On Mon, May 17, 2010 at 10:30 PM, Gene Heskett <gene.heskett@xxxxxxxxxxx> wrote: > On Monday 17 May 2010, Rick Stevens wrote: >>On 05/17/2010 02:12 PM, Gene Heskett wrote: >>> >>> Clarify here: I can do all that as the user. What I can't do, until >>> somebody decides to fix mkinitrd, is to run it as the user. That is my >>> specific bitch. And I think its perfectly valid. mkinitrd simply will >>> not run for anybody but root. >> >>And this is a bad thing? I, for one, don't want some low-level user >>installing a kernel on my machines. I don't want them installing >>ANYTHING that's global. >> > Repeat after me Rick: "I am the only user of this machine". And that will > likely continue until such time as I fall over for the last time. Even if your use-case encompassed 100% of fedora users, there wouldn't be any reason for violating the principle of least/minimal privilege and giving a non-root user unnecessary rights. It is up to you to modify your settings to allow one or more users to perform a command without being root. >>When you get to the point where you're installing something that will >>affect all the users on the machine or the operation of the machine >>itself, only an administrator (e.g. "root") should be permitted to do >>so. This is the whole point of system security and tools such as "su" >>and "sudo". > > I am moderately aware that rpms _should_ be installed as root, however this > machine has mdv-2010-x64 on it at the moment, and its software updater has, > in the last 6 weeks, probably updated 2Gb of software on this machine without > even asking me for my user passwd. OTOH, I have had to use root to install > another 2 or 3G of stuff. "Mandriva does it" isn't a good enough reason to allow a non-root user to install software. Mandriva has probably adopted a model similar to the one that was adopted and quickly dumped by F12, IIRC. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
