-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2010-10-24 at 22:54 +0200, Marcus Meissner wrote:
On Thu, Oct 14, 2010 at 12:58:13PM +0200, Carlos E. R. wrote:
-rwxr--r-- 1 root root 287448 Apr 23 02:38 /usr/sbin/packagekitd*
But it is still running, and as the root user.
Well, it is started as "root", so you need to remove its root access permissions if you never want to run packagekit at all.
I'm logged as user, so if it runs as root it means that another process which is running as root (not me), or SUID, is calling it.
You say that the control is this:
# package kit # org.freedesktop.packagekit.package-install auth_admin_keep_always org.freedesktop.packagekit.package-install-untrusted auth_admin org.freedesktop.packagekit.system-trust-signing-key auth_admin org.freedesktop.packagekit.package-eula-accept auth_admin_keep_always:auth_admin_keep_always:yes org.freedesktop.packagekit.package-remove auth_admin_keep_always org.freedesktop.packagekit.system-update auth_admin_keep_always org.freedesktop.packagekit.system-rollback auth_admin_keep_always org.freedesktop.packagekit.system-sources-configure auth_admin_keep_always org.freedesktop.packagekit.system-sources-refresh auth_admin_keep_always:auth_admin_keep_always:yes org.freedesktop.packagekit.system-network-proxy-configure auth_admin_keep_always org.freedesktop.packagekit.cancel-foreign auth_admin:auth_admin:auth_admin_keep #
How does this work? The names look arbitrary to me, no guessing what they do, no guessing what names are available. I don't see there how to deny a user to run the daemon and learn there are updates.
That's chinese to me.
auth_admin will ask for admin privileges. auth_admin_keep_always will keep it after you have netered them once.
I see.
Having all lines with "no" at the end will probably disable them, like: org.freedesktop.packagekit.package-install no
But which is the process that searches for updates in the first place? That's the one that should not run, that's the one we need to remove - and I don't see it there. This is a process that never asks for permissions. It runs and tells the users that there are updates. Only the user that also is the admin should be informed. An example. I log as me normal user in Gnome. After a while, I'm automatically informed that there are some updates, and I choose to not install for the moment (close window). Then I choose to also log in on another graphical user, another user, in gnome or kde. And this user is also informed that there are updates! This is absurd. In this case it is the same person, but it could be guest, a child, an employee... whoever. Only those users that do maintenance of the machine should have the applet running that checks for updates, and there is no known method to control this. I tried using permissions on packagekid, but no success. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkzEuJsACgkQtTMYHG2NR9WYDgCdEcOU+Sndfx/L34jqs+J2YlgL GWwAnRGxlhZnArwGCB+hxDubG4Pfo5kV =c86z -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org