OT: Make a limited XP account without losing settings?

for

there

like

Windows

Yeah, the company had govt R&D paying half too. Would've been nice for me to meet unix a dozen years earlier than I did though ;)

Company was worried about security factors in that the unix box required a modem dialin setup for the supplier to admin the thing, management weren't too happy about that idea. Small company, no unix people there.

I think if I was selling a large linux based system now to a company without the admin expertise, I'd want remote access too. Save a lot of site visits for the typical set of issues a system might have.

Grant.

But these days it's easier to run a VM in one's favourite OS to access the other? Sure beats rebooting the one machine.

Long time since I tried Wine, happier with 'real' OS running on emulated hardware, when it's required. Most of my Linux work here is on the command line, so PuTTY access is fine.

For you, perhaps run WinXP in a VM on your favourite Linux distro? Two screens is good, run the VM on other screen, fullscreen.

VirtualBox or Vmware?

Grant.

Nothing wrong with that. For example, most CAD programs happen to have their lib files there and I sure want write access to that area. Which is one of the things that ticked me off with gEDA under Linux.

Forcing developers to alter their ways via OS limitations will inevitable forces their customers to upgrade. Meaning $$$. Which has obviously backfired with Vista and maybe Win7 as well. Many businesses I know hang on to XP for that reason, and so do I.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.

There is. Trouble is that windows is now trying to be unix like ("every OS wants to grow up to be unix"), and MSFT bolts on extra complexity to try catch up on secure environment.

I don't know gEDA. Under unix/linux, there are defined areas for read-only code (/usr), as well as application writable area (/var).

There's system areas and per-user areas. Very different to windows, and much better. One problem with Linux though is a number of apps want to treat it like a free windows replacement, which it is not.

WinXP (windows 5.1, Win2k was 5.0) had a lot of work done on it, but corporate greed means MSFT dumping support for WinXP to try forcing people to Vista (windows 6), didn't work, now windows 6.1 labeled win7 (yet more MSFT spin) to try again, may not work either, as MSFT has again extended deadline for 'downgrade rights' on new PCs shipped with Win7 --> MSFT claims a Win7 sale, while allowing the user to downgrade that new machine to WinXP.

There's no Linux Incorporated playing similar tricks.

Grant.

I think that UAC as implemented on Windows 7 (Vista was way too annoying initially) is actually a ...reasonable... way to go (although I think the Mac OS does better here). There's always going to be a fundamental problem that your average home users *does* need to be able to write to "Program Files" without being forced to jump through a lot of hoops, yet of course many an IT guys doesn't want *any* of their users touching it.

(Personally I tend to think many an IT guy wants to use technology to solve what are really policy problems, though. ...although it's become quite ubiquitous in society -- even *soldering irons* meant for production usage will now have special little electronic keys that the production supervisor retains so that the lowly production workers can't dare change the temperature. Sheesh! How was it we managed to build a spaceship to take us to the moon and back when we couldn't electronically prevent some guy working on the guidance computer from turning his soldering iron temperature up 25C more than he should have?)

At least your average Windows user understands that "program files" probably contains programs and "documents and settings" probably contains application setting. /usr? Unix system resources? What's that? /var? Variable? Huh? And what's this /etc directory think where all the "odds and ends" seem to end up?

---Joel

It is indeed somewhat moronic. But you see it everywhere. "Do not put fluorescent bulb in mouth and bite down" and things like that. Just because some ambulance chaser succeeded once. The topper on the news came yesterday: A kid died because it had reclined the seat, all the way down, her sister fell asleep at the wheel, crashed the car, kid got killed because the seat belt won't protect when you almost lay down in a car. AFAIK the family "won" $1.8M. I mean, how much does it take to realize that when the safety belt is flopping about in the wind it won't protect?

From a serious CAD user it can be expected that he or she understands the basics of file management. In fact, gEDA was written completely Linux-centric, ports to Windows have largely failed because some not so compatible code must have been employed (in laymen's terms). Yet even gEDA does what every CAD does, store libraries in program directories. Meaning user libs and non-custom libs get splintered up. What's wrong with allowing write access to the lib directory?

I don't want an OS to tell me what I can't and cannot do, just like I don't want a car to decide when to shift :-)

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.

The solution: no more reclining seats.

Why not a user-lib directory. If you want to place them in one pool (a naming convention nightmare), use indirection.

The problem is that if it can't tell you what not to do it can't tell any other program what it can't do either.

Oh, it can. All you need is to let the user set individual write access. It's not much, a library directory here and there, and so on. There should be stages, including access to everything. On their own risk, of course. Just like I want that on a car. Yes, I did force one into reverse at around 50mph, ran the engine up to the red rpms and came to a stop with an asbestos-stench wafting out of the clutch area. Full brake failure, pedal on the floor board. On a "modern" car that would have resulted in a hard crash.

Remarkably the transmission survived it even though it let off an awful grind when I forced it into reverse.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.

