Some points/issues to discuss about the desktop
Matt Zimmerman
mdz at canonical.com
Mon Sep 6 13:04:05 CDT 2004
On Mon, Sep 06, 2004 at 01:46:36PM +0800, John wrote:
> Jeff Waugh wrote:
> >The desktop is not the right place for stuff like this -> you have fast
> >access to the System Configuration menu from the top panel, whichever user
> >you're logged in as.
>
> For some twenty or so years, I've firmly believed the first part of
> security in any menu structure is to only show users what they are
> permitted to do.
>
> If they have no administrative rights, do not show them any
> administrative tools. If you can't burn CDs, don't show them the tools
> to burn CDs.
In our desktop security model, the initial user (added during the install)
is an administrator, with sudo privileges, so all of these menu items apply
to that user.
I'm not sure what it would take to hide these items from users who do _not_
have such privileges, but perhaps it's something we could investigate for
Hoary.
> Jeff is a developer, so he has access to (approved!) text editors,
> compilers & other build tools, maybe OOo for documentation. And the
> programs he's working on. Not other applications.
>
> He don't do the books, so he doesn't have access to the finance tools. At
> all. He doesn't do system backups, so he doesn't have access to those
> tools either.
Do desktop users truly require this level of granularity? It sounds like
MAC for menu items, and MAC systems are notoriously tricky to configure and
unintuitive for inexperienced users.
--
- mdz
More information about the sounder
mailing list