Public bug reported:
Domain groups cannot be configured as 'AdminIdentities' under
/etc/polkit-1/localauthority.conf.d
EXAMPLE CONFIG
# /etc/polkit-1/localauthority.conf.d/90-test.conf
[Configuration]
AdminIdentities=unix-group:sysapp
With the above config, 'sysapp' is a group in LDAP. SSSD is configured on the
machine to allow domain users to log in.
Sudo rules have been configured for the 'sysapp' group and work correctly.
However, any action that creates a polkit/GUI prompt for authentication
does not allow users in the 'sysapp' group to authenticate. Instead, it
only accepts auth from the root user.
If I change the config to use a local group, instead of a domain group,
everything works as expected.
Similarly if I specify a domain USER instead of a domain group, everything
works as expected.
The problem seems to only be with domain/LDAP groups.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: policykit-1 0.105-33
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Mon Oct 3 15:20:36 2022
InstallationDate: Installed on 2022-07-15 (80 days ago)
InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
SourcePackage: policykit-1
UpgradeStatus: Upgraded to jammy on 2022-08-02 (61 days ago)
** Affects: policykit-1 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug jammy
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1991545
Title:
Domain groups not accepted as 'AdminIdentities'
Status in policykit-1 package in Ubuntu:
New
Bug description:
Domain groups cannot be configured as 'AdminIdentities' under
/etc/polkit-1/localauthority.conf.d
EXAMPLE CONFIG
# /etc/polkit-1/localauthority.conf.d/90-test.conf
[Configuration]
AdminIdentities=unix-group:sysapp
With the above config, 'sysapp' is a group in LDAP. SSSD is configured on the
machine to allow domain users to log in.
Sudo rules have been configured for the 'sysapp' group and work correctly.
However, any action that creates a polkit/GUI prompt for
authentication does not allow users in the 'sysapp' group to
authenticate. Instead, it only accepts auth from the root user.
If I change the config to use a local group, instead of a domain group,
everything works as expected.
Similarly if I specify a domain USER instead of a domain group, everything
works as expected.
The problem seems to only be with domain/LDAP groups.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: policykit-1 0.105-33
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Mon Oct 3 15:20:36 2022
InstallationDate: Installed on 2022-07-15 (80 days ago)
InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
SourcePackage: policykit-1
UpgradeStatus: Upgraded to jammy on 2022-08-02 (61 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1991545/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
