Up2date and SysAdmin auth.
Rodolfo J. Paiz
rpaiz at simpaticus.com
Tue Aug 17 15:42:19 UTC 2004
On Mon, 2004-08-09 at 03:32, Stanley Allely wrote:
> I noticed that when I run up2date in fc2, that the sys admin auth.
> doesn't always go away immediately once it moves to package retrieval.
> Sometimes it takes several minutes before the "keys" disappear (yeah I
> use dial up). I don't like to expose root online any longer than
> necessary, so can I safely click "forget authorization" as soon as
> up2date switches to package retrieval mode?
Yes, you may safely select to forget authorization at any point.
The up2date process *does* require root authority all the way through,
especially for the actual installation of packages. However, you gave
authorization for that program to run as root when you started it, and
it will keep that authorization until it's done (even if it takes hours
The reason those keys stick around for a few minutes is that many people
do several tasks related to system administration in a short time, and
there are few things more annoying that having to type the root password
every 30 seconds while you're trying to get work done. :-) So the system
remembers that this user is authorized to run *additional* programs as
root in the next X minutes... it's just a convenience for you.
Forgetting authorization will *not* make the up2date process more
secure... that particular process already has root authority and you are
not removing it.
I would not worry about it at all; however, note that you *can* change
how long those keys stick around, or even eliminate them altogether. I
don't remember where, but surely it's not hard to find either on the
system or by RTFM/STFW.
Rodolfo J. Paiz <rpaiz at simpaticus.com>
More information about the users