FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Desktop

 
 
LinkBack Thread Tools
 
Old 03-27-2008, 05:31 PM
Les Mikesell
 
Default few ideas how to make fedora better as a desktop

Shawn Starr wrote:
I'm not advocating anything that would break things. But I believe the
LSB is failing because its not keeping up with Linux's rapid changes.
So, while I think the LSB is a nice idea, It's more marketing to me than
anything.




Please explain why any file has to move to keep up with Linux changes.
File locations themselves have always been arbitrary and within a system
one place is just as good as another. The LSB has value exactly to the
extent that every distribution follows it to the point that 3rd party
software will work without regard to the distribution and I don't see
that happening without installer contortions yet. Other changes
without backwards compatible symlinks just break things and are annoying.


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 05:49 PM
"Shawn Starr"
 
Default few ideas how to make fedora better as a desktop

> Please explain why any file has to move to keep up with Linux
> changes.

Nothing has to move, if we just change the system configs that set $PATH to include /sbin and /usr/sbin nothing needs to change.


> File locations themselves have always been arbitrary and
> within a system
> one place is just as good as another.

This I disagree, that was not the case originally. It is arbitrary today because it doesn't really matter anymore/or care.

> The LSB bas value exactly to the
> extent that every distribution follows it to the point that 3rd party
> software will work without regard to the distribution and I don't see
> that happening without installer contortions yet. Other changes
> without backwards compatible symlinks just break things and
> are annoying.
>
> --
> Les Mikesell
> lesmikesell@gmail.com
>

The LSB is useful for commercial distributions not really for free distributions. I don't see commercial vendors releasing software for Fedora because it changes too much, they can't test against it changing every 6 or so months. I experience this every day here at my place. 3rd party vendors do not like rapid changes especially mathematical applications that are particularly sensitive to GCC optimizations, GNU libc, and GNU libstdc++ changes. The LSB doesn't go far enough to guarantee such it only gives a ABI/API compatibility. This becomes critical when your math library is off by 0.06 fractions, ask FLUENT this.

Shawn.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 06:21 PM
Les Mikesell
 
Default few ideas how to make fedora better as a desktop

Shawn Starr wrote:


File locations themselves have always been arbitrary and
within a system
one place is just as good as another.


This I disagree, that was not the case originally.


OK, when tiny disk drives cost $10,000 and had to come from the same
vendor as the CPU, and you couldn't boot from anything else there was a
reason to have /bin and maybe /sbin separate. But that was in some
other century.



It is arbitrary today because it doesn't really matter anymore/or care.


But all the good scripts linger on, so backward compatible symlinks are
a good thing.


The LSB bas value exactly to the
extent that every distribution follows it to the point that 3rd party
software will work without regard to the distribution and I don't see
that happening without installer contortions yet. Other changes
without backwards compatible symlinks just break things and
are annoying.





The LSB is useful for commercial distributions not really for free distributions.


It seems very counter-productive to me for free distributions to spend
all their time packaging up trivial variations of the same thing too.



I don't see commercial vendors releasing software for Fedora because it changes too much,


That's a problem in its own right, for every software developer -
nothing special about commercial vendors in that regard.



they can't test against it changing every 6 or so months.


Who can?


I experience this every day here at my place. 3rd party vendors do not like rapid changes especially mathematical applications that are particularly sensitive to GCC optimizations, GNU libc, and GNU libstdc++ changes.


And that's a surprise?


The LSB doesn't go far enough to guarantee such it only gives a ABI/API compatibility. This becomes critical when your math library is off by 0.06 fractions, ask FLUENT this.


No one likes math errors. Isn't there a test suite for that sort of
thing that would work at least as well as fedora users?


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 06:30 PM
"Eric Mesa"
 
Default few ideas how to make fedora better as a desktop

I've been following this sporadically, but if the issue is, as I believe it is, whether a regular user should be able to run the programs that we usually save for root, then I say, "have you gone nuts?"* If you want that, go use windows.*


On Thu, Mar 27, 2008 at 1:40 PM, David Mansfield <fedora@dm.cobite.com> wrote:



On Thu, 2008-03-27 at 12:27 -0500, Les Mikesell wrote:

> Ralf Corsepius wrote:

> >

> > The last part of your sentence is the key. /sbin and /usr/sbin exist to

> > keep tools out of ordinary users' PATH.

> >

>

> Which made sense when every machine was expected to have an

> administrator to do the complicated stuff for you, but fedora doesn't

> ship one.

>



Or maybe it existed to keep path search times down for users who didn't

need those extra programs there...



Of course, we now have 3123 programs in /usr/bin on my F8 system.



David





--

fedora-devel-list mailing list

fedora-devel-list@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-devel-list



--
Eric Mesa
http://www.ericsbinaryworld.com
http://server.ericsbinaryworld.com

"Do not worry about those things that are outside of your circle of influence. For since they are outside of your power to control them it is simply a waste of time and energy to dwell on them. Instead, turn your attention to those things that you can control and grow your influence in those areas and you will see the effects begin to trickle out to those items that were previously out of your power to influence." – Eric Mesa inspired by Covey's 7 Habits of Highly Effective People
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 06:47 PM
Les Mikesell
 
Default few ideas how to make fedora better as a desktop

Eric Mesa wrote:
I've been following this sporadically, but if the issue is, as I believe
it is, whether a regular user should be able to run the programs that we
usually save for root, then I say, "have you gone nuts?" If you want
that, go use windows.



