Roger Grosswiler wrote: > Am Samstag, den 09.12.2006, 10:01 -0600 schrieb Mikkel L. Ellertson: >> Roger Grosswiler wrote: >>> i just asked myself, why a normal user shouldn't be able to run pup by >>> itself without root permission. >>> >>> I think, this could be an issue to configure in the future. >>> >>> Meanwhile, i entered a group as sudoers. In the shell, everybody on this >>> machine is now able to run pup. >>> >>> I changed pup.desktop in /usr/share/applications >>> >>> to Exec = sudo /usr/bin/pup >>> >>> ..it seems, gnome does not like this kind of entry ;) because i couldnt >>> then launch it from gnome no longer. >>> >>> does anybody know, how i could handle this without a shellscript in >>> between? >>> >>> Thanks, >>> Roger >>> >> As others have said, your basic idea is a security risk. You should >> really re-think your idea. >> >> Having said that, the problem you are probably running into is that >> sudo is probably trying to ask you for your password. Because it is >> not running in a terminal, it has no way to do it. (You can check >> this by running "sudo /usr/bin/pup" in a terminal.) You may be able >> to get around this by using the NOPASSWD option in sudo.conf or by >> running the command in a terminal. (This is an option when in menu >> edit.) >> >> Mikkel > > Hey Mikkel, > > Thanks for your reply, even the others for their input. Just to repeat: > > All i would like, is that if the notify from linux comes with "xxx > updates available" that the user can click "ok" to launch them itself. > > Of course, the program shouldn't be started in another way. > > i thought about sudo, but i left it. btw. /usr/bin/pup links to the > consolehelper, the real app is in /usr/sbin/pup (?) > > even yum-updateonboot will update the system while booting up. why isnt > there an option like yum-updateonupdateavailable? Since yum-updatesd, > fedoara has imho a very good offer for very quick getting the system > actual. > > i am not looking for sophistical solutions, they should - as said by > others - secure, but also be handleable for persons, which possess not > your know. how or the root password ;D (so never send your admin to > holidays-yeeehaaaaaaaaaa) > > Roger > You may want to look at yum-updatesd. Now, for your original idea, if you follow Matthew Miller's advice and change the way consolehelper process the pup command, you can get what you want. If you change "USER=root" to "USER=<user>" and add "UGROUP=sudoers", in /etc/security/console.apps/pup, then members of the sudoers group should not have to enter a password. I have not tried this, so test it before relying on it. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!