktop always show the files of all other users?
> Do we need to reinvent hidden files?

As a side note, I personaly would prefer if Desktops would make the filesystem 
and the concept of home directories easy to understand and visible.
IMHO the desktop should be the home directory. Instead, the desktop is another 
higher level, leaky directiory  abstraction. Just like in less capable OSes. 
New users will inevitably be confused later.

Don't think reinventing new hidden files should be necessary, private files 
are just one level up and in a another home dir. To make this even easier, 
and as we are currenty picturing a shared "family" system, maybe it could be 
explored to make the family home dir a group directory or just /home. From 
there it is just as easy to change (click) into the family dir as into any 
private dir (password provided).

>  Do permissions work at file
> level or directory level?

Should be both, but it is generaly easier to use directories, User Private 
Groups, and umask 002 (http://www.redhat.com/docs/manuals/linux/
RHL-7.2-Manual/ref-guide/s1-users-groups-private-groups.html)

>   What is the mapping between the "user
> Experience" and UNIX ACL's?  

It is absolutely possible that I did not understand you correctly. But again 
mapping to a different desktop abstraction doesn't sound like a good idea to 
me. It might be that we are just thinking this from different angles.

> How can I copy from user A to user B? (e.g. from user 'home-accounting'
> to user 'linas-mail'), how can I do that copy so that it doesn't expose
> security holes for future crackers/worms/viruses ?

Ok, here a litte diffence may become visible,  you seem to think of general 
application accounts (-accounting, -mail etc.). I was merely thinking to put 
tested unix multi user management effectively into use on the Desktop. The 
entities being the persons not the apps. Of course in some cases apps can be 
folded into "application accounts". Or alternatively you save your gnucash 
file in a group direcory accessible for group members even without password.

Things like copying from user A to B should come naturally. At this point if 
you have two filebrowsers open, one as root and one as regular user, copying 
back and forth alredy works fine. This needs "just" to be implemented on a 
directory and file level basis also within the filebrowser so that it prompts 
for a password if you try to access a out of current permission entity.


> I don't have answers to these; these are just some of the issues I could
> think of quickly.  I was sort of hoping that some of this had already
> been discussed a bit on the desktop mailing lists.

I hope someone involved in the desktops / filemanagers might step out and shed 
some light on related intentions.

> --linas

Christian

More information about the xdg mailing list