On 06/01/2015 02:09 PM, Ed Greshko wrote:
On 06/02/15 04:25, Rick Stevens wrote:
Not being a KDE user I don't know for sure, but even if it alerts that
updates are available, a normal user can't install them unless they're
members of the "wheel" group or they have the root password, not so?
That is what I thought, and what I said initially. However, 2 days after I said that updates were available and I used a non-wheel user to do the updates and it worked. Not the best of designs, IMO.
Did it at least ask you for the root password? If it didn't and you
could do an update/install as a non-wheel user, then that's a HUGE
security hole and I'd BZ it immediately. But double check...the user
_may_ have "wheel" as a secondary group, e.g.:
# grep wheel /etc/group | grep <username>
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- Is that a buffer overflow or are you just happy to see me? -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
