Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 12357 ideas, 58479 comments, 1187050 votes

Idea #10644: INSTALLING WITHOUT ROOT



up
-49
down
Written by elie the 3 Jul 08 at 06:49. Category: System.
Related to: Synaptic package manager. Status: New
Description
There should be a standardized way to install applications to one user account only, without the need for administrator/root/superuser password authentication.

Many, many programs, from movie players to text editors to video games to business utilities, could easily be installed without exposing the whole system. So why pose a security threat for no reason?

In the spirit of Linux/UNIX, users should be able to do a lot of things without affecting the core system or other users. And users often want or need to run new programs for whatever reason.

So, there should a standard install folder for each user, such as:

/home/username/.installed-packages

The subdirectories in the folder would be like all the typical system directories, such as /usr/bin and others. These directories would also be added to the list of places that bash looks for commands.

There could also be a folder for third-party installs for all users:

/public-install

which would have chmod 777 so that any user can install and run software that other users can try too. And of course any user can mess up the folder, but that's okay because it wouldn't mess up the system, and no one would lose important documents (only downloaded programs).

Programs like apt-get or synaptic could be modified to install to these folders. The trickier part would be to set up a log of what packages are owned by who. User packaging should definately be kept separate from the classic root packaging.

And of course there are packages that should only be installed as root (such as system updates). But by making every program require root to install, it either restricts users or puts the whole system at risk. After all, it seems the only time a Linux system doesn't work is when someone did something stupid as root. So why not just avoid the problem altogether?

Attachments
No attachments.


Duplicates


Comments
oencke wrote on the 3 Jul 08 at 08:02
Sadly your logic is seriously flawed.

The divide between root and the normal user is the very reason why linux has so much less vulnerable to viruses than windows.
Installing applications into userspace opens them up to attacks through the user account. And that's a very bad idea.

Sorry.

Moderator droetker (Moderator) wrote on the 3 Jul 08 at 08:02
This would undermine the security system of the packet manager - but you CAN install local programs, just feel free to install under ~/bin - nobody can stop you.

You just can't install .debs - and that is good so.

Moderator droetker (Moderator) wrote on the 3 Jul 08 at 08:03
(I installed the whole Eclipse IDE under my homedir, and lazarus too)

elie wrote on the 3 Jul 08 at 08:34
Sometimes it works to unpack packages to the home directory, but there doesn't seem to be a simple way to do this, especially with multiple packages and dependencies. So I think that Ubuntu needs this option. With .deb packages.

Yes, system updates and changes should all be installed as root, there's no denying that.

But most of the time I want to use my computer for something cool, so I might download a new editor or game and see what I can do with it. These kind of end-user third-party applications DO NOT need to be part of the system. By going root for every program installed, this opens up many more opportunities for system attacks. Save root for when it's actually needed!

Auzy wrote on the 3 Jul 08 at 09:09
I think you'd probably be interested in my idea for non root APT installs into home directory.

That solves your problem whilst also providing the same level of security that is already provided.

oencke wrote on the 3 Jul 08 at 09:11
Installing an application as root does not mean that it will be executed as root. If you start a typical application (that was installed with Synaptic) as user xy, it will typically only have user xy's permissions. So there are no additional security holes opened. There are only very few programs that run with root privileges when started by a user.

Please get more familiar with the Linux permission/security model before you advocate severe changes to it. It was designed by very smart people who thought a lot about what they were doing and why it was necessary.

Auzy wrote on the 3 Jul 08 at 09:15
My idea doesn't have the same probs oencke. It wont work for all apps, but will work for a lot of them in a secure fashion

oencke wrote on the 3 Jul 08 at 09:30
btw, the intended directory for external applications not belonging to the core distribution/packages is /opt/ where you can put them into their own directory.
Install them as root, then the program files can't be harmed by any malicous code running with user permissions.
If you don't like the application, delete its directory within /opt/ and your system is clean again.
Your home directory is only for user data and user specific configuration files. If you have access to the root account on your system, use it appropriately and install applications to locations where they are safe from unintended modification.

elie wrote on the 3 Jul 08 at 09:46
oencke, what i'm trying to say is that I don't care if any malicious code harms applications I've installed. I can just download them again anyway. The much greater risk is that I'd sudo install a downloaded app and it would install something harmful to the whole system. Even if I don't RUN the app as root, it can still do something bad when installing. Or if broken or conflicting packages aren't dealt with properly, then the whole system is a big hassle to fix.

oencke wrote on the 3 Jul 08 at 09:57
That's why linux applications typically don't come with executable installers but as .tar.gz archives. There isn't any harmful code at work when you untar the archive as root and put the files within /opt/.
After this you start the application as a normal user and it can put its config files into your home directory.
There shouldn't be a moment where you have to run an untrusted executable with sudo.

elie wrote on the 3 Jul 08 at 09:58
Auzy, I very much like your idea. Adding local installing will allow regular users to do much more with the computer, without posing a security threat. Some Linux users (especially the advanced ones) forget that for fun, average people run programs, not system tweaks.

elie wrote on the 3 Jul 08 at 10:01
oencke, true that does work for .tar.gz archives, but what about .deb packages?

dinar wrote on the 22 Jul 08 at 11:21
as i know "deb" package can run scripts! .sh i think. so it is not safe.


Post your comment