Local users get to play root?
Simo Sorce
ssorce at redhat.com
Wed Nov 18 18:40:40 UTC 2009
On Wed, 2009-11-18 at 13:28 -0500, Seth Vidal wrote:
>
> On Wed, 18 Nov 2009, Simo Sorce wrote:
>
> > On Wed, 2009-11-18 at 13:10 -0500, Seth Vidal wrote:
> >>> Maybe you have a different concept of security, but I don't want any
> >> user on
> >>> the server installing software, no matter what.
> >>
> >> right - which is why I wouldn't install PK on a server.
> >>
> >> yum doesn't allow users to install pkgs, only root.
> >
> > Seth, the fact you prefer to use yum doesn't make it right to have an
> > insecure-by-default policy.
> >
>
> I didn't say it did - I said it didn't make sense to have items like PK on
> servers.
add "for me" and I can agree with you.
Note I also don't like to install "desktop grade" packages on servers,
but that's just a preference, and should in no way change the security
of the machine.
Conscious choices: +1
Insecure defaults: -1
Difficult to find out how to change insecure defaults: -10
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the fedora-devel-list
mailing list