Local users get to play root?
Jesse Keating
jkeating at redhat.com
Thu Nov 19 17:02:38 UTC 2009
On Thu, 2009-11-19 at 10:32 -0600, Chris Adams wrote:
> Once upon a time, Jesse Keating <jkeating at redhat.com> said:
> > That is incorrect, unless somehow your ssh tunneled VNC registers as
> > "local console login", which I doubt. In your case, none of your users
> > would be allowed to install software/updates.
>
> VNC looks like a local console login.
> --
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
>
Not according to what I'm being told by the Desktop folks, at least as
far as PolicyKit and ConsoleKit are concerned.
<Oxf13> hrm, in the world of PolicyKit and ConsoleKit, does a VNC login
look like a "console" login for the sake of policy?
<hughsie> Oxf13: no
<hughsie> if you log in, then start remote desktop, and then allow other
users to connect then it does
<hughsie> if you're just using vnc to create a virtual desktop for users
then it's not on_console, so to speak
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091119/a5d9ddfa/attachment.sig>
More information about the fedora-devel-list
mailing list