2009/11/18 Jon Ciesla <limb@xxxxxxxxxxxx>: >> A local user is allowed to install software on the machine without being >> prompted for the root password. >> >> This is a recipe for disaster in my opinion. >> > So much for granting shell access on my servers. . . I may be wrong, but I understand that this behaviour of PackageKit only applies to users with direct console access (i.e. not remote shells). So, only users that are logged in via GDM or TTY would be able to perform such tasks. This significantly limits the number of users with powers to install signed software -- almost to the point of where it sounds like a fair trade-off. If someone has physical access to the machine, then heck -- it's not like they don't already effectively "own" it. Not saying it's a good default policy -- but let's cool our heads. Regards, -- McGill University IT Security Konstantin Ryabitsev Montréal, Québec -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
