Multi-user support

Wikipedia to the rescue: Parental controls - Wikipedia

You have not explained what you need any of the things listed in the Wikipedia article for. Open-source is about user freedom. Parental controls is the exact opposite of that. If you want to be a tyrant, what are you doing in an open-source community?

I am discussing with little tyrants wanting to push their sole and only view and cannot deal with opposite opinion

Multi user is a must have in corporate environment and a prerequisite. Not everybody is a tech savvy who manages his own work computer.
Parental control is a question of choice and will come because there are people who prefer active parenting to passive parenting.

Hope we can continue this discussion in a civil way.

Multi-user is something that can be implemented, while defaulting to auto login and single user behavior. I don’t understand why people resist that others have a use for it.

I think that sooner or later we will not be able to avoid user administration. Of course it’s easy to leave everything as it is, but there are many people, especially people with children, who like to separate what is for adults from what is for children.

And yes, of course, also very important in companies where the users have to be clearly separated in order to maintain security.

i would be satisfied as a first step if you could protect the computer with a password without overriding it via the task menu.

I grew up without parental controls and I turned out okay…ish.
Anyway, the feature amounts to a blacklist for websites and “apps” in the app store(which seems trivial). If whitelisting features were added, it’d be more useful than microsoft’s.

Multi-user is not just being able to share your PC with other people. If I’m running a web server (even just for development purposes) I don’t want the web server software to be able to access files in my home directory, and I definitely don’t want to run the web server as root. I need to be able to run services on a seperate user account.

Having an optional login password and lock screen, even without encryption, is necessary for mobile computers (laptops and tablets). I can imagine people don’t see the value on their home PC but a computer on the go should be secured.

Please keep an open mind: Yours is not the only use case for Haiku.

I imagine there will be push-back against this statement, as Haiku is a desktop operating system, and not for servers. Though I agree. Maybe a simple solution might be three users:

1. Desktop user, for GUIs, etc.
2. Root user for admin functions only
3. Nobody, a completely powerless user for servers, background applications which can only access files/dirs explicitly granted to this user.

Perhaps that would be an easier thing to implement vs. allowing any number of users, groups, home directories, etc.

Who’s to decide what I as a user want to be able to do. I’m a user and a developer. I would want to use the Haiku desktop, but also need to use my workstation to run services. Without this, I can’t use my computer.
It would be fine to use Virtual Machines to achieve this, but I would prefer having the ability to run things isolated on top of Haiku.

Agreed, there should definitely be flexibility. Ultimately, it’s a matter of time to implement this vs. everything else on the to-do list. Seems there’s also a ticket for it too: #17357 (app_server: Multi-user considerations) – Haiku

Haiku already has the UNIX multiuser support. There is nothing at all to implement in that regard. This already works. You can create a dedicated used for your webserver, set up some files with the right permissions, and run it.

The two things we don’t really have an option for yet are:

• Allowing multiple users to open graphical/app_server sessions. This is incomplete at the moment. It could be either simulttaneously (for example one local and one remote_app_server user, or several local users iwth different screens and keyboard/mouse)
• A finegrained permission system for applications. From the UI side it could look a bit ike what Android is doing: “allow this application to access your local files”, “allow this application to access your webcam”, etc. Probably this would all be managed from a central preferences panel where you can revoke permissions too? In Android this is (or was?) implemented by running each application as a different UNIX user, but only because that made things easier with the Linux kernel. Probably it is not needed to do it this way, and so this isn’t really related to multiuser support.

Android used linux namespaces in addition to this, i think a main idea is also that files in /sdcard are owned by specific aplications and can therefore be deleted on uninstall.

I think OpenBSD pledge could be a precursor to this: basically applications declare explicitly which functionality (syscalls) applications will use at startup, or during a main loop.

