Updates done by everyone
Roger Grosswiler
roger at gwch.net
Sun Dec 10 11:06:01 UTC 2006
Am Samstag, den 09.12.2006, 20:36 -0500 schrieb Matthew Miller:
> On Sat, Dec 09, 2006 at 11:12:14PM +0100, Roger Grosswiler wrote:
> > Of course, the program shouldn't be started in another way.
> > i thought about sudo, but i left it. btw. /usr/bin/pup links to the
> > consolehelper, the real app is in /usr/sbin/pup (?)
>
> consolehelper is another mechanism for providing sudo-like functionality.
> Rather than changing the app to run with sudo, what you want to do is edit
> the consolehelper config in /etc/security/console.apps/pup. 'man userhelper'
> for the variables that can be set there -- probably what you want to do is
> set "UGROUPS=wheel" in that file and then add all pup-privileged users to
> the wheel group. (gpasswd wheel -a roger).
>
Tested and approved!
Advantage:
- no sudo-entry
- still password-entry needed for update (according to the engagement of
pam?)
All i had to enter was the appropriate Group, i wanted to be able to
update theirselves. Entry: UGROUPS=groupname
This enables them, by typing their own password to update the system.
IMHO, this is not a real security-hole. Some kind of naive trusting
against the users should be. no user, no admin...of course, the question
of checksummed repos should always be answered as yes. This is the point
the make sure as a standard by admins.
Thanks
Roger
More information about the fedora-list
mailing list