Hi, > Errors at system install should not happen. If they do, it is not > unacceptable to need a reinstall to correct the problem. Note that > those errors, if they occur, are errors from the system developers, > not from the administrator.
Oh, sure, the system is either perfect, or it needs to be reinstalled... Why does that remind me of Windows? > He doesn't need access to security-critical parts of the system. On a > well-designed system, it seems to be possible to let users handle > their own data. The system administrator cannot touch that, and he > cannot touch parts that directly handle it (such as the hard disk > driver). The system installer made a choice for those components, and > booting from a different medium is required to change that. On > current systems administrators need the right to boot from different > media. This need not be the case on the new Hurd. They probably > still have that right, since the administrator and installer are often > the same person. But their responsabilities can (and should IMO) be > seperated. The administrator should not have rights that he doesn't > need for his job. And where do you draw the line? What about updates? What about changed requirements? What about migrating? What about custom modifications? What about security fixes? In practice, the administrator will *never* be completely distinct from the one doing the installation. (I know the problems from attempting such a seperation very well.) It would be pointless anyways, as there is absolutely no reason to believe the one doing the installation would be more trustworthy than the actual admin. More generally speaking, the admin will always have the means to screw the system if he desires to do so. Any attempt to limit his power will only hinder him in doing his job properly, with adverse effect on everyone involved: The admin, the users, their boss, and most notably the system that tries to enforce such absurd policies -- who would like to use a system that prevents proper administration? Having a system where a skilled admin has any possibilites he desires to intervene if something goes wrong, is the only way to go. And things going wrong is a reality, no matter how carefully you design your system. -antrik- _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
