Local users get to play root?
Seth Vidal
skvidal at fedoraproject.org
Wed Nov 18 18:22:03 UTC 2009
On Wed, 18 Nov 2009, Bruno Wolff III wrote:
> On Wed, Nov 18, 2009 at 23:18:28 +0530,
> Rahul Sundaram <sundaram at fedoraproject.org> wrote:
>> On 11/18/2009 11:19 PM, nodata wrote:
>>
>>>
>>> Thanks. I have changed the title to:
>>> "All users get to install software on a machine they do not have the
>>> root password to"
>>
>> .. if the packages are signed and from a signed repository. So, you left
>> out the important part. Explain why this is a problem in a bit more
>> detail.
>
> Besides other issues listed, the packages being installed may be privileged
> programs that the admin doesn't want on the system, may start services or
> schedule runs at specified times by default which might considered a
> problem by the admin, the extra packages may use up too much disk space
> and cause problems.
If there are pkgs which run daemons which are defaulting to ON when
installed or on next reboot - then we should be auditing those pkgs. Last
I checked we default to OFF and that should continue to be the case.
-sv
More information about the fedora-devel-list
mailing list