On Sat, 2010-01-30 at 10:31 -0500, Colin Walters wrote: > On Sat, Jan 30, 2010 at 1:20 AM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > > > > Well, reboot is a one-time operation; if there's only one user logged > > in, they can only affect themselves by rebooting. Adjusting the clock or > > installing new software isn't the same. > > Ok, actually "one time" feels like there's a more general principle at > work here, which is the degree to which the operation could > potentially affect other users. As it says in the second paragraph: "An unprivileged user without administrative authentication must not be able to change the behavior of the system "as a whole" (as viewed by other users or by network clients), unless the system behavior is intended to be dependent on the actions of the unprivileged user." > For example, there's a pretty wide gulf between "install new desktop > app" (other users see a new menu entry) and "start or stop system > daemons" (can easily break printing, networking, or just crash the. > Changing the system time is in between there. > The reason I mention this specifically I'd like in the future to widen > this set a little bit for the "self managed" desktop target (i.e. > livecd download), specifically include at least "install new desktop > application from " and "initiate system update" in that set of default > privileges. >From the Requirements preamble: "In the case of an approved Fedora spin which automatically grants administrative privileges to the first created user account, authentication as that user can be considered administrative authentication." -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel