[Mageia-discuss] A possible risk ?

Diego Bello dbello at gmail.com
Wed Feb 8 19:08:55 CET 2012


On Wed, Feb 8, 2012 at 11:39 AM, Wolfgang Bornath
<molch.b at googlemail.com> wrote:
> 2012/2/8 Diego Bello <dbello at gmail.com>:
>> On Wed, Feb 8, 2012 at 11:01 AM, Wolfgang Bornath
>> <molch.b at googlemail.com> wrote:
>>> 2012/2/8 Anne Wilson <annew at kde.org>:
>>>> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote:
>>>>> Yes, I have seen postings like "why do I have to use passwords" and
>>>>> "why can I not log in KDE as root" more than once. Are these people
>>>>> our target group? If so than - have fun! What strikes me is that you
>>>>> of all people are advocating a loosening of security with no real
>>>>> reason.
>>>>
>>>> I do not want to have to give the root password to members of my family that
>>>> are, frankly, clueless on tech-matters.  At the same time, I do want them to
>>>> apply at least security updates.  Being able to accept updates from a trusted
>>>> source (direct from Mageia) with only their user password is the safest their
>>>> systems can have.
>>>
>>> I understand the reasons. But you know as well as everybody else that
>>> sometimes updates do not work as easy as they should. It could be
>>> caused by a faulty mirror or by a glitch in a package (which should
>>> not happen but "should not happen" implies "can happen") or whatever
>>> other reason. Then your family members will wait for you anyway (in
>>> the best case) without knowing what happened - while they could have
>>> been happily working or entertaining themselves until you come and do
>>> the updates.
>>>
>>> Apart from the understandable quest to make it easy on the unwashed
>>> masses - it is still a security break - see what I have written about
>>> the ability of xguest to do updates (while xguest was invented to
>>> leave the system without garbage or damage at the end of his/her
>>> session).
>>>
>>> --
>>> wobo
>>
>> A bad update will break your system no matter if you are root or not.
>
> That's actually a point in favor of the need for the root password -
> if the system breaks: the user can not do anything at all - instead he
> will have to go for a walk until root comes to fix the problem. So why
> do you insist on letting poor user take that risk by default?
>
> --
> wobo

Because a simple update should not break the system. They should work
all the time, just like printers or the Internet connection :p.

Now, seriously talking, I have installed updates with my user all the
time and never had a problem. This case is an exception and I don't
thing of it as a bug, except for the feature that it can be done by a
guest user.



-- 
Diego Bello Carreño


More information about the Mageia-discuss mailing list