5 | | Major differences from version 5 are: |
6 | | * Account-based sandboxing using unprivileged accounts. |
7 | | * Moves the BOINC data directory if needed. |
8 | | * BOINC executables are in a separate directory. |
| 5 | [[PageOutline]] |
| 6 | |
| 7 | == Introduction == |
| 8 | |
| 9 | This document describes the implementation details of the BOINC Installer for v6. It is assumed that you have a basic understanding of how the Microsoft Installer technology works. For further details of how the Microsoft installer technology works you can visit [http://msdn2.microsoft.com/en-us/library/aa372866(VS.85).aspx here]. |
| 10 | Major improvements for v6 include: |
| 11 | * Account-based sandboxing. |
| 12 | * Separation of the executables and the data. |
11 | | [[PageOutline]] |
12 | | |
13 | | == Protection policy == |
| 15 | == Account-based Sandboxing == |
| 16 | |
| 17 | The installer offers two modes: 'Graphics compatible' and 'Secure'. |
| 18 | |
| 19 | Graphics compatible installation is the same as the single-user installation of v5. |
| 20 | The manager will be responsible for launching the core client, and all applications will be launched in the same security context as the user who logged into the system. |
| 21 | This allows users to see graphics from older as well as newer science applications, or projects with long running tasks which won't complete for a while. |
| 22 | |
| 23 | If the user selects Secure, the core client will run as a service. |
| 24 | Two user accounts and three groups will be created: |
| 25 | |
| 26 | === Overall Protection policy === |
19 | | When BOINC Manager cannot access the gui_rpc_auth.cfg file, it'll display a dialog stating that the user does not currently |
20 | | have access to BOINC and to contact the administrator to add them to the 'boinc_users' group. |
21 | | |
22 | | == Sandboxing == |
23 | | |
24 | | The installer offers two modes: 'Graphics compatible' and 'Secure'. |
25 | | |
26 | | Graphics compatible installation is the same as the single-user installation of v5. |
27 | | The manager will be responsible for launching the core client, and all applications will be launched in the same security context as the user who logged into the system. |
28 | | This allows users to see graphics from older as well as newer science applications, |
29 | | or projects with long running tasks which won't complete for a while. |
30 | | |
31 | | If the user selects Secure, |
32 | | the core client will run as a service. |
33 | | Two user accounts and two groups will be created: |
| 32 | When BOINC Manager cannot access the gui_rpc_auth.cfg file, it'll display a dialog stating that the user does not currently have access to BOINC and to contact the administrator to add them to the 'boinc_users' group. |