On Tuesday 12 October 2010 01:49:27 pm Anton Aylward wrote:
Steven L Hess said the following on 10/12/2010 07:25 PM:
On 10/12/2010 03:48 PM, Christoph Bartoschek wrote:
Am 13.10.2010 00:37, schrieb Carlos E. R.:
I think it is better to just change the daemon permissions; I have done that, but it's early to know if it works, but we'll see.
I do not want to give any user the permission to install packages.
This can easily disrupt the work of other users.
Christoph
How is anyone going to install anything without root permission?
Obviously not.
The question you _SHOULD_ be asking is how to restrict access to root, yet grant it in limited circumstances.
Which is what SUDO and PAM are about. See pam_sepermit(8) pam_wheel(8) pam_listfile(8)
Oh, and the concept of the "wheel group".
Oh, and judicious use of group permission and setuid :-)
-- APL is a mistake, carried through to perfection. It is the language of the future for the programming techniques of the past: it creates a new generation of coding bums. -- Edsger W. Dijkstra, SIGPLAN Notices, Volume 17, Number 5
Forest... trees...forest...trees... this is getting off track. of course, only root should be by default allowed to update. The issue is control of *automatic* updates. ideally, root should be able to fully control that, to the point of allowing even a regular user to do one. can't there be a *simple* and easily verified method for that? d. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org