Allowing a less trusted user to run apt-get update
is ok. They worst they can do is consume a lot of bandwidth and fill up some disk space, and they have plenty of other means to do this unless you've taken stringent measures to prevent this.
Allowing a user to run apt-get upgrade
is likely to give them root access. Some packages query the user and might allow a shell escape; for example the user who has access to the terminal that apt-get upgrade
(or any dpkg -i
call) is running on might get prompted for what to do if a configuration file has been updated, and one of the options there is to run a shell to examine the situation.
You need to restrict the command some more:
#!/bin/sh
set -ex
exec </dev/null >"/var/log/automatic-apt-upgrade-$(date +%Y%m%d-%H%M%S)-$SUDO_USER.log" 2>&1
apt-get --assume-no upgrade
This shouldn't give the user a way to become root, since they can't interact with the package manager. As upgrades can sometimes break a system, and a user with only these permissions wouldn't be able to repair anything, this should only be done with a stable release, with only security updates pending. If it's a kernel update, let a user with full root access decide when to trigger a reboot.
By the way, the user wouldn't be able to inject package content — to do that, they'd need to be in control of the server distributing the package, and in addition to the server signing the package if the package is signed (which is the case for all official sources). It's irrelevant for this attack vector who's in command of the machine at the time of the upgrade.
All this being said… use unattended-upgrades, if that's what you want.
Best Answer
Authentication can be handled in many different ways in Linux. Password authentication via
/etc/passwd
and/etc/shadow
is the usual default. There is no default password.A user is not required to have a password. In a typical setup a user without a password will be unable to authenticate with the use of a password. This is common for system users which are used to run daemons, but are not intended to be used directly by a human.
You can configure Linux to allow login to the desktop automatically, or allow login without a password. Authentication is done via PAM, which is highly configurable. The Arch wiki offers the following PAM configuration for login without a password: