Fedora 22 update security
Michael Catanzaro
mcatanzaro at gnome.org
Wed May 13 12:49:34 UTC 2015
On Wed, 2015-05-13 at 09:33 +0100, Nethaji wrote:
> I always have a root account on my system and add a user after every
> new
> installation using 'useradd' command. I do not create a user at the
> time
> of installation.
>
> The sudo command does not work on my account as the user is not in
> the
> sudoers list. The user's name is not in the wheel group either. I
> usually never add a sudoer to the system.
Actually, sorry, Matthew and I were wrong. We do allow unprivileged
users to run software updates (provided all of the updates are
cryptographically signed by Fedora). You can configure this behavior
manually by creating a file in /etc/polkit-1/rules.d with the following
contents (untested, should work):
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.packagekit.system-update") {
return polkit.Result.AUTH_ADMIN;
}
});
Then unprivileged users should no longer be able to run updates.
Hope that helps,
Michael
More information about the desktop
mailing list