Am 2009-11-18 19:04, schrieb Seth Vidal:
On Wed, 18 Nov 2009, Jon Ciesla wrote:
Seth Vidal wrote:
On Wed, 18 Nov 2009, Jon Ciesla wrote:
nodata wrote:
Am 2009-11-18 18:08, schrieb nodata:
Yikes! When was it decided that non-root users get to play root?
Ref:
https://bugzilla.redhat.com/show_bug.cgi?id=534047
This is horrible!
Just to elaborate:
A local user is allowed to install software on the machine without
being prompted for the root password.
This is a recipe for disaster in my opinion.
So much for granting shell access on my servers. . .
You have PackageKit installed on servers? really?
-sv
I do if it's in the default DVD install, or was pulled in in an
upgrade. I've never intentionally installed it, and yes I do. Never
imagined it would be a problem. I'll remove it.
Maybe you and I have a different concept of 'Servers'. But I tend to
install @core only and then remove items whenever I can for a server.
If it is a bad day I'll install X b/c something requires it but for
servers I try to avoid anything beside the barest minimal I can have.
-sv
Maybe you have a different concept of security, but I don't want any
user on the server installing software, no matter what.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
