On 08/02/12 14:57, nicolas vigier wrote:
On Wed, 08 Feb 2012, Michael Scherer wrote:
Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
écrit :
On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
Robinson who wrote:
I ended up installing Mageia 1 on his box, but I wonder why does the
distribution allow the user to potentially hose his system, when it
requires the root password to install a prog ?
Would it not make more sense to ask for the root password for the updates?
It is configurable in MCC. You can find it under Security => Configure
authentication for Mageia Tools.
Just select root for Update.
Brilliant, thanks.
But would it not make more sense to have the default changed to root ?
That totally miss the point, which is that a upgrade hosed the system.
Would requiring the root password have changed that ? I doubt.
However, if the user cannot do upgrade without asking to someone else
( because that's the whole point of having 2 different passwords, else,
that's just a nuisance that will confuse most people ), then he will
likely miss security and bugfixes updates, and that's problematic.
It's not clear if we are talking about installing updates only, or
upgrading to a new version of the distribution. Installing updates is
supposed to be safe and can be allowed by default with user password.
But upgrading to a new distribution is more dangerous and should
probably only be allowed with root password.
It should probably be some comfort that we do actually have a root account.
If this were Ubuntu then it would require a bit more effort to lock down
than a choice in MCC :)
