Fog Creek Software
Discussion Board




Lindows and user-accounts

In response to a Slashdot interview with Michael Robertson -- http://slashdot.org/article.pl?sid=03/05/05/1225249 -- the debate about whether or not Lindows should have a user-account by default, as opposed to just logging in as root by default, came up (big surprise there). I posted a response here:

http://slashdot.org/comments.pl?sid=63110&threshold=2&commentsort=3&tid=163&mode=thread&cid=5884001

Basically, it all reduces down to this: just root = easier, user account = safer. My suggestion to make both hardliner camps happy was simple: At the end of the Lindows install process, have a prompt pop up and ask the user:

"Create user account?
[ ] Yes (safer) -- prevents you from accidentally deleting important files.
[ ] No (easier)"

I suggested keeping it to that minimal level and having no default because we all know users can't read, don't want to read, and don't care about fine technical arguments (e.g., "is it really easier to just run as root", "is having a user-account really safer", etc). This presents the user with two basic choices: do you want your OS to be safer, or easier to use. If they want it to be safer, then the thing would go on and explain as briefly as possible the safety a user account provides:

"Account Name: _______________
Account Password: _______________
Re-enter Account Password: _______________"

Initially, I thought this was a pretty good idea. I'm not quite so sure anymore. Lindows is making a distribution for the average joe end-user guy who thinks Windows is hard to use. Is this really a choice that is necessary for that user to make?

Joel:
------------------
"Every time you provide an option, you're asking the user to make a decision...The problem comes when you ask them to make a choice that they don't care about."
------------------

So, the question is, is this a decision that the target audience cares about, or should be confronted with even though they don't care about?

dh003i
Monday, May 05, 2003

There is a user account option in 3.0.5, although I don't recall whether it was worded quite like you suggested.

Brad Wilson (dotnetguy.techieswithcats.com)
Monday, May 05, 2003

Therein lies the conundrum.  Do we allow users as individuals to impact the world as an entity?  By providing "easier" we give you the option to make all things easier including problems. 

Further, for those who choose "safer," when later things were not "easier" users would in effect "blame the system."

Why not the best of both worlds?  By default, the user account would be created.  When an application, event, etc. required an action, the system would automagically move them into adminstration mode, by requesting permission and expecting a positive response.  For example:
Instalilation of "XYZ" requires adminstration (root) priviledge.  Do you wish to continue as an adminstrator?
If they answer yes, the sudo or SU to root and go...

Of course, this would require two additional setup sets.
  1.  Do you wish to prevent SU for this account?
  2.  What password do you wish for the root account?

1 allows enterprise wide distribution and control, while 2 ensures everyone in the world does not have "sysadmin" as thier password to root.

Mike Gamerland
Monday, May 05, 2003

MacOS X works like Mike Gamerland describes, for what it's worth; if you try to do something which requires admin or root privileges, but you don't have privileges, an admin login prompt window pops up.  Very nice.

Here's how I see it:  Lindows is intended for desktop users, who will be the primary user of their computer.    Thus, I think it's reasonable to let them be root; if they mess something up, they're only messing up their box.

In other words, Lindows isn't intended for somebody setting up a server; it's for a single-user desktop.  So, let them log in as root.

Brent P. Newhall
Tuesday, May 06, 2003

As a developer who stuggles with the sh*t software written by people assuming you run as admin, please let me say that running as root is NOT a good thing. Most people don't even realize how much software absolutely refuses to run on Windows unless you're an admin, which is a giant security risk.

Brad Wilson (dotnetguy.techieswithcats.com)
Tuesday, May 06, 2003

Running as root is certainly not desirable. It allows people to create the sort of trivial macro viruses that plague windows for linux, and do some real damage with them. Since Linux systems generally have powerful interpreted programming languages like Perl and Python installed, the oppurtunities for hackers are pretty much unlimited. Add a broadband connection, and the hacker can commandeer your box for whatever purpose he wishes.

At least with user level privelidges, the only person you can really harm is yourself.

cdavies
Tuesday, May 06, 2003

But, again, we're not discussing a distribution intended for use on servers or by software developers.  It's intended for home desktop use.

Yes, running as root is dangerous for the user's data, but so is allowing the user access to "rm" without fully explaining that command's consequences.

The only "full" security is to keep your computer off.  Anything other than that requires some trade-off between security and convenience.

Brent P. Newhall
Tuesday, May 06, 2003

I take it back, the only security setting during Lindows 3.0.5 install is to pick a root password. There is a dialog that you see on first boot that lets you add user accounts.

Brad Wilson (dotnetguy.techieswithcats.com)
Thursday, May 08, 2003

*  Recent Topics

*  Fog Creek Home