Clash of the Installer Philosophies
by Scot Hacker
O'Reilly blogger Rob Flickenger recently posted IE(eeeee), on his frustration at the hands of the IE 5.2 installer. I agreed with Rob in some respects. For example, there's no reason a Mac installer should be closing down apps, unless it's an OS upgrade. Other than that, I didn't mind the IE 5.2 installer, and found the upgrade worth the minor hassle.
But Rob's post did get me thinking about a related issue: The fact that application installers for OS X have such different usage philosophies.
On the one hand, we have these wonderfully easy to use .dmg installers, which reduce installation time to near-zero (you don't even have to drag the included app to any specific location first - you're free to run it right from the disk image for testing first). Personally, I think .dmg installers are the slickest development since the invention of the Mochi bon-bon.
On the other hand, Apple is looking for acceptance in the organization, and that means working the way sysadmins like things to work. And most sysadmins run a tight ship, with strict rules about users installing their own apps (i.e. they can't). Installers that require admin passwords help sysadmins maintain a controlled environment.
On the other other hand, the .dmg installation method is not going to allow the user to install anything outside of user space. The user is still constrained to a sandbox of sorts.
What I'm getting at here is that Apple, by finally achieving the "impossible" and creating a user-friendly Unix, finds themselves trying to serve two masters -- the traditional "computer for the rest of us" ease-of-use user, and ye olde bearded-weenie Unix security guru. In the process of trying to serve two masters, these kinds of ambiguities are bound to arise. The realm of application installers is a good example of that schizophrenia.
So the question becomes, is there a "canonical," Apple-recommended way for an installer to behave? Or does Apple's responsibility end with the creation of a secure, user-friendly platform, such that anything possible to occur within that platform can co-exist?
For those of you who are sysadmins in large organizations, what kinds of app-install controls would you like to impose on users that you currently don't have with OS X?
Not a problem
There has never been a way for a UNIX sys admin to prevent applications from being installed by users since apps don't have to be in any particular directory. The only way to get such a fascist level of control over what the users can do would be to install a special restricted shell for those users.