[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



2009/11/18 Bob Arendt <rda rincon com>:
>> Anyway. It doesn't look like this is a change in Fedora policy,
>> because it clearly caught everyone off-guard. Looks like PK developer
>> made an executive decision and it's up to us to either issue an update
>> to revert to the previous behaviour, or to continue debating whether
>> allowing local console users to install trusted software from trusted
>> repositories is a sane security trade-off.
>
> I haven't tried .. but does this this also include the capability for
> my grade-school child to *remove* software using their account?
> Like gcc?  glibc?  gdm?  All fun activities ..

[root smaug ~]# pkaction --action-id
org.freedesktop.packagekit.package-remove --verbose
org.freedesktop.packagekit.package-remove:
  description:       Remove package
  message:           Authentication is required to remove packages
  vendor:            The PackageKit Project
  vendor_url:        http://www.packagekit.org/
  icon:              package-x-generic
  implicit any:      no
  implicit inactive: no
  implicit active:   auth_admin_keep

So, not without a root password.

Regards,
-- 
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]