On Mon, 2004-08-09 at 03:32, Stanley Allely wrote: > I noticed that when I run up2date in fc2, that the sys admin auth. > doesn't always go away immediately once it moves to package retrieval. > Sometimes it takes several minutes before the "keys" disappear (yeah I > use dial up). I don't like to expose root online any longer than > necessary, so can I safely click "forget authorization" as soon as > up2date switches to package retrieval mode? Yes, you may safely select to forget authorization at any point. The up2date process *does* require root authority all the way through, especially for the actual installation of packages. However, you gave authorization for that program to run as root when you started it, and it will keep that authorization until it's done (even if it takes hours or days). The reason those keys stick around for a few minutes is that many people do several tasks related to system administration in a short time, and there are few things more annoying that having to type the root password every 30 seconds while you're trying to get work done. :-) So the system remembers that this user is authorized to run *additional* programs as root in the next X minutes... it's just a convenience for you. Forgetting authorization will *not* make the up2date process more secure... that particular process already has root authority and you are not removing it. I would not worry about it at all; however, note that you *can* change how long those keys stick around, or even eliminate them altogether. I don't remember where, but surely it's not hard to find either on the system or by RTFM/STFW. Cheers, -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx> Simpaticus.com
