Re: Fedora Feature Proposal: Yum Integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-07-19 at 08:25 -0400, Matthew Miller wrote:

> For many systems, it'd be handy for users to be able to autheneticate with
> their own passwords, and then with those credentials add and remove *user
> level* software from known repositories with valid GPG keys, but still
> require root (or wheel group membership) to add or (and especially) remove
> system level software. That's useful -- but, as mentioned, kinda
> crack-ridden. (Partly, of course, because the distinction between user level
> and system level is very blurry.)

blurry? no it's completely non-existent. :)


> Right now, it's trivially easy to make it so you can run yum with your own
> credentials -- but it's not limited in any way. Doing this the right way
> (perhaps with oddjob) would be a bit of work, but doing it the easy but less
> secure way -- run as root, check for limitations -- could be done with a
> plugin.
> 
> As a first cut for policy
> 
>  1) users can't do anything that would cause a member of the Core or Base
>     groups to be removed
>  2) can add and remove packages from a list of groups like GNOME Desktop
>     Environment, Games and Entertainment, etc., as long as it doesn't
>     conflict with #1
>  3) can't do anything else
> 
> Perhaps the list of protected-from-removal packages would need to be
> expanded, but that's the basic idea.

This feels pretty scary. We'd constantly be moving the line to
accommodate varying levels of paranoia - and we'd have a big list we'd
have to keep current to make sure it wasn't outdated.

-sv


-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux