Where Jaysen tries to explain user space at a high level.

“User space” comes from the concept of segregating system resources (OS and global) from activities and resources executed/owned by a user of a compute system. The idea has several key points:
• Protect the system from intentional and unintentional damage by the user.
• Protect users from each other.
• Ensure that removal of a user can remove all associated user specific assets
• Provide flexible restrictions on resource consumption for EACH user independently

The user space concept is generally thought of being applied to the following resources
• Disk
• Memory
• CPU time
• Network IO utilization

A good illustration of user space from our everyday world is a typical, multi-company office building. Many office building have an area open to the public (a web server operating in public user space or a highly restricted user space). To get past that point (login) you need an ID badge (user name/password). Most people will have restrictions on where they can go, what elevators they can use, and even what doors they can open on floors they have access to (general user space). Some users, janitorial workers and floor supervisors, will have much more access but will likely find some areas off limits (application administration or limited privileged user space). Then there are the building maintenance crew, owners, and inspectors (NSA anyone), they have unrestricted access to the building (global user space with no restrictions). The actual structure of the building, concrete and iron, is not reachable by any users (the real global space) and is entirely off limits. A user can “penetrate” the building with a screw to hang a picture (install an option in global space) but the screw is usable extension of the building that anyone with access to the room could use (global space providing a feature for use in user space).

Let’s bring this down to OS operational theory. We can provide a more secure environment by tightening the access a user has to global space and only allowing users to operate in user space. In a mac, this would be running an app from your home directory instead of from the applications folder (this isn’t entirely true, but let’s make this easy and believe that it is true). All disk space, RAM, and CPU used is directly connected to the sure. In systems where you are not administrator, this is how apps are installed. Alternatively I can install the app in global space, which we call “applications folder” on a mac and the disk usage is now global and not user. But since I use the feature as but clicking on an icon all CPU and RAM util is in user space (my UID is shown in the process listing).

Let’s fast forward to our globally installed Safari browser with JVM version reported differently than the OS version… A JRE (Java Runtime Environment) can be included in the globally installed Safari package. Like a screw in an office wall, the only way to use that JRE is to access it from Safari. Most apps know “look for a global version before using my personal version” (do we have an office coffee pot or do I need to have one on my desk?). When this “use my own” happens you can find yourself in the situation where an app says “yep, I have java” (coffee pot on my desk) but in user space there is no java (the office does not have a public coffee pot).

Like the tied between Java the app and Java the drink there? It hurt my head coming up with that.

This is a backward look at user space execution and resource use, but it is a starting point. We can get “down and dirty” if wanted, but nom has waited long enough for this explanation. Let me know if anyone wants more drivel and we can dig deeper.

To all the tech folks screaming at the screen, this isn’t for you. I’m fully aware of all the inaccuracies and outright WTF in the above. This overview is for the non-tech out there and if you think about it, it does explain both user space and embedded resource use “good enough” for the non-techie.

So Bill asked for coffee, and Safari looked at his desk while Chrome looked in the staff room? Huh! I thought all this system management guff was technicated, but it turns out you just need to where you left the coffee.

Flippancy aside (briefly, I can only hold back the tide so long), I appreciate the metaphor and the effort. Bonus points for the java reference (at least one person liked the link, so the headache was worth it).

Thanks Jaysen. So would you advocate having different users set up even on a single human device?

I’m hopefully going to be buying a new computer at some point in the next few years, and my options as I see them are:

  1. same as always
  • a single account with full admin privileges that is used for everything.
  1. separate use from maintenance
  • an admin account which is only used for installation and setup (ie initially, and then rarely)
  • a user account in which all actual activity is undertaken
  1. separate accounts by use type
  • an admin account which is only used for installation and setup (ie initially, and then rarely)
  • a user account for work activities
  • a user account for writing activities
  • a guest account for when people ask ‘can I look something up quickly on your laptop?’

threads like this one should carry a PUBLIC HEALTH WARNING/MIGRAINE ALERT!!!

My practice here is what is usually advocated for Linux users: one admin account, and one user account.

