Feature changed by: Karl Cheng (qantas94heavy) Feature #322201, revision 2 - Title: deny updates through nonroot user + Title: Add option to disable updates by non-root users - openSUSE Distribution: Unconfirmed + openSUSE Distribution: Evaluation by engineering manager Priority Requester: Important Requested by: Nick Levinson (nicklevinson) Partner organization: openSUSE.org Description: An account meant for use by guests should not allow updates to be applied to the whole operating system and other applications, some of which may be intentionally invisible to nonroot users but are exposed to them by the update information. Which user accounts have the authority to update all of the software should be by options set in advance by root, and probably preset by defaults. I previously asked about this at the Bugzilla (https://bugzilla.opensuse.org/show_bug.cgi?id=1012283), where I was referred to here, and in a support forum (https://forums.opensuse.org/showthread.php/520485-deny-amp-hide-updates-thro...), where a suggestion was a CLI non-GUI method, which I started to try, but which is apparently seriously complex and not exactly clear. I will likely make the setting only once; I don't run a complex network with many changes. Thus, this should be in a GUI. Two options for each nonroot user account, set only by root, would be helpful: * Allow updates from the current (nonroot) user account. * Allow notification of available updates in the current (nonroot) user account, although availability may be limited to another user. The defaults should be to deny both options for every nonroot user. Of course, in root, both options would always be allowed unless the OS is being run from read-only media. -- openSUSE Feature: https://features.opensuse.org/322201