LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

GNU Guix launches

GNU Guix launches

Posted Nov 28, 2012 1:12 UTC (Wed) by pspinler (subscriber, #2922)
In reply to: GNU Guix launches by dlang
Parent article: GNU Guix launches

what's the practical difference on a desktop machine between giving the user of the machine root (or sudo style package manager access like Ubuntu does) and allowing them to install arbitrary packages as "non-root installations in arbitrary paths"?

Lots. For instance:

  • No root means no messing about with contents of /etc, with selinux / apparmor policies, firewall, etc
  • Limiting filesystems where the packages can be installed
  • Making sure the places where it can be installed are mounted nosuid / nodev
  • Between all the above, it's notably harder to actually damage a system
  • User specific changes are isolated to a user filesystem, so the rest of the OS can be upgraded / replaced with (hopefully) minimal effect on user's customization
  • etc, etc

Anyway, point is, there's lots and lots of administrative advantages to limiting user customizations to limited areas and to stuff that requires no privs. Heck, I do this on my own workstation where I do have full privs.

-- Pat

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds