Fedora 12 Lets Users Install Signed Packages, Sans Root Privileges

[+Frank B. Subscriber²]

Fedora 12 Lets Users Install Signed Packages, Sans Root Privileges

The new default policy for Fedora 12 allows local, unprivileged users to install signed packages without root access. This change apparently went mostly unnoticed until after the Fedora 12 GA release, at which point it sparked a mailing list thread that is, as of this writing, over 100 posts long.

News source: Slashdot

Link: Bugzilla entry for the feature (bug?)

Link: Fedora Mailing List Thread

Making this the default setting without even mentioning it in the Fedora 12 release notes was a really bad idea in my opinion. From a system administrator's point of view at least users being able to install packages == bad idea.

[markwolfe Veteran]

I don't agree with this change. I like my default users unprivileged.

I suppose this makes things easier for home users, but more difficult to administer in a true multi-user environment.

[fhpuqrgrpgvirzhpujbj]

I don't agree with this change. I like my default users unprivileged.

I suppose this makes things easier for home users, but more difficult to administer in a true multi-user environment.

I don't use Linux, but if its anything like Windows with account management couldn't you change this pretty easily?

[markwolfe Veteran]

Yes, but the default ought to be set up in a more secure way - where users cannot install applications.

[+Frank B. Subscriber²]

I don't use Linux, but if its anything like Windows with account management couldn't you change this pretty easily?

You can change the setting, sure. The problem most people have with it is that the Fedora Project decided to make it the default setting when it should be an opt-in setting.

[ichi]

Also this is a new default setting that you surely wouldn't want to go unnoticed :huh: it might be kinda ok-ish for home, single user computers, but everywhere else it's like asking for trouble.

[CelticWhisper]

Hopefully they'll realize this and include an option at install time to configure it this way or leave it secure. Maybe alongside the SELinux setup options?

[Eice]

Yes, but the default ought to be set up in a more secure way - where users cannot install applications.

Define "install". It's pretty much possible to "install" any software that doesn't require admin permissions to run.

[ichi]

Define "install". It's pretty much possible to "install" any software that doesn't require admin permissions to run.

I think being able to "install" stuff in your home directory is more of a sensible default than this.

[Growled Member]

I don't agree with this at all.

[markwolfe Veteran]

Define "install". It's pretty much possible to "install" any software that doesn't require admin permissions to run.

Anything that is system in scope, or pan-user would be "install".

yum install celestia should fail to install unless you are an admin, or have been explicitly given install privileges by an admin.

No one is stopping a user from putting executables in his/her own home and running them. Worst case is they trash their own home directory. No big deal.

[+Frank B. Subscriber²]

Good news: The Fedora Project is going to release an update soon which reverts the change.

[Lord Ba'al]

Good news: The Fedora Project is going to release an update soon which reverts the change.

Good thing, it was a really stupid idea in the first place :pinch: