Red Hat Bugzilla – Bug 218562
Package Updater shouldn't require a root password to show you what updates are available.
Last modified: 2014-01-21 17:56:29 EST
Description of problem:
The package updater that appears in the Notification Area informs you that x
number of updates are avaiable, but you can't find out what these are without
having to enter the root password.
Users shouldn't have to enter the root password to see what updates are
avaiable. IT seems that the package updater knows what needs to be updated, so
there shouldn't be any need to type a password in just so you can see what needs
For example, user without root access may be interested in seeing what updates
are available so they can nag their sysadmin about important updates, instead of
just nagging their sysadmin so they can see the updates.
Version-Release number of selected component (if applicable):
That's the plan, just ran out of time for FC6 :)
In the Summary line, "should" should be changed to "shouldn't".
Why shouldn't this system configuration object require a password? Why should a
nonprivileged user be able to, via back channels, interrogate versioning of the
software installed on target system? I would actaully advocate moving the
software updater from Applications menu to System/Administration menu, and
leaving the password in place. Alternatively, as part of SELINUX security
profile, allow marking of pup as root-only.
(In reply to comment #4)
> Why shouldn't this system configuration object require a password?
I'm not advocating that the user be able to install the software, but if the
user is to be informed that updates are available, then they should be able to
easily see what updates are available. It's not like they can't find out this
> Why should a nonprivileged user be able to, via back channels, interrogate
> versioning of the software installed on target system?
Unless I'm missing something, the user already can do 'interogate versioning'.
Grab a terminal and type in 'rpm -q <package ...>'
Are you advocating that we remove terminal access, allow with all the virtual
terminals so that the user can't be more aware of what's on the computer they use?
> I would actaully advocate moving the software updater from Applications menu
> to System/Administration menu, and leaving the password in place.
May as well get rid of the update alert in the Notification Area too. After
all, even if the user can't find out what's being offered for update using the
desktop, it might alert them to the fact that updates are avaiable and go and
find the information somewhere else (even if it means browsing the ftp
> Alternatively, as part of SELINUX security profile, allow marking of pup as
Would this mean you'd need to be running your desktop as root to be alerted to
updates? I didn't think that was 'best practice'.
*** This bug has been marked as a duplicate of 213879 ***