I am on a Mac but still follow this best-practices model. I can do most admin tasks from the user account - all I need do is type in the admin name and its password (I assume this is a sort of sudo temporary privilege). There are only a couple of tasks that require me to log in as the admin account, and I do that once a week in order to clean things up and run those tasks. Otherwise I can do everything in the user account I want to, with the added security.

OSX has the option of a guest account, so no guest account need be created.

  • asotir

Nom, the post was geared toward you and I assumed a passing knowledge of OS operation and no underlying theory. This is good as that make you a “more normal” human. That the coffee/java thing worked means that I’m getting better at this writing thing!

Mr Piggy, It depends on OS type, who the users are, and how much you care. Being that you frequent MS, conversations on user space, access rights, and security are completely different that the *nix operational theories frequently discussed. That said, recent versions of Windows use a user space/security model much closer to *nix and so some of it is transferable.

That out of the way…

On MS you can’t do much without full admin rights. It is better these days, but other than basic usage of programs a full restricted account is useless. I suggest a “usage” based approach where users are defined by “allowable actions” not expected activities. While you clearly need a full admin account for OS management and app installation, your daily use may only be IE, scriv, and Outlook. In this case your main account might actually be a full restricted account. If you have games you will likely need a more open permission model but not full admin. Good luck figuring out the exact permissions, but create a user class for that account and use that login for game play. On and on.

On the other had, this is all a huge PITA. How much time/need is worth the increase in security? In my case I only ask one question: Do I trust this person? If I answer “yes” I create an account for them with pretty open permissions. If I answer “no” I ask them for $600, go to Walmart and buy them their own system to screw up.

So basically your #3 is ideal, but only if you really have time or feel the need to be paranoid. In practice I do #1 with each PERMANENT user getting their own account (prevents folks from accidentally deleting emails, files, etc). #2 is smart, but in reality of no real advantage.

As to your question 3.4 point, you should always answer “no”. I don’t let my wife use my phone or my computer. If she can’t use it, neither can anyone else. My rational is simple: You break them, I am unable to make $$. Then again, I’m a jerk.

Not sure I really answered you.

Thanks Jaysen. Good metaphor, good post.

Thanks Jaysen!

Walmart snot an Apple reseller… isit? :confused: :frowning:

Yes. No. You can get iPad and other non-osx apple products at Walmart here (in the US). An iPad is perfect for the average user who is never going to care about the missing “full functionality” in iOS. You can also get the full array of MS compatible devices as well.

Wassat!? :confused: D’ y’ mean, 's like being drunk? :blush:

On my Macs, I used to do like asotir, but since my wife has had her own MBP and iPhone, and she has a rather “open” iMac, I only had the admin account, as no one else would be using my machines. Upgrading to 10.8.5 has re-installed a guest account … I suppose I’ll just leave it there in case my daughter ever needs to use the MBA when with us to look up something on the internet.

Mr X

Good post and analogies.

I always like using one that goes likes this.

Student = Limited access - expect ignorance and mistakes so limit responsibility without too much impact on productivity. (think low tech users)

Teacher = Granted more access because they know more and can grasp the responsibility of those decisions. They have access to the Teachers lounge and have keys to doors students are not responsible enough to see (grades, tests, etc)

Principal = Administrative tasks - can revoke users and teachers access and responsibilities. (Think Administrators)

Janitor = Has keys to everything but limited access to many things. They have access mainly for maintenance and keeping things cleans or installing new items like furniture or lights, etc. (Think limited admin for software installation and IT Maintenance.

The Fucking Police! = Think emergency services, they have access to everything and I mean everything. They can search anywhere, arrest anyone (user revoke).

Think SUDO

The computer is the classroom.

The school (campus) is the network (Lan or subset).

