Re: Updates done by everyone

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Samstag, den 09.12.2006, 20:36 -0500 schrieb Matthew Miller:
> On Sat, Dec 09, 2006 at 11:12:14PM +0100, Roger Grosswiler wrote:
> > Of course, the program shouldn't be started in another way. 
> > i thought about sudo, but i left it. btw. /usr/bin/pup links to the
> > consolehelper, the real app is in /usr/sbin/pup (?)
> 
> consolehelper is another mechanism for providing sudo-like functionality.
> Rather than changing the app to run with sudo, what you want to do is edit
> the consolehelper config in /etc/security/console.apps/pup. 'man userhelper'
> for the variables that can be set there -- probably what you want to do is
> set "UGROUPS=wheel" in that file and then add all pup-privileged users to
> the wheel group. (gpasswd wheel -a roger).
> 

Tested and approved!

Advantage:

- no sudo-entry
- still password-entry needed for update (according to the engagement of
pam?)

All i had to enter was the appropriate Group, i wanted to be able to
update theirselves. Entry: UGROUPS=groupname

This enables them, by typing their own password to update the system.

IMHO, this is not a real security-hole. Some kind of naive trusting
against the users should be. no user, no admin...of course, the question
of checksummed repos should always be answered as yes. This is the point
the make sure as a standard by admins.


Thanks
Roger


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux