[SolarNet]

There are, it's called users, and groups, and file permissions. Applications like steam should really be running under a separate user so they can't write to personal files (and maybe just have read permissions). But of course proper application isolation and file permissions is something few people do correctly on their personal machines, let alone know about.

Window managers don't make it any easier, and I put a lot of the blame on them for not making it easy to configure applications to start under different users.

[Arnavion]

Steam shouldn't run as its own user. It's a user-level process, not a system process. It needs to have user-specific things (install directory, save games, etc.) that need to be accessible to the person using it. Separating processes into users is only one method of sandboxing, and not appropriate in this case. Sandboxing via mechanisms like SELinux is the correct solution.

One of the users in the Github thread even mentions how SELinux prevented the same thing from happening on his machine.

[SolarNet]

Yes you are of course correct about SELinux!

I actually separated Steam into a sand-boxed "steam" user account. But maybe that's because I learned Unix on BSD and never included SELinux or how to use it (and it isn't obvious from a desktop user accounts perspective), I should probably check that out.

[digi_owl]

SELinux seems like a case of hunting tweetie birds with 88s...

[angersock]

should get better once systemd has steam integration

[gizmo686]

It seems like the direction Linux is going (albeit slowly) is to use selinux instead of different users for this type of isolation.

[SolarNet]

Yes, however linux supports this sort of security right now and has for many many years, and properly used would have prevented these mishaps. More than backing up their data, I blame the users for being incompetent users of computers in general.

[gizmo686]

Linus supports selinux right now, the only issue is that applications ship with policy about as often as they create their own user (actually, maybe a bit more often).

[SolarNet]

I'm saying that people can set up this policy themselves. I'm not saying steam should do it, I'm saying anyone can do it for any application they install.