Don't confuse permission to access the things the programs typically
affect with the finding the programs in your PATH. No one is suggesting
that the concept of root authentication should go away. Just that the
difference between doing "su' and "su -" be less confusing and that
typing ifconfig should show a user his ip address, not

bash: ifconfig: command not found

--
Les Mikesell
lesmikesell@gmail.com

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 06:53 PM
Simo Sorce
 
Default few ideas how to make fedora better as a desktop

On Thu, 2008-03-27 at 14:47 -0500, Les Mikesell wrote:
> Eric Mesa wrote:
> > I've been following this sporadically, but if the issue is, as I believe
> > it is, whether a regular user should be able to run the programs that we
> > usually save for root, then I say, "have you gone nuts?" If you want
> > that, go use windows.
> >
>
> Don't confuse permission to access the things the programs typically
> affect with the finding the programs in your PATH. No one is suggesting
> that the concept of root authentication should go away. Just that the
> difference between doing "su' and "su -" be less confusing and that
> typing ifconfig should show a user his ip address, not
> bash: ifconfig: command not found

If I can add on the topic, on debian there has never been a (noticeable)
difference between su and su -, and ip addr or ifconfig works as a user
without having to prepend /sbin or /usr/sbin IIRC

I find often quite annoying that it does not work the same in Fedora/Red
Hat distributions, and never seen anything break because of that.

Anyway it should be taken in consideration whether current Fedora users
would be annoyed by the change. IMO it should not cause any problem of
sort, as it does not introduce obstacles and does not influence (I
think) how stuff works now. It just makes things smoother, but that's
taste.

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 06:59 PM
"Jeff Spaleta"
 
Default few ideas how to make fedora better as a desktop

On Thu, Mar 27, 2008 at 11:47 AM, Les Mikesell <lesmikesell@gmail.com> wrote:

Don't confuse permission to access the things the programs typically

affect with the finding the programs in your PATH. *No one is suggesting

that the concept of root authentication should go away. *Just that the

difference between doing "su' and "su -" be less confusing and that

typing ifconfig should show a user his ip address, not

bash: ifconfig: command not found


There are more subtle issues here as well.* Sure some individual binaries are useful if you arent the administrator. How many binaries in /*/sbin/ are currently still setuid root?* Do we need to continue to take some care with those binaries by giving local administrators a way to easily wall off those binaries in a directory that users can't get to by setting strict directory access permissions?**


If we are going to clean things up and stop separating the path with an intent to give access to things to users, we need to take a harder look at this all the binaries, not just the few we know are useful for informational purposes.



-jef


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 07:32 PM
Chris Adams
 
Default few ideas how to make fedora better as a desktop

Once upon a time, Jeff Spaleta <jspaleta@gmail.com> said:
> There are more subtle issues here as well. Sure some individual binaries
> are useful if you arent the administrator. How many binaries in /*/sbin/ are
> currently still setuid root? Do we need to continue to take some care with
> those binaries by giving local administrators a way to easily wall off those
> binaries in a directory that users can't get to by setting strict directory
> access permissions?

bin vs. sbin is not at all a security measure, since users can already
run things in sbin just by using the full path (or adding the sbin dirs
to their PATH).

My F8 system has 12 setuid and/or setgid binaries between /sbin and
/usr/sbin.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 07:54 PM
Alan Cox
 
Default few ideas how to make fedora better as a desktop

On Thu, Mar 27, 2008 at 02:21:13PM -0500, Les Mikesell wrote:
> OK, when tiny disk drives cost $10,000 and had to come from the same
> vendor as the CPU, and you couldn't boot from anything else there was a
> reason to have /bin and maybe /sbin separate. But that was in some
> other century.

Go back that far and you are talking about bin versus usr.

Historically bin was on the fast fixed head disk and usr/bin on the moving
head disk.

sbin is a SunOS era invention that exists essentially because they didn't
have a nice mechanism to boot a box and recover it if you broke the shared
libraries (and they were quite fragile)

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-27-2008, 07:59 PM
"Jeff Spaleta"
 
Default few ideas how to make fedora better as a desktop

On Thu, Mar 27, 2008 at 12:32 PM, Chris Adams <cmadams@hiwaay.net> wrote:



bin vs. sbin is not at all a security measure, since users can already

run things in sbin just by using the full path (or adding the sbin dirs

to their PATH).

By default its not... but on a multiuser system you can restrict access the sbin directories
limiting access.. in a way that package updates don't revert your changes.

If our intent is to expose these binaries, and encourage a culture where normal users can expect access to these paths and the binaries in them, then it would make some sense to be sure we aren't creating an additional admin burden that forces admins to re-restrict access to paths that Fedora users come to expect.... for the sake of limiting access to a handle full of setuid'd binaries.*



-jef



--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 07:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org