Re: Updates done by everyone

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Roger Grosswiler wrote:
> Am Samstag, den 09.12.2006, 10:01 -0600 schrieb Mikkel L. Ellertson:
>> Roger Grosswiler wrote:
>>> i just asked myself, why a normal user shouldn't be able to run pup by
>>> itself without root permission.
>>>
>>> I think, this could be an issue to configure in the future.
>>>
>>> Meanwhile, i entered a group as sudoers. In the shell, everybody on this
>>> machine is now able to run pup. 
>>>
>>> I changed pup.desktop in /usr/share/applications 
>>>
>>> to Exec = sudo /usr/bin/pup
>>>
>>> ..it seems, gnome does not like this kind of entry ;) because i couldnt
>>> then launch it from gnome no longer.
>>>
>>> does anybody know, how i could handle this without a  shellscript in
>>> between?
>>>
>>> Thanks,
>>> Roger
>>>
>> As others have said, your basic idea is a security risk. You should
>> really re-think your idea.
>>
>> Having said that, the problem you are probably running into is that
>> sudo is probably trying to ask you for your password. Because it is
>> not running in a terminal, it has no way to do it. (You can check
>> this by running "sudo /usr/bin/pup" in a terminal.) You may be able
>> to get around this by using the NOPASSWD option in sudo.conf or by
>> running the command in a terminal. (This is an option when in menu
>> edit.)
>>
>> Mikkel
> 
> Hey Mikkel,
> 
> Thanks for your reply, even the others for their input. Just to repeat:
> 
> All i would like, is that if the notify from linux comes with "xxx
> updates available" that the user can click "ok" to launch them itself.
> 
> Of course, the program shouldn't be started in another way. 
> 
> i thought about sudo, but i left it. btw. /usr/bin/pup links to the
> consolehelper, the real app is in /usr/sbin/pup (?)
> 
> even yum-updateonboot will update the system while booting up. why isnt
> there an option like yum-updateonupdateavailable? Since yum-updatesd,
> fedoara has imho a very good offer for very quick getting the system
> actual.
> 
> i am not looking for sophistical solutions, they should - as said by
> others - secure, but also be handleable for persons, which possess not
> your know. how or the root password ;D (so never send your admin to
> holidays-yeeehaaaaaaaaaa)
> 
> Roger
> 
You may want to look at yum-updatesd.

Now, for your original idea, if you follow Matthew Miller's advice
and change the way consolehelper process the pup command, you can
get what you want. If you change "USER=root" to "USER=<user>" and
add "UGROUP=sudoers", in /etc/security/console.apps/pup, then
members of the sudoers group should not have to enter a password. I
have not tried this, so test it before relying on it.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux