Is it possible to run all programs including clients (browser, mp3 player, compiler, ...) under separate accounts just like servers? Would it be possible to add this as an option when installing the system?
The problem I have there, I am developer (but not debian developer) and I have full write access to binaries that I compile. Now if I exchange binaries with other developers, this creates environment for viruses, doesn't it? Is the game with accounts useful for something? If so, why is there so much panic about "run as few services as possible"? Let's say I don't care about halting and damage (as far as I know who did it), I care about data changes and reprogramming. Do accounts suffice?
