[hjanssen]

This is why the concept of "granular permissions" is so important on modern pcs, and I personally think linux is severely lacking in this regard.

Flatpack et al. have improved this situation somewhat, but come with their own drawbacks. Linux needs a central application-level permission system like Android, where I can grant/revoke e.g. internet access to applications. Frankly, I should never have to use sudo to install anything in my daily life, that is unfortunately not the case with the common ubuntu install, and will probably stay this way for a long time.

[docandrew]

Yeah, for the most part today any user who is logged in is somebody I trust with the machine. What needs to be restricted is what _applications_ can do.

My browser shouldn’t ever be allowed to to write to /etc/shadow regardless of whether it’s running as root or not. AppArmor gets us part of the way there but the UI to make everything play nice is too difficult.

Android’s security model makes a lot of sense to me, and from what I understand it’s all based on top of normal UNIX user/group privileges, just with per-app users/groups. I’d like to see more desktop distros experiment with it.

[robertlagrant]

Could you have a system where each capability has its own group, and each executable has capabilities represented by their group memberships? Then it would be easy to build a UI on top of those groups to manage fine-grained permissions.