On Wed, Feb 8, 2012 at 11:01 AM, Wolfgang Bornath <[email protected]> wrote: > 2012/2/8 Anne Wilson <[email protected]>: >> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote: >>> Yes, I have seen postings like "why do I have to use passwords" and >>> "why can I not log in KDE as root" more than once. Are these people >>> our target group? If so than - have fun! What strikes me is that you >>> of all people are advocating a loosening of security with no real >>> reason. >> >> I do not want to have to give the root password to members of my family that >> are, frankly, clueless on tech-matters. At the same time, I do want them to >> apply at least security updates. Being able to accept updates from a trusted >> source (direct from Mageia) with only their user password is the safest their >> systems can have. > > I understand the reasons. But you know as well as everybody else that > sometimes updates do not work as easy as they should. It could be > caused by a faulty mirror or by a glitch in a package (which should > not happen but "should not happen" implies "can happen") or whatever > other reason. Then your family members will wait for you anyway (in > the best case) without knowing what happened - while they could have > been happily working or entertaining themselves until you come and do > the updates. > > Apart from the understandable quest to make it easy on the unwashed > masses - it is still a security break - see what I have written about > the ability of xguest to do updates (while xguest was invented to > leave the system without garbage or damage at the end of his/her > session). > > -- > wobo
A bad update will break your system no matter if you are root or not. I think normal users should be able to install updates unless you say so in the MCC, but I agree that the xguest user should not be able to do so. That, imho, is a bug and should be solved. -- Diego Bello Carreño
