Initial draft of privilege escalation policy

Adam Williamson awilliam at
Fri Jan 22 00:01:14 UTC 2010

On Thu, 2010-01-21 at 18:54 -0500, Tom Lane wrote:
> Adam Williamson <awilliam at> writes:
> > Here's a second draft, addressing several (not yet all) of the
> concerns
> > raised about the first.
> > ...
> > The policy requires that any code which allows an unprivileged user
> > account to perform, or cause to be performed, certain actions must
> > require authentication as the root user prior to the action being
> > carried out.
> I think it would be a good idea if this were rephrased so that it did
> not sound like "you must give the root password".  Spot's original
> blog
> post specifically mentioned the case of sudo, and there might be other
> similar means of authentication that should be considered to allow
> these
> things.

That's exactly what I tried to do already, which is why it doesn't say
'enter the root password', but 'authenticate as the root user'. I'm not
sure how to phrase 'authenticate with appropriate privileges' in a way
that actually is correct and is meaningful enough.
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org

More information about the test mailing list