Fedora Feature Proposal: Yum Integration

Horst H. von Brand vonbrand at inf.utfsm.cl
Fri Jul 20 14:54:16 UTC 2007 

Matthew Miller <mattdm at mattdm.org> wrote:
> On Thu, Jul 19, 2007 at 11:51:34AM -0400, Horst H. von Brand wrote:
> > > > blurry? no it's completely non-existent. :)
> > > There's at least a whole lot of overlap. :)
> > Nope. If it has to be installed/configured/managed by root, it is system
> > software, regardless of it being the kernel or a game. The stuff in
> > $HOME is yours to mess around with.

> You mean "by root", or "by a process with root privileges"? Because that's a
> whole different question.

No, it isn't. Not really.

> > To think otherwise is creating a whole new landscape of operating
> > system... and that can't be handled by just "OK, let's install <foo kind
> > of packages> by default under the control of Joe R. User", there has to
> > be a _lot_ more thought behind it.
> 
> "Foo kind of packages" from an approved repository of
> cryptographically-signed rpms.

Checked by whom for sanity? Who decides which ones can be installed and
which ones can't (e.g., chat style applications are banned here, other
places will disallow all games, ...)? If the user decides freely, she's
root for all purposes. If there is any policy on what to install and
what not, she can't be allowed to install stuff, period.

Besides, you very well can set up a sudo(1) entry that allows Jane
R. User to run *only* yum with designated repositories. I just fail to
see why such (local policy) has to be integrated into the system, when
it is not universally required (or even wanted). Remember: Unix
philosophy is having tools that do one thing, and do it well. Leave the
infinite combinations in the capable hands of the user.

> > Exactly the other way around. In a controlled environment, you could
> > give the root password (or a suitably restricted sudo(1) entry) to
> > assorted users, or require users to contact the sysadmin to install
> > stuff. If you are thinking about the machines in a lab, the /very last/
> > thing you want is different configurations because on each machine a
> > random user, way back, ran some program with unusual flags, and didn't
> > note that this meant installing some gunk.

> I'm thinking more about individual machines deployed on desktop systems
> where the users want some control but are not sysadmins. For stuff like the
> above, why bother the admin?

Give them the root password. Set up sudo(1).

Managing a computer isn't trivial, if the users don't know how to do it
right, better keep their hands in the pockets. Random stuff installed by
(well-meaning) users or random passers-by caused inmense grief here with
Windows, until we just gave the users restricted accounts.
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                    Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria             +56 32 2654239
Casilla 110-V, Valparaiso, Chile               Fax:  +56 32 2797513

More information about the fedora-devel-list mailing list