Wolfgang Bornath a écrit :
2012/2/8 Sander Lepik<[email protected]>:
08.02.2012 13:47, Renaud (Ron) Olgiati kirjutas:
Brilliant, thanks.
But would it not make more sense to have the default changed to root ?
Updates shouldn't break system and so i think they should be enabled for
normal users. Upgrades is something else and should be disabled for normal
users. You can report bug about this problem.
Last November I setup my normal Mageia system to auto-boot into xguest
so visitors at the Mageia stand at an exhibition can try out Mageia. I
was surpised and shocked when I watched the update icon light up and
the visitor could perform this update as xguest! This IS a risk no
matter whether an update breaks a system or not. After I saw this the
first thing I did was su into root and change the permission setting
for updates.
This is one thing where security was broken for ease of use.
I would say that a good way to solve that is to not permit updates from
an account that doesn't require a password, such as is the case (usually
if not always) with xguest.
So defaults being
1) release upgrades requiring root password.
2) package updates requiring user password.
3) if current account requires not password, no update.
Wouldn't that satisfy security concerns ?
--
André
