From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830 Description of problem: an ordinary user can change the root password when he chooses 'system settings' and 'root password' Note: we have installed the group package - System Group : all - Server Group : Server Configuration Tool - Version-Release number of selected component (if applicable): 8.0 How reproducible: Always Steps to Reproduce: choose 1.GNOME Menu 2.'system settings' 3.and 'root password' Actual Results: the normal user could change the root password Expected Results: Well, a normal user should not be able to change the root password! Additional info:
You have to type the current root password first, though. Note that if you authenticate for one of the "system settings" items the authentication will be remembered for a few minutes, so you can run any of the other items. The panel "notification area" should display an icon while you are authenticated. You can run "pam_timestamp_check -k root" or click the icon to drop the authentication. See "man pam_timestamp" and "man pam_timestamp_check" Please confirm that you are asked to type the current root password, unless authentication is currently timestamped.
assuming NOTABUG