[CentOS] Automatic updates applying after reboot

Mon Apr 8 08:44:35 UTC 2019
Gestió Servidors <sysadmin.caos at uab.cat>


I have noticed something I consider "a bug". Running a CentOS-7-x86_64 with kernel 3.10.0-327.13.1 and Gnome 3.14.x, my systems detects some available updates, notifies me at top bar and, if I close session, Gnome ask me if I want to apply these "pending" updates and, then, execute "shutdown" or "restart".
My questions/problems are two:

  *   this automatic updates check runs in both root session and not a root session, so if a "normal" user login, that user could logout and APPLY updates (system reboots and, during boot, updates system). I consider these situation VERY DANGEROUS, because a normal user should not be able to apply updates
  *   what daemon controls automatic updates? pakagekit? What RPM? gnome-packagekit-updater?

I NEED to disable this feature. By the moment, the only solution I have found is disablinig packagekit daemon (systemctl disable packagekit) and remove RPM "gnome-packagekit-updater".