Local users get to play root?

[Martyn Foster]

2009/11/19 Simon Andrews <simon.andrews at bbsrc.ac.uk>:
> Bill Nottingham wrote:
>>
>> Jeff Garzik (jgarzik at pobox.com) said:
>>>
>>> This sounds like a tacit admission that the default install for
>>> servers is bloody stupid (== same as desktop), unless the admin
>>> REMOVES packages we helpfully installed on the server system.
>>
>> PackageKit has only ever been included in destkop package groups.
>> While these groups are enabled by default, they are with the caveat of:
>>
>> "The default installation of Fedora includes a set of software
>> applicable for general internet usage."
>
> I've just been and checked on our servers, which were installed with minimal
> packages and never used for desktop activities and found two of them with
> PackageKit installed.
>
> Looking at the dependencies there is nothing on those machines which
> currently requires PackageKit so it could be cleanly removed, but something
> has pulled this in as a dependency in the past.
>
> Both of these machines have been through sequential upgrades from around
> FC3.
>
> Changing the behaviour of PackageKit would certainly affect me and I've
> never explicity installed it.
>
>
>> (This was all easily verifyable, if you'd prefer to look, instead
>> of rant.)
>
> That may be true in the current repositories, but it would appear not to
> have always been true.
>
> Simon.

Hi all,

Sorry for interjecting into the discussion, but I think getting
fixated on vnc, one persons upgrade path, or what constitutes a server
is seriously missing the point. Unix is inherently a multiuser
operating system, and allowing one user to change the environment
without priviledge is plain dumb. It isn't a distinction between
server and desktop, because its quite feasable for a desktop to have
multiple users (consider a family PC environment, or an office hot
desking system), nor is it an issue of console versus remote login.
There should not be a default situation where one users actions can
either break the environment (yes updates and installs can
break/change things) or introduce security concerns.

If a system has one primary user, then there is an argument that the
system should be able to grant that particular user more priviledge
easily (but granting it should initially still need postive action
from root). Some people have drawn comparisons with other console
privs that exist (shutdown etc), but most of those are justified by
pragmatism (the fact that a console user can use the power button)
rather than policy.

- Martyn