...

Where to start, we're way OT ;)

/usr is user programs, applications, lots of OS files there too, is read-only for normal users. Usually only root (admin) can write there.

/bin and /usr/bin holds most exec files, there's special places like /sbin and /usr/sbin for single user mode for special (admin) tasks like setting up how the machine goes multi-user after booting.

/var is writable area for system wide apps, apps also keep per user info in the user's area

/etc is Sorta like the windoze registry, except the files in there are plain text, and can be edited by root (admin, superuser).

The /etc tree holds the system configuration, sort of like windoze registry, but made up of plain text files, some arcane binary database with obscure access methods like windoze does.

A famous case (or story) is where US navy spec'd POSIX computer system to lock out MSFT, but MSFT added a few unix utilities to WinNT and thus ticked the POSIX compliance box, result was a battleship that used to lock up and need to be towed back to port.

Main problem with windows is that they don't segregate program text (read only) from program data. This is why you cannot get a windows live CD. You can get a Linux live CD because the OS is run from read- only area.

One needs to meet unix (or unix-like OS) and work with it for a while to understand the differences. I met unix in '97 when I went to uni to finally gain that 'paper', wanted to run unix at home and was told to go grab linux. Been running windoze and linux on multiple machines at home since.

I battled ms-dos for years at work, from my PoV it wasn't much better than cp/m for running text based apps like WordStar and cross-assemblers for the embedded controllers I was making on either system. A comms program to talk to other systems or their ICE box.

Batch files are so stupid, or rather, the command line so dumb, it was a battle to automate simple tasks. There must be so much productivity lost to MSFT's dominance of the PC world.

Linux is so much more powerful at the command line, for example I stitch some commands together to see who looked at my web page about that power supply with the high earth current tripping RCD:

~$ gawk '/\/ps-earth-current\/one/ && !/192.168.3.36/ \ {printf"%s %s ",$1,$2;system("ccfind "$5)}' \ /var/log/apache/access_log

2010-07-25 11:08:31 24.8.89.117 US:United States 2010-07-25 12:21:48 68.185.181.213 US:United States 2010-07-25 13:08:44 71.167.68.184 US:United States ...

'gawk' is the gnu version of Awk, named after "Aho, Weinberger and Kernighan", the authors. Yes, the same Kernighan associated with C language :) A standard programming or scripting language that is a simpler predecessor to perl.

'ccfind' is a shell script to lookup an IP's country code by referencing a memory resident database that I wrote in perl.

On windows you be hard pressed to write an ad-hoc database query so easily.

Grant.

Sure... and Linux (and every other Unix-type OS I know of) has this capability right "out of the box". It doesn't necessarily have a convenient GUI setup intended to make this a one-click operation, but as long as you're willing to get into the shell and type a command or two, it shouldn't be difficult.

The way I'd do this (if I wanted to, in a particular case) would be:

(1) Install gEDA or whatever program is involved.

(2) Use "addgroup" or a similar utility (or just editing /etc/groups) to create a "gedaguru" group. (3) Edit /etc/groups to add my user-ID to this new group.

(4) "chown root.gedaguru /usr/lib/geda" (or "/usr/share/geda" or whatever). (5) "chmod -R g+w /usr/lib/geda"

Voila. Now, when logged in under the proper user-ID, the user now has the ability to alter files in the gEDA library/share directory. Other users cannot, as they aren't members of the proper group.

As you say, "On their own risk", but I see no reason why it would not work.

Depending on what sort of package-install-and-update application a particular Linux distro uses, it might be necessary to repeat step (5) after updating the application, in order to keep all of the permissions as they should be.

I think that this sort of capability hasn't been automated (in any Linux distro I know of) because it files in the face of the standard Unix-ish paradigm, that such systems are intended to be multi-user, and should not allow what one user does to yngvi up what another person's use of the same application (e.g. by altering "shared" libraries).

If you're the only user on the system... well, have at it, and good health to ya!

--
Dave Platt                                    AE6EO
Friends of Jade Warrior home page:  http://www.radagast.org/jade-warrior
  I do _not_ wish to receive unsolicited commercial email, and I will
     boycott any company which has the gall to send me such ads!

[...]

Or find out that some crucial hardware you need for the job won't run on it ;-)

I liked DOS a lot and found that batch files were the best invention since pivot irrigation. I could schedule stuff to run at night and then take my wife out to the dance club.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.

Well that's plain stupid.

Question is, which lib directory.

The proper place for writable system libraries is /var/lib/$appname :)

For example, my Slackware-11 box has:

grant@deltree:~$ ls /var/lib arpd/ bsdgames/ elm/ logrotate/ misc/ mysql/ nfs/ rpm/ stunnel/ xdm/ xkb/

The program may create its own directory there and allow user access and writing. It's difficult to find an exception to the standard unix rules for basic layout (Sorry, I forget the exact name, hierarchical file system or similar) that's been around for a decade or more.

