Description of Problem: Failed RPM installations leave the root permission on - applies when not logged in as the root Version-Release number of selected component (if applicable): How Reproducible: Always Steps to Reproduce: 1. Download (say) the realplayer for Linux from real.com. 2. Open with the application installer, type in the root password 3. The RPM install fails (does not get as far as checking the RPM headers), the keys remain. It is then possible to access locked off areas. Actual Results: The keys remain, user still has su access Expected Results: The failure should be reported on screen and su access removed Additional Information: If the RPM fails to install, it is then not possible to install RPMs via either the terminal or via the add application method - the only method of resetting which will work is to reset the machine. Given it is a global addition when installing an RPM, this is not suprising.
This is the intended behavior of using pam_timestamp... from the release notes o Some of the configuration tools use pam_timestamp, a module for implementing sudo-style authentication timestamps via PAM. The authentication function checks for the existence of the timestamp file. If the file exists and is less than five minutes old (the same default as sudo), authentication succeeds without prompting for the root password again. If a program with pam_timestamp support is started from the Main Menu button or Nautilus and successfully authenticated, a key icon will appear in the panel notification area to show that an authenticated user has cached root authentication. When the authentication expires, the icon is removed.
Unfortunately, the revocation of the keys doesn't happen until the machine is reset, nor are you able to install any other packages via either the rpm command line or the add packages systems.
Unable to duplicate.. Curious
Me neither and as far as I know, Nalin hasn't heard anything either. In any case, it's not redhat-config-packages doing it. If anything, it's pam_timestamp but I haven't seen anything, although I'll leave it to Nalin to be definitive about
This bug is quite old, closing it off - the "not able to install packages" could just be a problem with rpm locks files (try rm /var/lib/rpm/__* ), and the authentication staying open is exepected behaviour of pam_timestamp.