Require password for rpm-ostree and other system changing actions
I just did a fresh install of the steam deck version of Bazzite.
I noticed when I tried to layer an application with rpm-ostree without using sudo, it just worked and never asked for a password.
It layered the program successfully without any kind of security check.
I'd like to lock the system down a bit more than that. How do I go about making Bazzite require the sudo password for these kinds of changes? (For example also flatpak installs and such)
11 Replies
I never could resolve this, so I switched to a different distro for the time being.
IIRC then flatpak and rpm-ostree leverage polkit to allow users of the wheel group to perform actions that would otherwise require root to be executed (write to /var for flatpak)
Thanks for taking a look. This thread can be closed for now though, I'll look into it again the next time I'm on Bazzite. For now I'm on cachyos handheld which does require passwords by default.
xkcd: Authorization
Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few minutes of inactivity it automatically switches to my brother's.
Fair point. I'm just extra cautious right now because I've had two instances of malware running in my wine/proton this last month. (Even though all I used the system for was steam and youtube and discord, no piracy, no mods or anything)
I feel like something you're doing might be wrong, but as a precaution, you can try running game though flatpak lutris, and limit the permissions game have through flatseal
I don't really run any non steam games, but I suppose I could do the same with flatseal and the flatpak version of steam. Thanks for the tip
How are you getting virus in the first place?
It's extremely hard to get virus from steam
I was playing some older games. It might also have been the big unity vulnerability since I played some games that don't have patches for that yet. I just noticed that after a cold boot, when I launched steam 5 rundll32.exe would spawn and connect to the internet. Even if there were no updates / downloads going on. I checked on my laptop to verify this wasn't normal steam behavior and reimaged both devices just to be safe.
Wdym by 5 rundll32.exe
What dll is it running
No idea i just saw the processes pop up in top and nethogs, which seemed really sus to be happening on a Linux system