Modern multi-user paradigms also have very weird ideas of what’s shared. Like, installing or updating software is the same permission tier as accessing another user’s documents, wtf?
Super user is super user. It can always access anyone's files. Allowing unrestricted access to super user essentially destroys any sense of security.
You can very much allow only access to certain commands under super user, e.g. only allow users to run pacman. Of course now you are trusting that said commands won't leak the permissions.
I agree that it's a mess.
My personal and biggest issue is not even across user boundaries, but inside a single user.
What do you mean my Firefox client can read my .ssh files???
I almost linked that in my ggp comment, but really I’m making the opposite argument as the comic.
Either way you slice it, though, it’s clearly a huge disconnect between what is important to the human using a system vs what is important to the system itself, and the relative lengths gone to to protect those two sets of things.
To me, a "modern multi-user paradigm" is Nix with Home Manager. Where most of my software is installed in my user's environment and not on the system level. Thus, if there were another user on the same machine, we could each manage our own software and updates without affecting the other.
> Like, installing or updating software is the same permission tier as accessing another user’s documents, wtf?
To some extent, yes. If I can install software of my own choosing on basically any normal desktop OS that will appear to other users of the system as "LibreOffice", "Firefox", etc. then I more or less have access to all their data.
MacOS is starting to sandbox applications but not by a lot, and of course Windows Store sandboxed apps are more or less dead in the water.
Do not mix Windows Store (UWP) sandboxes, with Windows sandbox, which not only is pretty much alive, is making its way across Windows 11 updates since last year.
