Future and impact of ongoing projects in Linux world

Xen list at xenhideout.nl
Wed Oct 5 02:05:33 UTC 2016


Xen schreef op 05-10-2016 3:32:

> In short, the discrepancy between what a user can do and what root can
> do, is too big.

The result of this is that most services are installed completely 
system-wide and there is nothing less than that.

Now you may think containers are a solution to that but if you use e.g. 
LXC for that you still have the same programs running equally 
system-wide but now they are just doing that inside of a container.

That doesn't change the programs, you know.

In terms of logging: why is there not a daemon that can run for a user 
specifically?

Why is there not a user fstab in which the user can specify mounts he or 
she wants to use? It is possible for libpam-mount but not for regular 
fstab.

Why are there so few user-oriented systems that a user can use in a 
convenient smaller environment?

- there is no user init system, unless you run stuff through e.g. 
.bashrc or some xinit script or whatever. That is extremely arcane and 
impossible for a regular user to do.

- where are the services a user can configure, for example as part of 
first logging on to a system? Why is there no "smaller version" of the 
"greater system"?

If there was actually a good init system it would be dead easy to retain 
the shape of it and just make a smaller version of it, for the user 
specifically.

I am slightly aware of efforts in the past by some sponsor to the Linux 
Foundation that wanted to lesson security in a certain sense by allowing 
users to install packages and this effort was refuted by one of the 
employees that was subsequently fired for it.

We still do not have user packages.

There are plenty of services that could run on unpriviledged ports just 
as well as they could on privileged ones. There is absolutely no 
requirement that something like Dokuwiki would require admin rights. So 
why do we only have stuff admins can install?

This creates issues for wiki's notably because personal wikis are never 
system-wide in concept and yet you cannot run them for your own user???

Suddenly your personal documents are maintained in /var/lib/something!! 
I have been fighting this for a long time.

And now we have snaps but snaps are equally system-wide. Ubuntu's snappy 
page mentions the following command:

$ snap install hello

But you can't actually do that.

error: access denied (try with sudo)

Oops, busted. You need a root prompt for that.




More information about the Ubuntu-devel-discuss mailing list