Direction of Fedora desktop manager Gnome, related to complaints in OT morons thread
Tom H
tomh0665 at gmail.com
Tue Mar 22 09:38:52 UTC 2011
On Mon, Mar 21, 2011 at 11:41 PM, suvayu ali
<fatkasuvayu+linux at gmail.com> wrote:
> On Mon, Mar 21, 2011 at 12:47 PM, Tom H <tomh0665 at gmail.com> wrote:
>>>
>>> Speaking of which, I am not exactly comfortable with why Fedora (or
>>> Ubuntu) allow any user to install updates using PackageKit without any
>>> root access (or sudo password). I feel that this is not really right
>>> from a security point of view....
>>
>> I don't think that Ubuntu's ever had this issue and I'm pretty sure (I
>> hope!) that only F12 had it, very briefly.
>
> Isn't that how Packagekit behaves for updates? It only asks for the
> root password when some new package is installed because of
> dependencies. At least that is my experience in F13 and F14.
I only use yum and I haven't even thought about this for a while.
Check your install with "pkaction --verbose --action-id
org.freedesktop.packagekit.package-install".
On F12 at launch, you got:
implicit any: no
implicit inactive: no
implicit active: yes
so anyone logged in at the console could install a package without
providing a password.
On F12 after launch (and complaints), you got:
implicit any: no
implicit inactive: no
implicit active: auth_admin or auth_admin_keep (I'm not sure which)
so a password had to be entered to install (with "_keep" there's a
delay whereby a password doesn't have to be entered for a some set
period of time - just like sudo behaves).
On F15, you get:
implicit any: no
implicit inactive: no
implicit active: auth_admin_keep
More information about the users
mailing list