Not sure whether removing files that came with distro packages is the
best idea long term. I think a better option would be to drop in a
custom rule that runs before the default ones. As usual ArchWiki has
some examples:
https://wiki.archlinux.org/index.php/Polkit#Administrator_identities
Specifically, if I'm reading this right, putting the following rule in
/etc/polkit-1/rules.d/00-override.rules should be enough:
/* Always authenticate Admins by prompting for the root
* password, similar to the rootpw option in sudo
*/
polkit.addAdminRule(function(action, subject) {
return ["unix-user:root"];
});
Having this it's easy to build a package that can be later distributed
to other workstations.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1850977
Title:
Snap installs software without user having sudo access
Status in gnome-software package in Ubuntu:
Invalid
Status in policykit-1 package in Ubuntu:
New
Status in snapd package in Ubuntu:
Invalid
Bug description:
$ lsb_release -rd
Description: Ubuntu 18.04.2 LTS
Release: 18.04
$ apt-cache policy gnome-software
gnome-software:
Installed: 3.28.1-0ubuntu4.18.04.8
Candidate: 3.28.1-0ubuntu4.18.04.12
Version table:
3.28.1-0ubuntu4.18.04.12 500
500 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64
Packages
*** 3.28.1-0ubuntu4.18.04.8 100
100 /var/lib/dpkg/status
3.28.1-0ubuntu4 500
500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64
What I expect to happen:
Software is not installed for a user without sudo access.
What does happen:
I'm logging in with an LDAP user. This user does not have sudo access.
When I select software from gnome-software ("Ubuntu Software"), it
pops up and asks for my users password. I enter this in, and the
software then installs (tested with blender, libreoffice, opencl
driver).
My user does *not* have sudo access on the system.
$ sudo su -
[sudo] password for jason:
jason is not in the sudoers file. This incident will be reported.
It appears these *may* be being installed with Snaps ... which still:
How, without having root access, can an unprivileged user install
something onto the system?
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gnome-software 3.28.1-0ubuntu4.18.04.8
ProcVersionSignature: Ubuntu 5.0.0-32.34~18.04.2-generic 5.0.21
Uname: Linux 5.0.0-32-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri Nov 1 13:53:03 2019
InstallationDate: Installed on 2019-11-01 (0 days ago)
InstallationMedia: Ubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64
(20190210)
InstalledPlugins:
gnome-software-plugin-flatpak N/A
gnome-software-plugin-limba N/A
gnome-software-plugin-snap 3.28.1-0ubuntu4.18.04.8
ProcEnviron:
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-software
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1850977/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
