The Unix security model could help also desktop users.

The Unix security model could help also desktop users.

Posted Sep 27, 2003 10:18 UTC (Sat) by bockman (subscriber, #3650)
In reply to: A different kind of bad week by Wout
Parent article: A different kind of bad week

In Linux the user - system seperation protects most of the system from actions done under a user's id. It also protects users from each other. For desktop systems this is not enough though. On a desktop system, there is usually one user. The most valuable files on such a system are probably owned by that user. This means that a virus that damages those files has achieved just about the worst that could happen - from the user's point of view.

A secure-minded desktop distro (or a secure-minded desktop user, if any exists) could be configured to run any browser and e-mail program (or other program's accessing the 'Net) with a dedicated account, which can only read files, but with write-access only to a specific home directory subfolder. Files owned by this account should be readable/writable by the normal user account. This would annoy only sligtly the user, since he can still upload/download stuff without too much hassle. The problem is that there should be different such accounts for each created user, e.g. to keep dowloaded stuff by one user not readable by others, if so he chooses.

---

(Log in to post comments)