On Wed, Apr 5, 2017 at 6:01 PM, Adam Williamson adamwill@fedoraproject.org wrote:
On Wed, 2017-04-05 at 17:32 -0600, Chris Murphy wrote:
On Wed, Apr 5, 2017 at 3:14 PM, Adam Williamson adamwill@fedoraproject.org wrote:
On Sun, 2017-04-02 at 09:44 -0500, Michael Catanzaro wrote:
Also: being able to install without authentication but not delete matches our behavior for system packages. I think it's silly to allow users to install stuff but not to remove it, but that's our status quo.
I thought the intent was that you should need admin privileges to do either. The only thing regular users are supposed to be allowed to do without admin privileges is *update* the system, though since that now requires a system reboot, I'm not sure even that should be allowed without auth any more.
Ick.
I want to see the OS and apps updated on a regular basis, by default, no user intervention. Just do it. I've tacitly given permission for this by installing Fedora already. It should be one of its responsibilities. Like cleaning up /var/tmp.
Well, it's about rebooting the system, not installing the updates.
Inhibit reboot if another user is logged in; disallow non-admins from forcibly logging those users out.
Otherwise, on a *workstation* there's no good reason to prevent a normal user from suspend, reboot, or shutdown. Of course a server is different.
Android phone, I can install an application and not be asked to authenticate anything beyond the lock screen.
But Android phones generally aren't multi-user devices. I'm only talking about *non-admin* users, here. On a single-user system, the single user is likely going to be an admin.
Sure.
But anyway:
Since forever, macOS has had ~/Applications where a non-admin user can install applications without authentication. Drag and drop. Done. Yes non-admins can reboot the computer, and shutdown, and put it to sleep.
Android does application autoupdates without asking me, by default. They happen whenever plugged into a charger. Thanks for not bugging me about routine things like this.
Also, this reference has some interesting points about Android multiuser behavior. https://source.android.com/devices/tech/admin/multi-user.html
* Each user gets a workspace to install and place apps. * Any user can affect the installed apps for all users. ## not sure what affect means, may not mean remove
My understanding of how a secondary user installs an already installed application is that it's basically creating a link; it's not literally downloading another copy of the binary and installing it.
Meanwhile on Windows with non-admin users, they're totally stuck. They have an inept admin, who lets them have 6 month old or older web browsers? They're fakaked. They can't update it. They can't replace it. They can't use a substitute. Proven failure when it comes to keeping things up to date.