Component style multi-user allowance options

I like others suggest going multi-user, while many people maybe fine with a single user account with a system password, need I point out that there are computers that service more then one individual and number of those individuals would like to keep their private information, private from the other users?

That aside, I propose having account settings for multiple user allow a more thorough customization. What I mean is allow for separate allowances for say updates installation Program installation, and other admin features to create custom admin accounts. Example you could allow the normal accounts to apply updates but not install regular programs or mess with system files. You could create a Light Admin account that can install programs, apply updates, but can’t touch system files, and of course you can have the root like account or you can have regular accounts not be able to apply updates and so on. All the options would be selectable from account settings, all admin options would need to be set by the designated super/root account (or the system password prompt would need to be satisfied if the account making the modifications is set for it), so you can mix and match. Their could also be a setting for prompting a system password for those who want to structure their account system so there is only one user with a system password. Going this route would most certainly be a better option as it gives the user/owner control over how accounts are setup and what they can do and how many they’re are. Additionally it could be made so that applications can be allowed and/or not allowed to be used by certain accounts. My 2 cents.

I like what you suggested. I just want to add that I think some kind of validation for any kind of admin stuff should be absolutely mandatory. New applications trying to access the network should also need validation for that. Applications being able to do just about anything (As long as you’re on an admin account) without even asking the user for permission first, is a security issue IMO.