Simple, no?

Users may have private libraries under /home/username/whatever

There are standards out there that define a framework for these things, of course it is not rigid, as there's no Linux Incorporated controlling this stuff. Each application author has a choice of what standards to follow. A high end CAD system should follow the standard patterns for flexible target OS. (I haven't used CAD for 17 years, no idea what's what these days).

It's not about deciding when to shift, more about expecting the shift to have a standard H plus extras (reverse and fifth) pattern (or paddles, or gated semi-auto) and be roughly in the same spot (or two), within reach of the driver.

You know, standards, so many to choose from ;)

Grant.

Care to explain why?

xkb/

All I can say is that I asked in the gEDA group why I can't have the std libs and mine in one default place and the answer was pretty much, well, that I can't easily do that. And that I should just log in sudo.

But it didn't matter anymore anyhow because gschem bungles refdeses upon auto-annotate. That's a big no-no in CAD.

Well, I live with CAD for 24 years now :-)

I don't care which place they are in, or which side the steering wheel is on. As long as there is no automatic transmission.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.

Hmm, thanks, I used Linux. It's still on the computer here. I just wonder why none of the gurus pointed this out before.

But it is a bit cumbersome. In Windows you just set permissions for certain drive areas or directories and that's it. Then Joe has access and Jane doesn't, or vice versa. One just has to be careful not to muck with system stuff but that's pretty much in one place so it almost takes a deliberate act to step on that.

Health? Whoops, shouldn't have had the two burgers yesterday. But at least they were home-made.

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.

Linux is multi-user, there's system wide rules need to be followed so that the system can protect the users from themselves and other users.

Even when there's only one user account, that user is isolated from damaging the OS, simply by not allowing the user to write anywhere they please ;)

If you install and run a CAD program under your user area, you may do anything you like, as it has no impact on the system (apart from using resources). Stuff in your own area follows your rules.

But I'm guessing you CAD app didn't come as source, therefore you had no choice as to where it was compiled to run. and which directories it uses for data files.

This is a difference between Linux and windows. Under Linux, people compile their applications and have control over the app's runtime resource allocation.

If you're running some commercial binary, you're not fully in control of your own system.

Under unix or linux there's three places you might add an application, in the system area for all users, under /usr/local, again for all users, or create a ~/bin and run the app from user area. Most Linux apps distributed as source give you that choice, which is setup as a normal part of compiling the app for your machine.

The reason for compiling apps is that a machine might be big or little ended CPU, different system libraries, shell, *BSD, Linux or Solaris!

xkb/

That's the windows solution, run as admin all the time. We don't do that with Linux, it's bad for many reasons. And, by saying log in sudo, sounds like that *ubuntu windows wannabe nonsense? Indicates you don't compile the app (I guess it's commercial binary), thus have no control over where it wants to keep things.

I'm still trying to pick a freebie circuit and PCB CAD, only single sided and two-layer through hole plated required. The eagle size limit (80x100mm) is a wee bit small. No budget for CAD 'cos only hobby level that might grow, into something. And, I'm on low income, retired, sorta.

Last I worked in design, it was maybe 15-20% CAD for schematic and PCB, then software to define the product, often variations on same hardware for different product end applications. Then there was another product

30-40k lines of assembler that I worked on, off and on for nine years until the hardware was no longer produced. Started on cp/m box with 8" floppies and ended on a win3 box with hard drive and 3.5" floppies...

Fair enough :) My current car is auto, first time, I think I prefer manuals, that annoying delay, waiting for the transmission to decide it's time to shift...

Grant.

I'd wager that for everyone who compiles a *nix application from source these days, there are at least 99 who just installed a binary via Synaptic, RPMs, Yum, or some other package manager... are they "not fully in control" of their systems?

No, they're trusting the source of said rpm...

Grant.

Two things, mainly. First, your custom versions get trashed when the installation is updated. Second, what happens when two users both want to put different versions of the same custom library in that directory?

I can only assume that you don't have much experience with multi-user systems. Otherwise, it should be obvious why you don't let users write to system directories.

Oh, and /usr might be read-only during normal use (where read-only can mean anything from "mount ... -o ro /usr" to being a read-only NFS share to even having the write-protect jumper fitted to the drive).

The OS doesn't tell you what to do. The OS simply just ensures that the administrator can not only tell you what to do, but can even make it such that you cannot do otherwise.

The main problem with group-writable directories are:

1. Concurrency. Fred decides to replace some file, and first deletes the original. Which is a nuisance for Joe who was just about to load that file. On Unix, multi-user doesn't just mean being able to stop the kids from trashing your documents when they use the PC later. Having a dozen people all logged into the same system (and running GUI applications on it) is very much a real-world use case.

1. People creating their own subdirectories, and not giving other members of the group write permission. Files aren't a problem; anyone with write permission on the directory can delete a file regardless of its permissions. But subdirectories cannot be deleted unless they're empty.