Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows OSS Only For Administrators?

Posted by timothy on from the hey-buddy-you-gotta-be-an-admin dept.

Torsten writes "We all know it: it is no good idea to run Windows with Adminstrator privileges all the time. But when you use a normal user account, many programs will not work properly. I have recently recognised that even open source software has difficulties with the Windows rights model. Openoffice will continue to ask for registration until an Administrator stops it. Firefox will not install new search plugins for normal users and will not even tell why. FlightGear starts the configuration screen, but only an Administrator can fly. Have the OpenSource developers problems adapting the windows right model? Or does nobody bother being Administrator?"

9 of 101 comments (clear)

  1. It's not just OSS by yelvington · · Score: 3, Interesting

    It's not just OSS; Microsoft's own stuff doesn't necessarily work properly with restricted rights. The printer spooler on one of my home computers refuses to work, and in order to let my kids print anything, I had to turn off the spooler (which essentially hangs the computer until the printing is done). I have similar problems with peons and non-OSS third-party software, such as HP's software update tool.

    1. Re:It's not just OSS by Apreche · · Score: 5, Informative

      It's not just windows either. I always have problems trying to add extensions and search plugins to firefox as a non root user in Linux, and it hardly ever works properly. The problem is that applications are written in such a way that in order for the ordinary user to accomplish a simple task deep underneath there is a small operation like a file system write that must happen. As is in the case of installing an extension. What needs to happen is the application developers need to make sure that for any action which should be allowed for a non root/administrator user that there are no priveledged instructions to be executed.

      --
      The GeekNights podcast is going strong. Listen!
  2. Happens all the time by red_dragon · · Score: 3, Insightful

    If you spend enough time with NT-derived versions of Windows, you'll find that a lot of software simply assume that it is running under Windows 95/98/ME or require that you do some fiddling with permissions on the filesystem or registry to run properly. This causes me no end of grief as I try to keep our PCs sufficiently protected from stupidity while being functional enough to avoid receiving support calls.

    All of the examples given can be duplicated in commercial software. MS Office 2000 won't stop displaying the "please register" nag dialogue box until an admin dismisses it. Regular users can't install plugins in Internet Explorer either, although I guess one could set the plugins directory to Everyone:F, but that's big security hole. One little commercial programme we use here to track fixed assets won't run under a regular user account unless its registry key in HKEY_LOCAL_MACHINE is set to full access to everyone because it keeps running state information there. Nero Burning ROM will not burn dics under a regular account without installing an extra utility that grants disc burning privileges to admin-specified users or groups. Palm Desktop, even in its current iteration, keeps user data in its programme directory, which requires the admin to set the directory's permissions to Everyone:F - again, another gaping hole. The list goes on and on, and it goes to show that a good part of the crappy Windows user experience is caused by the lousy software that runs on it.

    --
    In Soviet Russia, Jesus asks: "What Would You Do?"
    1. Re:Happens all the time by QuantumRiff · · Score: 3, Interesting

      Textbook CD's are horrible. I'm the admin at a small college, and we run win2k in our student labs. Even the brand new editions of textbooks use Macromedia Authorware crap (really old versions, and some new) that will not run until they copy 2 files into %system32%. Of course, thats a big no-no to let student users have rights to this. If I manually copy the files into the directory, it still doesn't work, the program doesn't look to see if their already there. Even non-authorware stuff doesn't work right. I have a CD out of the back of a textbook that (from the CD) starts a java-based web server on some port, and then uses IE to connect to the web server. Of course, it can't write those registry keys, and it wants me to turn off all security in IE to run. It uses Active-X, so no go with firefox. .. I could understand this crap on an older textbook, but of few of these came out just this term, and they still expect everyone to be running Win98. If you call up the publisher, their solution is always to add users to the administrators group. .. idiots..

      --

      What are we going to do tonight Brain?
  3. Backwards compatibility by kawika · · Score: 3, Insightful

    Windows 9x apps could drop files anywhere they pleased, and they did: the Windows directories, app directories, the root of the drive, you name it. Windows NT/2K/XP solved this issue with the "Documents and Settings" area, and that's supposed to be where apps put their temp files, logs, databases, and other data. But most 2000 and XP systems loosen security to make old apps work. (How could apps write .INI files in the Windows directory otherwise?)

    Since old apps don't break, developers are tempted to follow bad examples or old habits. It seems like the only way this would change is if Microsoft shipped XP as secure by default--the default user would not be an admin, and NTFS security was set to prevent writes to Program and Windows dirs. That would cause a massive support headache.

    The Windows Installer docs have some guidelines on where things should go for best compatiblity, but of course a lot of people use other installers and those may not try to enforce any rules. This doesn't seem to be an issue that Microsoft is crusading about, but maybe they should.

  4. The solution I used... by TheSHAD0W · · Score: 4, Interesting

    There were a few issues with my software that needed me to consider multi-user access under Windows, especially as I was adding new features; when these features finally came to fruition, I modified my software, sticking preferences, application and temporary data either under the user's "Application Data" folder in "Documents and Settings" in Windows, or in a dotted directory under *nix. I thought this was an elegant solution.

    So what happened? People yelled at me. Why was I polluting their system, putting files all over the place? Why couldn't I have kept it the way it was?

    You just can't win...

    1. Re:The solution I used... by Anonymous Coward · · Score: 3, Insightful

      Thanks for the great BT client, works great out of the box, no tweaking necessary and it complies with the windows idea of where app settings and the like should be stored.

      You're absolutely right about it being an elegant solution. Ignore the naysayers and keep up the good work.

  5. Openoffice by Anonymous Coward · · Score: 5, Informative

    If you had read the documentation, you would know that in order for Openoffice to run as a normal user and save your settings, you have to run the install as "setup.exe -net" -- just like you have to do in Unix.

  6. Mozilla Bug 232638 by Noksagt · · Score: 4, Informative
    You are absolutely wrong. The location of search plugins and extensions is distribution-secific. On my distro you can install extensions to:
    ~/.mozilla/firefox/default.{profile}/extensions
    which means individual users can install their own extensions (which I believe is what you refer to).

    Search plugins, which the story refers to on win32 & which I refer to in my response, are installed to the installation folder. On the box I'm currently on, that is:
    /usr/lib/MozillaFirefox/searchplugins
    you have to install as root with the default permissions.

    This is a known bug: look at bug #232638:
    https://bugzilla.mozilla.org/show_bug.cgi?id=23263 8
    (no linky because they don't allow links from slashdot)