On Mon, Mar 21, 2011 at 11:41 PM, suvayu ali <fatkasuvayu+linux@xxxxxxxxx> wrote: > On Mon, Mar 21, 2011 at 12:47 PM, Tom H <tomh0665@xxxxxxxxx> wrote: >>> >>> Speaking of which, I am not exactly comfortable with why Fedora (or >>> Ubuntu) allow any user to install updates using PackageKit without any >>> root access (or sudo password). I feel that this is not really right >>> from a security point of view.... >> >> I don't think that Ubuntu's ever had this issue and I'm pretty sure (I >> hope!) that only F12 had it, very briefly. > > Isn't that how Packagekit behaves for updates? It only asks for the > root password when some new package is installed because of > dependencies. At least that is my experience in F13 and F14. I only use yum and I haven't even thought about this for a while. Check your install with "pkaction --verbose --action-id org.freedesktop.packagekit.package-install". On F12 at launch, you got: implicit any: no implicit inactive: no implicit active: yes so anyone logged in at the console could install a package without providing a password. On F12 after launch (and complaints), you got: implicit any: no implicit inactive: no implicit active: auth_admin or auth_admin_keep (I'm not sure which) so a password had to be entered to install (with "_keep" there's a delay whereby a password doesn't have to be entered for a some set period of time - just like sudo behaves). On F15, you get: implicit any: no implicit inactive: no implicit active: auth_admin_keep -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
