Am 2009-11-18 19:18, schrieb Colin Walters:
Hi,
On Wed, Nov 18, 2009 at 12:08 PM, nodata<lsof@xxxxxxxxxxxx> wrote:
Yikes! When was it decided that non-root users get to play root?
This is hardly the first "uid 0" operation we've granted users access
to in the operating system, and it won't be the last. For example, on
a timesharing Unix system, non-uid 0 can't reboot the machine, but
it's clearly silly to ask for a root password to reboot for the
unmanaged case, so years ago the "consolehelper" system was added, and
that privilege is currently given to users at a physical display for
the machine.
We've used the "console" concept as our only tool in this respect for
a long time, and PolicyKit will ultimately replace all of it with a
far more fine grained system.
So you raise a reasonable issue, which is how do you know when the
defaults change, or new privileges are added? We don't have a very
good system for that now; ideally we would detect when new packages
are added to @gnome-desktop that include PolicyKit policies, and use
that as a basis for release notes type of thing.
But, bottom line, if you're administering a Fedora-derived desktop,
you will need to get familiar with PolicyKit, and you may need to
tweak the defaults, which are more targeted for the self-managed case.
This is a major change. I vote for secure by default.
If the admin wishes this "surprise-root" feature to be enabled he can
enable it.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list