[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

Am 2009-11-18 19:28, schrieb Seth Vidal:

On Wed, 18 Nov 2009, Simo Sorce wrote:

On Wed, 2009-11-18 at 13:10 -0500, Seth Vidal wrote:
Maybe you have a different concept of security, but I don't want any
user on
the server installing software, no matter what.

right - which is why I wouldn't install PK on a server.

yum doesn't allow users to install pkgs, only root.

Seth, the fact you prefer to use yum doesn't make it right to have an
insecure-by-default policy.

I didn't say it did - I said it didn't make sense to have items like PK
on servers.

It doesn't make sense to define the security setup of a machine based on "oh well packagekit is installed, so it must be a desktop machine for which there is one or maybe two primary users who are all trusted to decide if they want to install software".

The fact is that there is quite a lot of badly written software that requires X to install. In fact, Red Hat's documentation tends to assume that X is installed by default. So do Red Hat's courses. And even their toolset. Ever used system-config-lvm-tui? No, it doesn't exist.

If X is there, PackageKit is there. The claimed link between the intended use and security profile of a machine depending on whether PackageKit is installed makes no sense.

It doesn't matter if I or you prefer @core on our servers, the customers want X because they're new to Linux and feel comfortable with it. They won't have some arcane knowledge about the disconnect between yum and rpm with packagekit, and how sometimes you have to be root, sometimes you don't.

Secure by default please, otherwise turn off selinux by default.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]