On Fri, January 23, 2015 5:37 am, Scott Robbins wrote: > On Thu, Jan 22, 2015 at 09:30:03PM -0600, Valeri Galtsev wrote: >> >> On Thu, January 22, 2015 9:05 pm, Always Learning wrote: >> > >> > On Thu, 2015-01-22 at 21:19 -0500, Bill Maltby (C4B) wrote: >> > >> >> I object to this sort of crap. Hidden, no reason for an *IX desktop >> to >> >> be forced to ignore or deal with this crap. >> >> >> >> >> >> https://www.dropbox.com/s/b2p2ki7t2rwi5ot/FreeDeskTop_Org_Orwell_1984.png?dl=0 >> >> >> > >> > What is going-on ? It really looks Windozed ! Looking at it makes me >> > feel ill. >> > >> Just out of curiosity: how do you guys look at it? This asks me for >> password... In general it is good idea to place something into open URL > > > Originally, packagekit, which is a GUI package manager, wanted to allow > all > users to install anything without a password. When a bug report was > filed, > the developer mentioned that they didn't care how Unix had done things in > the past. This made the front page of slashdot, to almost universal > derision, and RH changed it. In Fedora, I believe it still allows any user > to update an installed signed package without asking for authentication. > > They tried to do that in RH as well, but a bug report was filed, and it > was > changed. > > In my less than humble opinion, this is how it should be. A > non-privileged > user should not be allowed to make changes to the system. > I would second that (or third, or hundredth...). I hate Adobe for putting SUID-ed "plugin-config", thus enabling regular user write where only root can. This crap triggers my system integrity alarms. I always have to remove SUID bit then set immutable bit so the crap doesn't resurrect with their update. In the same list of bad guys comes google with its chrome browser, that drops in daily cron job. Which I have to remove and put placeholder (with immutable bit set), so it doesn't resurrect... Other people have their too lists I bet. As a matter of fact I tend to not use GUI admin tools since long ago. Even on machines I sit in front of as a regular user. I prefer to grab root shell for that. This is, BTW why I prefer plain ASCII text human readable config files, and hate the move towards GUI only based administration. One single case is different for me: I do prefer 3ware web RAID admin interface anything else (it more transparently prevents me from making fatal blunders - probably just me). And yes, disabling root user and having sudo instead is on my evil list too: yet another SUID-ed binary, and potential holes due to some garbage in config file... BTW, su (with the same password for root as regular user has), and attempt to use sudo are the fist two things bad guys try when they log in with stolen password of regular user (after a compromise of machine elsewhere). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
