On 06/02/15 05:23, Rick Stevens wrote:
On 06/01/2015 02:09 PM, Ed Greshko wrote:
> On 06/02/15 04:25, Rick Stevens wrote:
>> Not being a KDE user I don't know for sure, but even if it alerts that
>> updates are available, a normal user can't install them unless they're
>> members of the "wheel" group or they have the root password, not so?
>
> That is what I thought, and what I said initially. However, 2 days after I said that
updates were available and I used a non-wheel user to do the updates and it worked. Not
the best of designs, IMO.
Did it at least ask you for the root password? If it didn't and you
could do an update/install as a non-wheel user, then that's a HUGE
security hole and I'd BZ it immediately. But double check...the user
_may_ have "wheel" as a secondary group, e.g.:
# grep wheel /etc/group | grep <username>
No prompt for root password. As I said above, I used an account which I knew not to be in
the wheel group.
--
Sorta what I want to say when folks habitually complain about Fedora -
https://youtu.be/ZArl8fTfub4