Hi
I have a system which has parts of the my users home directory bind mounted from a NTFS
filesystem. So:
$HOME/Desktop/
$HOME/Documents/
$HOME/Downloads/
$HOME/Music/
$HOME/Nextcloud/
$HOME/ownCloud/
$HOME/Pictures/
$HOME/Videos/
I’ve consulted the docs and they suggest moving the user’s home directory for bind mounts - if I understood that correctly. However the path /home/<my-user>
is my home. I’m in need for NTFS
because I move files a lot between my Linux and Windows System and I’d like to keep it that way.
Like everything in Linux is configurable from the kernel all the way up to the Desktop-Environment. Everything can be switched out for an alternative.
But then there’s Snap - priding itself on encapsulation and security. And ok, for a new Linux user, tinkering around in config files and in the worst case ending in a shell, because you accidentally uninstalled the Desktop Environment - maybe not the best user experience. So you have snap where you just chuck everything into an equivalent of a container and you can install those a graphical app. But I would really appreciate it if some defaults could be configured like permissions or access to certain services, devices, […].
Please add a user config file !
Allow a user to modify the default behavior of the snap daemon for that user.
Allow a user to per default give snaps access to bind mounts for example.
And since we’re at it, go ahead and allow a user to configure default black and white lists to slots, services, and plugins.
As an idea - like UFW
but for snap.
And if you still want to be extra secure add a snap
user and the .snap.conf
(let’s just assume it’s called that) must be owned by that user and with 600
permissions.
There you go. Access denied
if you just want to open it with an editor / in the user’s shell. The user needs to know about chown
or be comfortable do things with the higher privileges to modify that file. That should about prevent most inexperienced users from screwing up.
Because I really don’t like it that the I’m so super secure - snaps need to be installed with --dev-mode
. And - if I forget - experience all kinds of wonky behavior.
Consider Firefox and me just casually copying over my /etc/fstab
when I set up my Ubuntu 24.04 coming from 20.04:
I want to download a something. After ages of the download waiting to start (yes I’m blessed with fast internet, so I have an expectation that my downloads are fast) I finally get the download failed
. Then I proceeded to test a few different websites. Rational being - hey, if this site has problems, maybe some others don’t. But once my home server couldn’t download a file, I became suspicious.
Checked my installs from apt
and snap
and - oh would you look at - Firefox was installed with snap
. Proceed to snap remove --purge firefox
and apt install firefox
only to be greeted with apt
installing the snap again. Ok. At that point, the problem was found. And since I like my things to be installed with apt
, I setup the Mozilla repo and set up Firefox again.
Now it got really funny, once I checked my Downloads/
. I’m used to snaps like slack
being able to allocate files in the Downloads/
directory but being unable to write into them. But Firefox absolutely took the cake. 10’000 files per attempted download. And I tried like 10 different files so a whopping 100’000 file. Not that I’ve got a problem deleting that but it’s just super infuriating when user unfriendly things are created in the name of security and encapsulation and ease of use.
So please for the love of all that’s holy: Make a config file that allows users to specify custom permissions and rules for snaps.
Thank you.
AS2k