Updates done by everyone

Roger Grosswiler roger at gwch.net
Sat Dec 9 22:12:14 UTC 2006


Am Samstag, den 09.12.2006, 10:01 -0600 schrieb Mikkel L. Ellertson:
> Roger Grosswiler wrote:
> > i just asked myself, why a normal user shouldn't be able to run pup by
> > itself without root permission.
> > 
> > I think, this could be an issue to configure in the future.
> > 
> > Meanwhile, i entered a group as sudoers. In the shell, everybody on this
> > machine is now able to run pup. 
> > 
> > I changed pup.desktop in /usr/share/applications 
> > 
> > to Exec = sudo /usr/bin/pup
> > 
> > ..it seems, gnome does not like this kind of entry ;) because i couldnt
> > then launch it from gnome no longer.
> > 
> > does anybody know, how i could handle this without a  shellscript in
> > between?
> > 
> > Thanks,
> > Roger
> > 
> As others have said, your basic idea is a security risk. You should
> really re-think your idea.
> 
> Having said that, the problem you are probably running into is that
> sudo is probably trying to ask you for your password. Because it is
> not running in a terminal, it has no way to do it. (You can check
> this by running "sudo /usr/bin/pup" in a terminal.) You may be able
> to get around this by using the NOPASSWD option in sudo.conf or by
> running the command in a terminal. (This is an option when in menu
> edit.)
> 
> Mikkel

Hey Mikkel,

Thanks for your reply, even the others for their input. Just to repeat:

All i would like, is that if the notify from linux comes with "xxx
updates available" that the user can click "ok" to launch them itself.

Of course, the program shouldn't be started in another way. 

i thought about sudo, but i left it. btw. /usr/bin/pup links to the
consolehelper, the real app is in /usr/sbin/pup (?)

even yum-updateonboot will update the system while booting up. why isnt
there an option like yum-updateonupdateavailable? Since yum-updatesd,
fedoara has imho a very good offer for very quick getting the system
actual.

i am not looking for sophistical solutions, they should - as said by
others - secure, but also be handleable for persons, which possess not
your know. how or the root password ;D (so never send your admin to
holidays-yeeehaaaaaaaaaa)

Roger






More information about the fedora-list mailing list