Fedora 12 allows installing without root privilege

[bigtomrodney]

It seems there's a bit of a storm going on over at the Red Hat/Fedora mailing lists:

https://bugzilla.redhat.com/show_bug.cgi?id=534047

It seems that by default in Fedora 12 any user can now install packages from repositories. The only time authentication is requested is if the packages aren't signed. Personally on my systems the /home and /tmp partitions are mounted noexec and only users I want installing things get privilege to do so. It seems this can be relatively easily reversed and I do think it's nice that policykit allows this type of permission to be granted, but I'm not so sure about by default allowing it.

What do you guys think?

[reed9]

You know, if it's only signed packages from official repositories, I'm ok with it. (I didn't read the link yet, but it sounds like that's the case?)

Fedora is aiming at a general desktop market. The mythical "average user" that everyone so fervently strives to please. And if the space they're looking to fill is mostly comprised of single user boxes or maybe a household general purpose computer, then I don't see it as too big a deal.

Although....hmm. Maybe I should have voted 'I don't know'. The all users thing does get me a little.

[MikeTbob]

I voted no.
Unless it's a one person system, allowing everyone to install programs is asking for trouble. Just my opinion.

[darkrose0510]

words can not explain the stupidity of this.

[techieMoe]

I noticed this while working on the rant. Definitely a bad idea.

[reed9]

words can not explain the stupidity of this.

If we can't articulate our reasons, how do we know it's actually stupid? Gut feelings, or simply because of precedent or that it isn't the Unix way aren't good arguments, or in fact arguments at all. If we can't specifically list the pros and cons, how can we come to a rational conclusion?

Reading over the thread, it seems to me the bigger problem was communicating the change to the users, and not having a clear way to alter the default behavior.

[bigtomrodney]

There are a couple of reasons I have problems with it. The main reason though is that Unix/Linux has its greatest strength in seperating users and the system by default. Sure you can always grant access, but know you start by revoking it. Any user can make a system-wide change.

What's to stop an otherwise unprivileged user just installing package after package until the partition is full?

More generally speaking, I can see where this would be useful. I just don't think it's something that should be turned on by default. Even Windows finally stopped allowing this in Vista because it is a bad idea.

[Charles4809]

I'm a single user, but I often leave my computer unattended for an hour so. In that time anybody could ruin the way I have set up my machine, installing and uninstalling every peace of software that I don't want to have or don't want to miss. That's not a good idea by me.

Apart from that, I thougt the main reason to have these different privileges was to make it harder for malware to come on your machine. By quitting this strategie they leave a (little?) door open.

Charles

[reed9]

I'm a single user, but I often leave my computer
unattended for an hour so. In that time anybody could ruin the way I have set up my machine, installing and uninstalling every peace of software that I don't want to have or don't want to miss. That's not a good idea by me.

Anyone with physical access to your machine can already do a good deal of harm. And this doesn't extend to uninstalling software.

Apart from that, I thougt the main reason to have these different privileges was to make it harder for malware to come on your machine. By quitting this strategie they leave a (little?) door open.

It only allows installing signed packages. Presumably, that does mean from 3rd party repos too, however, so package conflicts could be an issue.

It seems to me again, the issue is whether this should be default behavior. Which sort of hinges on who exactly Fedora's target audience is. I've been reading a couple of different threads on this, and my opinion right now is, defaulting to all users is a bad idea, but as an option to turn on, or better, instead of blanket all users, make it a per user option to turn on.

[techieMoe]

It seems to me again, the issue is whether this should be default behavior. Which sort of hinges on who exactly Fedora's target audience is. I've been reading a couple of different threads on this, and my opinion right now is, defaulting to all users is a bad idea, but as an option to turn on, or better, instead of blanket all users, make it a per user option to turn on.

Yeah, I can see how this would be a convenience for home users, but turning on for everyone (including those who might not be in such a secure or permissive environment) isn't a good idea.