Fedora 12 allows any user to install applications without asking for a password. The change in Fedora 12 has caused consternation amongst Fedora users (see their complaints, here). The change is part of PolicyKit's policy for desktop users and was made to make the system easier for desktop users. Easier how? Here's what a Reddit user has to say about this:
This is about the dumbest commit in a mainstream linux distro that I've seen in the last 10 years. What's worse, is people don't even get what the big deal is. Even WINDOWS knows not to do this now. Before UAC, it at least had "Administrator" accounts in XP home. Congratulations, you are now on par with Windows 98.
or:
you are now vulnerable to local root exploits not only in packages you installed, but also in packages you chose not to install.
For users who wish to return to the policy of always prompting for a root or administrator password, the command:
sourcepklalockdown --lockdown org.freedesktop.packagekit.package-installRead more about this change, HERE.
Update: Paul W. Frields, the Fedora Project Leader and chairman of the Fedora Project Board has made some clarifications:
- The PackageKit installer as shipped in the original release only allows users at the local console to install software without a root password.
- The PackageKit maintainers have changed the defaults in an update to be issued shortly
See his comment below.