The front gate is your router (gateway)

The city the school is in is the internet (WAN)

Area’s on the campus are determined by the “user”

Everyone = “public” means anyone at anytime can access this area even after hours and even if they have never attended. These areas might have access through the front gate but most are outside the gates. (no badge needed)

Student areas behind the gates and restricted to school personnel (need that badge)

Teach areas behind the gates and restricted to school personnel (need that badge)

Administrative Areas behind the gates and restricted to school personnel (need that badge)

Janitorial Areas behind the gates and restricted to school personnel (need that badge)

and the good old panic buttons (aghhhh call the Police some done stole my Matchbox carz!)

If one may be permitted to digress for a moment, I’d like to answer Mr Pigfender’s persistent question with the following:

“NO, Sensei!” :open_mouth:

If you are looking at a global compute environment (totality of all computers in the world) or even a marco view of a corporate LAN/WAN+Internet, then I would agree with your analogy. This particular discussion was about the idea (although Nom may not see it this way) of namespace protection from the kernel up. Using your analogy we would never get past the class room (as it represents the local system) and would focus on desks, binders of notes, post-its, etc.

For a macro/fully-incluive view I prefer using a “country” approach. Being in the US I favor the US as the “net”, forms of transportation as network types (streets/roads/highways are public routed networks), business as … businesses, mail carriers are SMTP delivery types, air routes as private high speed networks (Savvis’ OC192 is hard to fathom without the comparison to a JFK to LAX direct flight) and so on. I like the scale of it as it give the enormity of the 'net but within a comprehensible framework. And with various laws (take helmet laws) that we see in interstate travel it is easy to visualize the abstract ideas of 'net legislation like NJ’s new gambling law, NY’s sales tax, and … blah blah blah.

If an analogy works for you stick with it. My model has morphed as my audience has changed. I’m sure yours has as well.

Yeah, I think it’s fine for non-tech people. Granted, though, that I’m more familiar with your model than most, since I’ve been using Linux since 1999 or so.

I tend to explain it like peeing in a pool. If an accident happens, on this model, you only need to clean the user’s part of the pool. Whereas, if everyone were sharing the same “pool” (i.e. windows), the whole thing would need to be drained/cleaned. Doesn’t quite fit for Windows these days, since there are permissions of a sort, but it seems like everyone needs admin rights to do anything.

I’m the same way. I don’t mind if my SO uses my computer to surf, play a game, or something (or use my cell, but it isn’t a smartphone.) But he doesn’t have sudo on it, nor an account. If something happens to me, he’s got physical access to the drive, which means he can access anything on it. Beyond that he doesn’t need to use my computer, when he’s got 3 of his own. (Plus he hates KDE and slackware, which means my computer isn’t overly usable to him.)

It’s like couples who share all passwords. The hell are they thinking?!? Boundaries and trust are good things.


It is tough for me to make the *nix < - > Windows comparisons anymore. MS seems to be cleaning up their model, but my outright aversion to caring about anything they do has me a bit out of the loop. I will say that the use of user exclusive app installation (not sure about exclusive registry) is a huge move in the right direction.

The one problem with the pool analogy that I see (and it is a good analogy) is how you would explain installation of services/apps. Sitting in a conference room it is easy to “install an app” by taping a poster to the wall. How would you do that with a pool?

As to sharing passwords… Wife has all mine. I give them to her so that, should things suddenly go bad, she has a way to recover everything she needs. I have nothing to hide from her and she only uses the computer out of necessity so I’m pretty safe. She has her own mac so she would only be on mine should I be gone anyway. I might just be comfortable with the situation since we just passed 20yrs…

Yeah, regarding passwords…if my SO weren’t originally a computer security person (when we were first dating, he was one of those who companies would hire to break into their computers), I’d probably at least have an account on the box for him. But if something happens to me, he could get anything off without really thinking about it. Conversely, I’ve got enough experience with letting absentminded professors back into their computers after summers, when they’ve forgotten their passwords that getting into his computers wouldn’t be an issue, either.

After 13 years, I think I’m fine with him being added to /etc/sudoers. But my predilection for KDE and Slackware means that he wouldn’t touch my computer with a 20-foot pole. :wink:

I enjoyed the building analogy for namespace and I do like the country one as well. The country one is nice how you incorporate different services with their own representation (mail carriers =smtp).