Bug 240110
Summary: | pup updater doesn't have "privileged user" option for updates | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Valent Turkovic <valent.turkovic> |
Component: | usermode | Assignee: | Miloslav Trmač <mitr> |
Status: | CLOSED WONTFIX | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-21 16:50:09 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Valent Turkovic
2007-05-15 09:24:44 UTC
Doing this on a per-app basis is crazy. If something like this is going to be enabled, it should be done more globally in consolehelper (potentially by making consolehelper just sit on top of PolicyKit which has some things like that) This can be implemented by setting UGROUPS=privileged_user_group in /etc/security/console.apps/* and modifying /etc/pam.d/config-util not to require a password for users in privileged_user_group. Fedora does not currently have a "privileged_user_group" though, and I'm not sure it should have one. If privileged_user, a member of privileged_user_group, can install software without entering any password, any security vulnerability that makes it possible to run arbitrary code as privileged_user would also make it possible to run arbitrary code as root. Leting some user be a root user without a password is crazy. If PolicyKit is made for per-app privileges then I hail it - if would make update system much more user friendly and much more usable. Plus if you could choose what kind of updates to see in pup - ie. only security updates only, or system+desktop updates or updates for all installed packages - that would be great. Is there a possibility of this being added to F9? I have F8 and I can't see the point of me entering password for updates all the time. There should be an option "allow this user to always update" - and that should work with policykit in order to make this possible.- If I read this link correctly [1] then this issue is already solved in rawhide and it will be in Fedora 9. Cool. [1] http://fedoraproject.org/wiki/Interviews/PackageKit (In reply to comment #4) > Is there a possibility of this being added to F9? Not in usermode. As you have already noticed, PackageKit + PolicyKit provide such fine-grained configuration options. If you want to create a system-wide privileged users, you can now do it easier than in F8 (due to #426095, you can edit only /etc/pam.d/config-util and /etc/security/console.apps/config-util instead of configuring each system-config-* separately), but usermode has no control over the applications it executes. |