Basically, he said that, instead of asking for the root password every time the user wants to do something out of the ordinary, it’s better to define what users can do what, and let them do it. Teaching users to enter their root password all the time just sets them up to give the root password to a possibly malicious program.

This had been discussed as part of an overall framework for PolicyKit (a granular permissions system for Linux), along with a GUI for setting what users and groups can do what. What happened in Fedore 12 was the the maintainer (Richard Hughes) went ahead and made the policy change allowing for user software installation without the GUI being ready.

So now RedHat has decided to make the user enter the root password when installing software in this release. In future releases, the other PolicyKit elements will be present, thereby allowing some changes in the software installation policy.

This is actually a balanced approach, and I think this’ll actually be better for both security and user experience in future Fedora (and other Linux) distributions.

Related posts:

1. RedHat’s Fedora 12 Lets Users Install Software Without Root with PolicyKit
2. How to Serve Your WordPress Blog from the Root Directory If It’s Installed in a Subdirectory
3. Install Free Software on Mac OS/X with Darwin Ports

This sparked a melee on Slashdot, which reported on the situation, with most posters arguing vigorously for not allowing the PolicyKit changes. Basically, allowing users to install any and all packages (even if they are signed) opens up the possibility of many attacks and problems, not all of which can be foreseen, but that’s the point: The Unix philosophy has always been to give the least amount of privilege necessary to do the job. But RedHat’s Richard Hughes disagrees:

I don’t particularly care how UNIX has always worked. Looking at the use-case and the things people are trying to do this seemed the best default. Admins can trivially change the default on machines if they wish.

User dedded expressed the outrage from users:

This is not only a huge change from previous Fedora behavior, it’s contrary to every other version of Linux or Unix with which I’m familiar (and VMS, and comment #72 makes the claim for OSX). And it wasn’t announced.

Some of the early comments in this bug are disturbing in a breaks-the-trust kind of way. Comment #8 is just rude. Comments #14 and #15 try to shut the bug down without discussion. Comment #9 claims that admins can “trivially change the default”. But this “trivial” change apparently involves a new command (there’s no pklalockdown on my F11 system) with an obscure switch, or six lines of obscure configuration in an equally obscure location (five subdirectories deep!). (Why is system configuration under /var and not /etc?) And a subsequent comment claims the pklalockdown option goes away in the next polkit release.

The fact that the change wasn’t announced seems to add to the feeling of many in the community that Fedora is nothing more than a testing ground for RedHat, and RedHat doesn’t really care for a good user experience in each release of the distribution.

Read more here.

Related posts:

1. RedHat Relents on Fedora Software Installation Policy
2. How to Serve Your WordPress Blog from the Root Directory If It’s Installed in a Subdirectory
3. How to Install Google Chromium on Ubuntu