Bug 221990

Summary: ZMD - Can identify that there are new updates without adding a priveledged user as it requests
Product: [openSUSE] SUSE Linux 10.1 Reporter: Scott Couston <scott>
Component: ZenworksAssignee: E-mail List <zlm-code10-bugs>
Status: RESOLVED FIXED QA Contact: Jawaad Tariq <jtariq>
Severity: Normal    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: i386   
OS: SuSE Linux 10.1   
Whiteboard:
Found By: Customer Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Scott Couston 2006-11-17 05:40:37 UTC 
ZMD updater can identify when there are new updates on a cron (time) initiated event without adding a privileged user as it requests. The only advantage to granting it a root user authority seems to be its ability to check for updates on demand by clicking on refresh.

The requirements for ZMD to have escalated privileges seems unclear. It seems it only requires root authority to add/delete software and check for updates on demand.

The request that ZMD makes for root authority seems to be one of an optional requirement where the admin desires the user to add/delete software.

I feel as most admins do not desire a user to have that authority to add/delete software so the request for root authority should be optional and the requirements and advantages made clear to the setup of ZMD and at time of root authority request.
Comment 1 Scott Couston 2007-01-31 03:19:12 UTC 
With ZMD in 10.2 once given root authority it performs a system patch update very soothly - so in short ZMD function as designed in 10.2 so I am happy to close this bug - However, permanently providing an application that is capable of deleting the entire installation is not an acceptable internal risk in 10.1 and 10.2. Is there an advantage in creating another authority user other than root for ZMD to operate. I feel unsettled ANY application having permenent root authority