Local users get to play root?
Steve Grubb
sgrubb at redhat.com
Wed Nov 18 22:02:03 UTC 2009
On Wednesday 18 November 2009 04:45:05 pm James Antill wrote:
> On Wed, 2009-11-18 at 16:04 -0500, Steve Grubb wrote:
> > > The problem is the *Default* not the fact that you can consciously
> > > allow users to update without a password.
> >
> > And I wonder what the audit trail will show? Does it show which user
> > installed these packages?
>
> PK has it's own logging, it logs the user the API is running from
> there. But it doesn't set loginuid, so "yum history", auditd, SELinux,
> etc. don't know.
That is a big problem. If I have the following audit rule:
-a always,exit -F dir=/usr -F perm=w
It needs to show which user was able to write into /usr or the audit trail is
broken.
-Steve
More information about the devel
mailing list