Local users get to play root?
Konstantin Ryabitsev
icon at fedoraproject.org
Wed Nov 18 19:28:59 UTC 2009
2009/11/18 Bob Arendt <rda at rincon.com>:
>> Anyway. It doesn't look like this is a change in Fedora policy,
>> because it clearly caught everyone off-guard. Looks like PK developer
>> made an executive decision and it's up to us to either issue an update
>> to revert to the previous behaviour, or to continue debating whether
>> allowing local console users to install trusted software from trusted
>> repositories is a sane security trade-off.
>
> I haven't tried .. but does this this also include the capability for
> my grade-school child to *remove* software using their account?
> Like gcc? glibc? gdm? All fun activities ..
[root at smaug ~]# pkaction --action-id
org.freedesktop.packagekit.package-remove --verbose
org.freedesktop.packagekit.package-remove:
description: Remove package
message: Authentication is required to remove packages
vendor: The PackageKit Project
vendor_url: http://www.packagekit.org/
icon: package-x-generic
implicit any: no
implicit inactive: no
implicit active: auth_admin_keep
So, not without a root password.
Regards,
--
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec
More information about the fedora-devel-list
mailing list