Once upon a time, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> said: > .. if the packages are signed and from a signed repository. So, you left > out the important part. Explain why this is a problem in a bit more > detail. Fedora has made a big push into the multi-user desktop (which many home computers are now) with things like fast user switching. In many such setups, not all users are considered "administrators" of the system (think parents and kids for example). However, Fedora continues to slip in (with no announcement and no documentation on how to change) things that allow the console user to be an administrator without any additional authentication. The answer here has been "well root should lock it down". With the ever-increasing complexity of the system, it is becoming more difficult than ever to find (or even know about) all of the ways a system musth be locked down. "find / -perm +6000" doesn't cut it anymore, but there's no documentation of all the ways a regular user can do administrative tasks without an administrative password. It seems the latest way of doing this is via PolicyKit. IMHO all PolicyKit configuration should be "secure by default", and then desktop spins can include overrides in /etc to loosen-up security where desired. This would also make it much easier to find and clearer to see what might should be changed for local policy. Right now, I see files /usr/share/PolicyKit/policy; I guess that's where this kind of thing comes from. How do I override the settings in one of these files? None of them are marked "config", so I guess I don't edit them. Are there other places such policy can be set? -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
