Mandriva 2008: No Gran! I do the OS updates

[ITWombat]

Sorry to strike a discordant note on Mothering Sunday. No I haven't been engaged in mortal combat with me Nan. I was just imagining the problems that could occur with Mandriva's update mechanism in certain multi-user scenarios.

I noticed the red updates-alert on the task bar and clicked it. I was expecting to be prompted for the password for the root account but no. The password box showed the user name of my low privilege account. Fine, I thought. I'll get to see a list of updates but I won't be able to apply them until I put in a root password. Imagine my surprise when I was able to click on the update button and all the updates started downloading. Within 10 minutes the system had been updated.

So what's the problem you ask? At the end of the day, I had an up-to-date and presumably more secure system. Well in this particular case there wasn't really a problem. I haven't heavily modified Mandriva in the time I have been using it so any distribution updates are unlikely break anything. I am also the main and practically only user of the Linux box in question. I will therefore know which updates have been approved and applied.

Things could be different if this was heavily customized box and in a shared use environment such as a school ICT suite. You may not want certain updates applied.
I am just surprised that Mandriva allows anybody with a valid local account to update the installed distribution. Even in Windows, an administrator either has to manually approve updates or activate automatic updates. An ordinary user can't change/activate the update mechanism on a whim.

The strange thing is though, all other system wide administration in Mandriva does require a root password. Why are distro updates so special?

[webman]

I'm not familiar with Mandriva, but perhaps it uses Sudo to grant regular users administrative rights without giving away the root password.

The file /etc/sudoers will tell you what users and groups can do what.

[ITWombat]

I'm not familiar with Mandriva, but perhaps it uses Sudo to grant regular users administrative rights without giving away the root password.

You mean like the way Ubuntu and MacOS X do things? I wondered about that but you can't do any other sys admin tasks as a normal user. You need to be root to install software but anyone else can update it.

[webman]

Yes, like Ubuntu and OSX.

It depends on the program and how it's launched I think. Eg. if the command is prepended with gksu or kdesu, then it will use Sudo and prompt for the user password (not root). It all depends on how Mandriva set things up Have you checked their FAQs and/or forums?

[Geoff]

Sudo allows fine grained control over what users can be given root equivalent access in what situations. It's entirely possible that Madriva is configured to allow users to run the update manager via sudo and nothing else (unlike Ubuntu for instance).

Examination of /etc/sudoers will reveal the exact configuration. Also consult the man page if you are unsure of the syntax of the file.

[ITWombat]

Examination of /etc/sudoers will reveal the exact configuration. Also consult the man page if you are unsure of the syntax of the file.

No real enlightenment in the Sudoers file. The only uncommented line is

Code:

root    ALL=(ALL) SETENV: ALL

This doesn't seem to have the specificity of the behavior I have observed.