Local users get to play root?

Andrew Haley aph at redhat.com
Wed Nov 18 19:24:15 UTC 2009


Seth Vidal wrote:
> 
> On Wed, 18 Nov 2009, nodata wrote:
> 
>>>>> -sv
>>>>>
>>>> I do if it's in the default DVD install, or was pulled in in an
>>>> upgrade. I've never intentionally installed it, and yes I do. Never
>>>> imagined it would be a problem. I'll remove it.
>>>>
>>> Maybe you and I have a different concept of 'Servers'. But I tend to
>>> install @core only and then remove items whenever I can for a server.
>>>
>>> If it is a bad day I'll install X b/c something requires it but for
>>> servers I try to avoid anything beside the barest minimal I can have.
>>>
>> Maybe you have a different concept of security, but I don't want any user on 
>> the server installing software, no matter what.
> 
> right - which is why I wouldn't install PK on a server.
> 
> yum doesn't allow users to install pkgs, only root.

$ sudo rpm -e PackageKit
error: Failed dependencies:
        ...
        PackageKit is needed by (installed) setroubleshoot-2.2.42-1.fc12.x86_64

Ouch.  I like setroubleshoot.

Is there some way to disable PackageKit but keep setroubleshoot?

Andrew.




More information about the fedora-devel-list mailing list