Complexity?
Complexity?
Posted Mar 5, 2013 10:29 UTC (Tue) by etienne (guest, #25256)In reply to: Complexity? by malor
Parent article: Namespaces in operation, part 5: User namespaces
> permissions are granted, normally, to users, not programs
Maybe that is not complex enough, and permissions should be granted to what the program is doing:
- if the program is updating itself (when no package manager) it should have rights to overwrite its own binaries
- if the program is configuring itself (when user changes something) it should have rights to change its configuration files
- if the program is being only "used", it shall do none of the above.
Ever seen a security system blocking half of the upgrade of a package?
I did not say I would like to manage such a system...