> permissions are granted, normally, to users, not programs
Maybe that is not complex enough, and permissions should be granted to what the program is doing:
- if the program is updating itself (when no package manager) it should have rights to overwrite its own binaries
- if the program is configuring itself (when user changes something) it should have rights to change its configuration files
- if the program is being only "used", it shall do none of the above.
Ever seen a security system blocking half of the upgrade of a package?
I did not say I would like to manage such a system...