On Thu, 2007-07-19 at 08:25 -0400, Matthew Miller wrote: > For many systems, it'd be handy for users to be able to autheneticate with > their own passwords, and then with those credentials add and remove *user > level* software from known repositories with valid GPG keys, but still > require root (or wheel group membership) to add or (and especially) remove > system level software. That's useful -- but, as mentioned, kinda > crack-ridden. (Partly, of course, because the distinction between user level > and system level is very blurry.) blurry? no it's completely non-existent. :) > Right now, it's trivially easy to make it so you can run yum with your own > credentials -- but it's not limited in any way. Doing this the right way > (perhaps with oddjob) would be a bit of work, but doing it the easy but less > secure way -- run as root, check for limitations -- could be done with a > plugin. > > As a first cut for policy > > 1) users can't do anything that would cause a member of the Core or Base > groups to be removed > 2) can add and remove packages from a list of groups like GNOME Desktop > Environment, Games and Entertainment, etc., as long as it doesn't > conflict with #1 > 3) can't do anything else > > Perhaps the list of protected-from-removal packages would need to be > expanded, but that's the basic idea. This feels pretty scary. We'd constantly be moving the line to accommodate varying levels of paranoia - and we'd have a big list we'd have to keep current to make sure it wasn't outdated. -sv -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
