Updates done by everyone

Roger Grosswiler roger at gwch.net
Sat Dec 9 21:30:01 UTC 2006 

Am Samstag, den 09.12.2006, 09:45 -0500 schrieb jim tate:
> Roger Grosswiler wrote:
> > i just asked myself, why a normal user shouldn't be able to run pup by
> > itself without root permission.
> >
> > I think, this could be an issue to configure in the future.
> >
> > Meanwhile, i entered a group as sudoers. In the shell, everybody on this
> > machine is now able to run pup. 
> >
> > I changed pup.desktop in /usr/share/applications 
> >
> > to Exec = sudo /usr/bin/pup
> >
> > ..it seems, gnome does not like this kind of entry ;) because i couldnt
> > then launch it from gnome no longer.
> >
> > does anybody know, how i could handle this without a  shellscript in
> > between?
> >
> > Thanks,
> > Roger
> >
> >   
> So you want Linux to have a security blanket like $Windows , so it will 
> make your life easier.
> BOY!! some of these ex $Windows users.
> 
> Jim
> 
> 
Erm, i was posting a question and get this answer? nice, nice, but is
there also a productive idea on my question? So, i see

1) an annoying flame again which is completely unnecessary, basing on
assumptions.

2) a question of usability

3) a question of security

4) a question of philosophy

i will not discuss point 1) or 4) each approach has its
advantages/disatvantages. you will leave even a insecure system if you
leave buggy apps unupdated. but this is point 4)

I agree it is a hole. But just to finalize my idea:

If the puplet says "xx security updates" i just want, that a normal user
can say "update now" - thats all!

what is against this? Even, it is helpful for security. Many admins
won't walk to 10 workstations for long time, so they a) commit the
password (...no discussion...) or resolve it via sudo :NOPASSWD or in
another, efficient way.

Thats the way i search too.

btw. how can you make sure even as admin, you get "proper" updates? If
you just allow updates and nothing else, the user will do your work for
lesser money in the same security-context, or am i false? 

So, if anybody feels free to discuss this issue in a friendly and
productive manner, you are welcome.

Roger

More information about the fedora-list mailing list