Yea, I'd like to see a system where each application runs as its own user, especially third party applications not vetted by the OS vendor, the package manager and so on. Maybe this already exists--I think it would be a good step forward for security and privacy.
You can no longer trust 3rd party applications to stay in their lanes. Running an application with full access to everything that I as a user have access to seems insane in 2024. Ideally, I don't want a third party application to read or write anything outside of its "home directory" without my explicitly giving it permission. That includes files on my filesystem, network shares, hardware devices, everything.
u would either need to statically includw everything in the binaries all the time causing huge files everywhere, or use something like bsd jails. both is doable. then it is still possible to access the kernel though. so its highly impractical. as other guy pointed out Android somewhat works like that, but lots of malicious programs also exist for that..
In the early days, nowadays not only it does that still, it also has LinuxSE and seccomp enabled, and Linux drivers are seen as legacy, modern drivers run out of process as well, on their own accounts, talking via Android IPC with the kernel.
Stop running 3rd party propietary crap. Problem solved.
Better: separate your work, gaming/leisure and 'sensitiive' (banking) files with 3 different users.
Depressingly i think sharing computers at least in the western world has become a thing of the past. At the very least, sharing your main form of computing.
?? not all households have money to buy pc for everyone. for phones maybe (also less common outside of rich countries), but definitely not true for pc platform, for most of the world actually.. there a lot of pcs for the family still.
Right, in the sense of "the network is the computer".
Tangent: one of the most talented engineers I ever met gave an amazing (tho sadly company-private, unrecorded) talk about how the OS was his IDE. Kind of analogous... anyway, I like this type of re-framing or meta-level-shifting.
The days of multiple family members using the same computer are long gone. Do you ever log into anyone else's desktop/laptop, or does anyone else ever log into yours? That's what I'm getting at.
Yes, actually. My wife occasionally logs into my desktop and vice versa. But I take your point - it's far less common than it used to be, even if it does still happen.
A separate account for kids would make this cleanup unnecessary. They don’t want to screw it up for her, they just do what they think will help with their activities.
You can no longer trust 3rd party applications to stay in their lanes. Running an application with full access to everything that I as a user have access to seems insane in 2024. Ideally, I don't want a third party application to read or write anything outside of its "home directory" without my explicitly giving it permission. That includes files on my filesystem, network shares, hardware devices, everything.