The OS on my machines will not allow a person to run an
administrative
desktop. It enforces the separation between the administrator
and a
normal user by requiring the creation of at least one normal
user at
install. Only that normal user can log in.
On Friday 28 August 2009 09:30:26 Thor (Hammer of God) wrote:
Oh, now that's cool. I didn't know that. The "force to create
a normal
user and only use that" was not something I was aware of.
What's the OS? So, even if you wanted to, you couldn't log on
as
administrator and just do whatever you needed to? I'm not sure
if I like
that, but I assume this is customizable behavior, yes?
The OS is Debian Linux. Virtually all behavior in Debian is
customizable, but
you would have to look look long and hard to find a Debian user
who would
want to allow logging into an administrative desktop. You may
become
administrator in a terminal or shell. All administrative tasks can
be run
from the shell (sometimes called the command line in Windows) in
Linux. On a
graphical desktop, programs may be run as administrator; they
provide a login
prompt before the program will execute. Programs relying on the X
server
(that's the underpinning for the graphical interface) cannot be
launched from
an administrative shell by default. At the very least, remote
administrators
are blocked from doing that.
Finer controls are available for normal users. Linux (and other
Unixes, I
assume) assigns users to groups with names like cd-rom, tape,
sudo, and
backup. Assigning a normal user to these groups allows limited
extra rights.
I understand Windows also has similar fine grained controls. My
point is that
at least some Linux distributions lock things down more by
default. The major
distributions all do. That's a good thing. That makes the OS a
more hostile
malware environment by default. That and the more diverse
environment that
Linux presents, means that Linux desktop users will probably never
have to
worry much about malware infections.
One distribution catering to Windows users (initially called
Lindows, then
Linspire) set their distribution up the Windows way (making the
administrator
the default user). They caught hell for it. Mercifully, they are
defunct.
A lot of productivity and game software
required
being an administrator to run. Back in my Windows 2000 days that
was a huge
problem. I don't know if the problem remains today, but I ran
across it with
a multi-platform program called RawTherapee under Linux. It writes
its
configuration files where it's installed, not to the user's
configuration
area. That means running it as an administrator, or installing it
to one's
home directory (the Windows equivalent is "Documents and
settings"). Not
good, especially if you set the home directory to refuse all
executable
files. Clearly the author of the software used Windows first, and
assumed
that all users would run as administrator.
Absolutely - and I learned something about other default options
on other
OS's too ;)
Now if we can only teach people that there is no fortune to be
made off the
transfer of funds of defunct African dictators. Piece of cake. ;)
