[packagekit] locking out password
madcat at mymadcat.com
Tue Mar 24 03:06:25 PDT 2009
Le 24/03/2009 09:32, Richard Hughes a écrit :
> On Mon, 2009-03-23 at 23:53 +0100, Adrien BUSTANY wrote:
>> Yes, Daniel is right, rights in PackageKit are managed by PolicyKit,
>> and the granularity is action wise, not package wise. Depending on
>> your backend, there might be a way to pin the packages on the backend
> I think in your situation you need to change the default authorisations
> for your kid to have deny remove, deny install unsigned (unsigned
> packaged) and allow install signed. The others are up to you.
> Also, Daniel is very correct in saying that if he has access to the
> physical machine, then it's trivial to set grub into runlevel 1 and then
> pwn the machine. Or even use a live CD and boot from cdrom. You probably
> want to lock down grub and the bios at a minimum.
> PackageKit mailing list
> PackageKit at lists.freedesktop.org
But then if an 8 year old kid is able to but in single user to remove
iptables, I think his education should be put into question :D
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the PackageKit