[Mageia-discuss] A possible risk ?

Wolfgang Bornath molch.b at googlemail.com
Wed Feb 8 14:02:32 CET 2012


2012/2/8 Michael Scherer <misc at zarb.org>:
> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
> écrit :
>> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
>> Robinson who wrote:
>> > > I ended up installing Mageia 1 on his box, but I wonder why does the
>> > > distribution allow the user to potentially hose his system, when it
>> > > requires the root password to install a prog ?
>> > > Would it not make more sense to ask for the root password for the updates?
>>
>> > It is configurable in MCC. You can find it under Security => Configure
>> > authentication for Mageia Tools.
>> > Just select root for Update.
>>
>> Brilliant, thanks.
>>
>> But would it not make more sense to have the default changed to root ?
>
> That totally miss the point, which is that a upgrade hosed the system.
> Would requiring the root password have changed that ? I doubt.

No. What you are pointing at (the breakage of the system) is a matter
to be looked at.

But the point you are missing is the security breakage.  If a user
does not have the root password then there is a reason for that and he
is probably working in an environment where only dedicated people have
the permission to do system management and it is their task to do
updates. A private user who is on his own usually has the root
password. So your point of missing security updates because of 2
passwords is not valid.

-- 
wobo


More information about the Mageia-discuss mailing list