Local users get to play root?
James Antill
james at fedoraproject.org
Wed Nov 18 21:45:05 UTC 2009
On Wed, 2009-11-18 at 16:04 -0500, Steve Grubb wrote:
> > The problem is the *Default* not the fact that you can consciously allow
> > users to update without a password.
>
> And I wonder what the audit trail will show? Does it show which user installed
> these packages?
PK has it's own logging, it logs the user the API is running from
there. But it doesn't set loginuid, so "yum history", auditd, SELinux,
etc. don't know.
--
James Antill - james at fedoraproject.org
http://yum.baseurl.org/wiki/releases
http://yum.baseurl.org/wiki/whatsnew/3.2.25
http://yum.baseurl.org/wiki/YumMultipleMachineCaching
More information about the fedora-devel-list
mailing list