It is not so much a resistance to multi-user use, as the need for something that is more advanced than what already exists in other operating systems and that in the eyes of many is a somewhat cumbersome system, which smacks of obsolete that no one has ever really thought of a concrete evolution.
More than a resistance, it is the need to bring out something more advanced, which is also more user-oriented, more immediate and more consistent with most of the use cases, as I wrote a few posts ago, I don’t need to lock the whole system, but to lock only some small portions,
Imagine a house, there is the main entrance that has its own keys, whoever has the keys, can access the whole house … then there are door keys to other rooms … the bedroom, the privacy of the bathroom … are temporary small privacy areas, which are consulted quite often (in metaphor some cases of web browsing?) And then for the more secret and delicate things that must be kept and protected, and which are rarely consulted there is the armored safe.

This is the evolved part that I would like to see, at the hierarchical level of user experience.

At the same time I would like no application or user to run in the background without my specific consent and that what is running is always highlighted perhaps making it clear with a well-documented link that explains what it is for and what happens if you turn off that application (in the case of system background software, but the same practice would not be bad for software that is added), and this, for an extra level of security and resource efficiency.

Then I would obviously like an intelligent protection against destruction-deterioration of the system from both human and software errors.

And finally a separate management of access to software, who can install and uninstall them, who can use some and who others and so on, how long can these software be used for a session, ditto access to networks and some parts os, (data access and data areas) etc etc.

The hardest thing here is that we are thinking about something new system that does not exist yet, this is the real obstacle, to be able to imagine something really functional, simple and practical

^^^ Exactly this.

Seems exactly like sandboxing which is nothing new. You make it sound complex but all you want to run on your computer is nothing you didn’t specify. Does that include background services like DHCP, bluetooth and wifi management?
Truth is, in practice, you need user levels and groups to define and manage permissions… if you want to be at least a bit compatible with a large portion of existing open source software.

There’s no need to reinvent the wheel with an incompatible fancy new permission system, when existing systems can be implemented more easily. As long as service management can be done easily through a GUI, and third party services are not allowed to have root access, you can get exactly what you want without making something that does not work with any existing software.

It’s important, if Haiku is to be a serious alternative to existing systems, to have at least some compatibility with existing software. That includes making Haiku a good environment for common users, developers and power users.

I think I wrote but we did not understand each other, of course there is a need to reinvent the wheel! as the wheel after years of using it seems uncomfortable and outdated, now there is the possibility to reason to think about the possibility of alternatives, what do I know, maybe levitation or something like that? and then you do it, of course this phase is certainly not easy, but it is fascinating, and if we could “find something better than the wheel” … then yes it would be blow of the mind … I hope I get the idea…
…Otherwise, if we have to reuse something that is equal to any os that already exists in circulation, then we might as well continue to directly use any other os that already exists and is well complete …

We have the great advantage of seeing what’s in circulation, the advantage of taking the best of what’s out there, but we also have the possibility and the duty to improve what doesn’t sound so advanced …

You understand? this OS, attracts even in its slow growth, because when it is complete it will be something truly innovative

p.s. Android for example, they are also thinking about evolving the multi-user/permissions system in their latest versions of the os …
This means that they too feel this multi-user obsolescence … currently their solutions is still a bit cumbersome, but version after version, they are coming up with something really advanced and convenient.

This is not a general truth. The general truth is the user levels and groups are abused to the extreme in nixes. The general truth is they try to partition the resources with this inadequate solution from the hazy '70s. I see no point replicating this and would better use a single user system instead of that tragicomedy sold as wise solution.
Thanks but nope.

Building a user system not with unix groups is possible without explicit support from applications, this is in essence what the namespace functionality, jail functionaliy on FreeBSD and zone functionallity on illumos does. You provide applications with their own enviroment and limit interactions with specific system components (like files on the disl)

As a user I do kind of want the user functionality, i mostly dont care about groups at all.

As a network administrator one might want more finely grained permissions though (say, for a school, where users or accounts are inherently a networked thing)

I made GUI user management utility some time ago.

Couldn’t you do that remotely? Managing an os suitable for servers through an os suitable for desktops is already pretty common. Maybe a “universal operating system” is a bad idea.