Description of problem: I tested OpenSuse and Ubuntu and I saw that they offer an option to add privileged user to their update systems so that there is no need to type the root password every time you need to do an update. I find this a great option! Version-Release number of selected component (if applicable): How reproducible: Every time there is an update Steps to Reproduce: 1. Wait till there is an update 2. Click on puplet info window 3. Enter root password once more Actual results: Expected results: Just click on "Install updates" if I'm a privileged user, and system installs all updates automatically. Additional info: Fedora 7 test 4 with latest updates
Doing this on a per-app basis is crazy. If something like this is going to be enabled, it should be done more globally in consolehelper (potentially by making consolehelper just sit on top of PolicyKit which has some things like that)
This can be implemented by setting UGROUPS=privileged_user_group in /etc/security/console.apps/* and modifying /etc/pam.d/config-util not to require a password for users in privileged_user_group. Fedora does not currently have a "privileged_user_group" though, and I'm not sure it should have one. If privileged_user, a member of privileged_user_group, can install software without entering any password, any security vulnerability that makes it possible to run arbitrary code as privileged_user would also make it possible to run arbitrary code as root.
Leting some user be a root user without a password is crazy. If PolicyKit is made for per-app privileges then I hail it - if would make update system much more user friendly and much more usable. Plus if you could choose what kind of updates to see in pup - ie. only security updates only, or system+desktop updates or updates for all installed packages - that would be great.
Is there a possibility of this being added to F9? I have F8 and I can't see the point of me entering password for updates all the time. There should be an option "allow this user to always update" - and that should work with policykit in order to make this possible.-
If I read this link correctly [1] then this issue is already solved in rawhide and it will be in Fedora 9. Cool. [1] http://fedoraproject.org/wiki/Interviews/PackageKit
(In reply to comment #4) > Is there a possibility of this being added to F9? Not in usermode. As you have already noticed, PackageKit + PolicyKit provide such fine-grained configuration options. If you want to create a system-wide privileged users, you can now do it easier than in F8 (due to #426095, you can edit only /etc/pam.d/config-util and /etc/security/console.apps/config-util instead of configuring each system-config-* separately), but usermode has no control over the applications it executes.