Mailinglist Archive: opensuse (946 mails)
| < Previous | Next > |
Re: [opensuse] Disabling updater applet
- From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
- Date: Mon, 25 Oct 2010 00:51:57 +0200 (CEST)
- Message-id: <alpine.LNX.2.00.1010250018020.5974@xxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday, 2010-10-24 at 22:54 +0200, Marcus Meissner wrote:
I'm logged as user, so if it runs as root it means that another process which is running as root (not me), or SUID, is calling it.
I see.
But which is the process that searches for updates in the first place? That's the one that should not run, that's the one we need to remove - and I don't see it there. This is a process that never asks for permissions. It runs and tells the users that there are updates.
Only the user that also is the admin should be informed.
An example.
I log as me normal user in Gnome. After a while, I'm automatically informed that there are some updates, and I choose to not install for the moment (close window).
Then I choose to also log in on another graphical user, another user, in gnome or kde. And this user is also informed that there are updates!
This is absurd.
In this case it is the same person, but it could be guest, a child, an employee... whoever.
Only those users that do maintenance of the machine should have the applet running that checks for updates, and there is no known method to control this. I tried using permissions on packagekid, but no success.
- -- Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
iEYEARECAAYFAkzEuJsACgkQtTMYHG2NR9WYDgCdEcOU+Sndfx/L34jqs+J2YlgL
GWwAnRGxlhZnArwGCB+hxDubG4Pfo5kV
=c86z
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Hash: SHA1
On Sunday, 2010-10-24 at 22:54 +0200, Marcus Meissner wrote:
On Thu, Oct 14, 2010 at 12:58:13PM +0200, Carlos E. R. wrote:
-rwxr--r-- 1 root root 287448 Apr 23 02:38 /usr/sbin/packagekitd*
But it is still running, and as the root user.
Well, it is started as "root", so you need to remove its root access permissions
if you never want to run packagekit at all.
I'm logged as user, so if it runs as root it means that another process which is running as root (not me), or SUID, is calling it.
You say that the control is this:
# package kit
#
org.freedesktop.packagekit.package-install
auth_admin_keep_always
org.freedesktop.packagekit.package-install-untrusted auth_admin
org.freedesktop.packagekit.system-trust-signing-key auth_admin
org.freedesktop.packagekit.package-eula-accept
auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.packagekit.package-remove
auth_admin_keep_always
org.freedesktop.packagekit.system-update
auth_admin_keep_always
org.freedesktop.packagekit.system-rollback
auth_admin_keep_always
org.freedesktop.packagekit.system-sources-configure
auth_admin_keep_always
org.freedesktop.packagekit.system-sources-refresh
auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.packagekit.system-network-proxy-configure
auth_admin_keep_always
org.freedesktop.packagekit.cancel-foreign
auth_admin:auth_admin:auth_admin_keep
#
How does this work? The names look arbitrary to me, no guessing what they
do, no guessing what names are available. I don't see there how to deny a
user to run the daemon and learn there are updates.
That's chinese to me.
auth_admin will ask for admin privileges. auth_admin_keep_always will keep it
after you have netered them once.
I see.
Having all lines with "no" at the end will probably disable them, like:
org.freedesktop.packagekit.package-install no
But which is the process that searches for updates in the first place? That's the one that should not run, that's the one we need to remove - and I don't see it there. This is a process that never asks for permissions. It runs and tells the users that there are updates.
Only the user that also is the admin should be informed.
An example.
I log as me normal user in Gnome. After a while, I'm automatically informed that there are some updates, and I choose to not install for the moment (close window).
Then I choose to also log in on another graphical user, another user, in gnome or kde. And this user is also informed that there are updates!
This is absurd.
In this case it is the same person, but it could be guest, a child, an employee... whoever.
Only those users that do maintenance of the machine should have the applet running that checks for updates, and there is no known method to control this. I tried using permissions on packagekid, but no success.
- -- Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
iEYEARECAAYFAkzEuJsACgkQtTMYHG2NR9WYDgCdEcOU+Sndfx/L34jqs+J2YlgL
GWwAnRGxlhZnArwGCB+hxDubG4Pfo5kV
=c86z
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |