GNU Guix launches
Posted Nov 28, 2012 1:12 UTC (Wed) by pspinler
In reply to: GNU Guix launches
Parent article: GNU Guix launches
what's the practical difference on a desktop machine between giving the user of the machine root (or sudo style package manager access like Ubuntu does) and allowing them to install arbitrary packages as "non-root installations in arbitrary paths"?
Lots. For instance:
- No root means no messing about with contents of /etc, with selinux / apparmor policies, firewall, etc
- Limiting filesystems where the packages can be installed
- Making sure the places where it can be installed are mounted nosuid / nodev
- Between all the above, it's notably harder to actually damage a system
- User specific changes are isolated to a user filesystem, so the rest of the OS can be upgraded / replaced with (hopefully) minimal effect on user's customization
- etc, etc
Anyway, point is, there's lots and lots of administrative advantages to limiting user customizations to limited areas and to stuff that requires no privs. Heck, I do this on my own workstation where I do have full privs.
to post comments)