Right click on applet, configure applet, you can disable it there.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AFAIK, that does not work for all users and all desktops. All of them
would have to do the change themselves.


I would think of changing the ownership of the daemon:

- -rwxr-xr-x 1 root root 287448 2010-04-23 02:38 /usr/sbin/packagekitd*

Remove the allow execute for all, perhaps.

- --
Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAky0jlkACgkQtTMYHG2NR9XuYACeLrwH68vvMdXogIuNe2QIoYsL
g/MAoImr39JrF+cM5mzBhlZb5oxeXTKm
=iF4r
-----END PGP SIGNATURE-----

Generally, review the Autostart spec:

http://standards.freedesktop.org/autostart-spec/autostart-spec-latest.html

Identify the applet's autostart desktop file (rpm -ql the applet's package)
and hide it.


In concrete steps, for the KDE update applet:

Add Hidden=true to

/etc/xdg/autostart/kupdateapplet-autostart.desktop

HTH

Will

Will,
not trying to start a war or anything, but, this is a typical little crappy
issue that aggravates too many of us with ...ok, i will say it...kde4, if
kde4 is the cause, or with the new versions of shtuff in general, if kde4 is
not the cause.

WHY is something as basic as this so contorted and so difficult to accomplish?
And, the really maddening shtuff, WHY is the apparent straightforward process
still allowed to proceed without error messages, thus giving one the false
security that the task has actually been accomplished?
at the absolute very minimum, let the default be such that only if one changes
it and then tries to change it back the issue arises.
sometimes even when things are not right, simple common sense can still avoid
problems.
all,
please do *not* build on this another kde4 basher thread. all i tried to do is
point something that is too general for a bug report, yet it needs fixing
asap.
d.

Well first, I think there are two problems here.

One is lack of documentation.

Two is the installation of tools like this by default on accounts that can't
use them.

I don't think this second bit is entirely a KDE4 issue.

But consider that Opensuse (and kde in general) has no way of knowing which users
are to be eligible to use these tools, and at what level (Notify only, silent install,
or download but don't install). There is no why to know in advance which users
have roots password tucked away in their head.

The vast majority of linux installs have exactly ONE user anyway.

Ubuntu assumes the first user account should be added to the sudoers list to
manage the machine. (This can be over-ridden, and many argue that the assumption
is a trap for the unwary, but there it is anyway).

Unless or Until OpenSuse embraces sudo as the normal way of doing system
tasks and integrates this into the normal installation and requires that
each new user added to the system is explicitly added to the sudo list, there
doesn't seem to be an easy way out.

In the absence of consistent use of the sudo, and sudoers, there is no way
for KDE to know which users should or should not be allowed to run
updater or file manager super user mode, or konsole super users mode.

So I don't think you can blame KDE entirely when it has no method of
determining which passwords a user might hold.

You might want to suggest a multi-user install option with some mechanism
for KDE to hook into when start up options and menus are constructed.
Perhaps management of this type of install could be better integrated
into yast.

Thanks for the information.

It seems as if Packagekit is responsible for the messages. Would it be
sufficient and recommended to deinstall all packages related to Packagekit?

Christoph

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That's a general problem.
Yes.
No, it is not. Gnome has the same problem.
It is very simple, in fact: just list them in a file. A variable in a file
in /etc/sysconfig/updatenotifier.
No, I disagree. I hope openSUSE never embraces sudo as the normal way of
doing things. And it is not needed for this at all.

There are several methods. One, is change the permissions of the applet or
the underlying daemon, so that a normal user, unless he belongs to a
certain group, can not run it. Another is listing in a file which users
can use some special tools.

- --
Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAky04CIACgkQtTMYHG2NR9V59gCeJp1wwSs100ngef6sw/KZSsmO
y8gAni1Km59GfqDKF7ziNZuOS6pJiS3v
=QIYh
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That would be:

rpm --erase PackageKit libpackagekit-glib12 kupdateapplet-packagekit gnome-packagekit kupdateapplet


I think it is better to just change the daemon permissions; I have done
that, but it's early to know if it works, but we'll see.

- --
Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAky04w0ACgkQtTMYHG2NR9UQDgCfe2eyDEsTO9biKOSaHY6e6IL8
SpIAnjnZfO6qcRRQvQlUjFJfNxlYHwl5
=jDC+
-----END PGP SIGNATURE-----

I do not want to give any user the permission to install packages.

This can easily disrupt the work of other users.

Christoph

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Who said anything about giving permission? I did not. I removed
permissions.

- --
Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAky06joACgkQtTMYHG2NR9UwnQCdGF88zyKChW145UfmxYyBzyGZ
9uwAmwXT2pPNzRYVpx3jdyJfm+4KeE4j
=qHQG
-----END PGP SIGNATURE-----

How is anyone going to install anything without root permission?

Steven
--
Sent from my Linux box.
Regards de KC6KGE.
A very happy Flex-3000 user.
Skype flamebait
Gmail flamebait at gmail dot com

Obviously not.

The question you _SHOULD_ be asking is how to restrict access to root,
yet grant it in limited circumstances.

Which is what SUDO and PAM are about.
See pam_sepermit(8) pam_wheel(8) pam_listfile(8)

Oh, and the concept of the "wheel group".

Oh, and judicious use of group permission and setuid :-)

Sorry. I misunderstood your post.

Christoph

Well, it is started as "root", so you need to remove its root access permissions
if you never want to run packagekit at all.
auth_admin will ask for admin privileges. auth_admin_keep_always will keep it after you have netered them once.

Having all lines with "no" at the end will probably disable them, like:
org.freedesktop.packagekit.package-install no

CIao, Marcus

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm logged as user, so if it runs as root it means that another process
which is running as root (not me), or SUID, is calling it.
I see.
But which is the process that searches for updates in the first place?
That's the one that should not run, that's the one we need to remove - and
I don't see it there. This is a process that never asks for permissions.
It runs and tells the users that there are updates.

Only the user that also is the admin should be informed.


An example.

I log as me normal user in Gnome. After a while, I'm automatically
informed that there are some updates, and I choose to not install for the
moment (close window).

Then I choose to also log in on another graphical user, another user, in
gnome or kde. And this user is also informed that there are updates!

This is absurd.

In this case it is the same person, but it could be guest, a child, an
employee... whoever.

Only those users that do maintenance of the machine should have the applet
running that checks for updates, and there is no known method to control
this. I tried using permissions on packagekid, but no success.

- --
Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAkzEuJsACgkQtTMYHG2NR9WYDgCdEcOU+Sndfx/L34jqs+J2YlgL
GWwAnRGxlhZnArwGCB+hxDubG4Pfo5kV
=c86z
-----END PGP SIGNATURE-----