> Just wanted to throw an idea similar to the one from Sean Collins. > > What about introducing a per-user partition diff at the file system level > above the actual system partition? > There would be one system partition for all users, > which only the administrator would be able to access directly. > Then, for each ordinary user there would be an intermediate diff-layer, > which allows transparent reading from the system partition, but redirects > written contents into a separate "home"-location. > Subsequent reading of the same contents through the diff-layer would then > return data from the diff-layer first, but would fall back to the system > partition in case the data wasn't present. > >>From my POV this approach would have the following advantages: > 1. The physical system partition is totally secured from unauthorized > modifications. > > 2. Existing applications wouldn't see any difference and wouldn't have to > be modified, however would work with multiple users. > > 3. The approach could easily be extended to support user-groups, > by means of a layer hierarchy. > > 4. One could always start with a fresh user account whenever the old one > is messed up and see the original file system. > > However, I see the potential problem with the performance and storage of > such an approach as well. I see some 'let's be different just for the sake of it' talking here. With a good package manager, user permissions (preferably ACL, not Unix ones which are too limited), it is pretty hard to mess up the system. The diff-layer approach sounds like it has the following problems : * performance : BeFS is already slow, let's not add more to it. * fiability : if the system is updated, how do you ensure coherence of the upper layers ? * ease of use : wheer is my data actually stored, if I need to backup it ? Our directory structure is quite good, with system/ holding the system stuff and users/ holding the user's stuff. It's simple, it's easy, it's efficient. Using things like a FS layer is just trying to hide the mess. Let's rather make it clean in the first place. I like BeOS/Haiku for the same reasons I like Amiga : it's simple in its architecture, yet it gives all the power of the computer to the user. You can understand what's going on, and you don't have to mess with weird bash commands and settings files. The multipartition approach (be it layered or not) does not actually brings you any security. It's not because user can't see the data, that malware can't see it either. The more complex the device, the more flaws it will have. Let's keep it simple. A "user" folder for each user, storing settings for all apps, and documents. A system folder with binaries, and restricted access. Maybe it should have a password, maybe the user could allow apps to touch it on an app-fingerprint based system (but I see security problems with that). -- Adrien.