I checked my sudoers file and the user's group. I am confident that the user is a standard user and not a sudoer or in the wheel group. I have been following the discussions on this and would like to comment on a few 1. I prefer KDE over Gnome. So on Fedora 20 I used kdm using my kickstart. 2. I upgraded to Fedora 21 and to 22 using the fedup tool, which requires one to mention what product they want. So I mentioned the product 'workstation', which got installed and I got a whole new display, that I do not like. I revert to KDE Plasma workspace. 3. The most important thing about this discussion is whether allow non-admin users to do system update or not. I WOULD PREFER NON-ADMIN USERS NOT TO GET THESE RIGHTS. The reason is that I have had a serious issue from kernel update 3.16 to 3.19. The way they mount the CIFS share, I am still not able to understand certain behaviour. This is definitely not acceptable in a multi-user environment where the clients use LDAP, CIFS or NIS or any such remote server for login or folder authentication. A standard user performing the updates would violate these settings and the system would not perform as expected or at least set by the system administrator. This means there is more work for system administrator and if cannot find a fix, then have to wait for a fix in the next release or as the discussion goes, there might not be any fix at all. I usually test the updates on a system and make sure that it does not affect any normal use. Then I update it for every user or every client machines. I do not understand which system administrator did not want an authentication or confirmation before installing updates. This could be TRUE only when the system administrator is logged into the system in GUI mode or on a terminal using 'su' command. All I request is to give an option at least during the install or in kickstart to add a line that will say whether all users can install the system updates (whether offline or live) or not. So, it is then the admin's responsibility to deal with it. This should come during the installation setup, where the installation source, admin password and other details are setup. Thanks Nethaji On Thu, 2015-05-14 at 07:21 +0100, Richard Hughes wrote: > On 14 May 2015 at 01:57, Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote: > > It never even occurred to me that we might make this change downstream, > > since we make changes upstream whenever we can. PackageKit is > > maintained by a Fedora developer (Richard Hughes) so it's natural that > > the default settings are what Fedora wants them to be. > > I'm certainly hope I'm a friendly upstream, and it's true that I want > to ship sane policy by default. It doesn't mean upstream *has* to bend > and flex to every diktat from FESCo. If someone can explain to me in > an upstream bug why changing the policy would be more secure for users > then I'll happily change it for the next release. I'm not horribly > keen on the "lock down by default" arguments, as PackageKit upstream > is at targeting these users > http://www.freedesktop.org/software/PackageKit/pk-profiles.html > > Richard -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
