https://bugs.kde.org/show_bug.cgi?id=407729
--- Comment #9 from Harald Sitter <sit...@kde.org> --- It's a bit of a flimsy override but its in fact the most reliable way to do it we decided. sbin actually just *happens* to be before bin in $PATH. so, if you just run `apt` on a terminal that will be /usr/sbin/apt (the override). If you were to run it with absolute path `/usr/bin/apt` you'd not get overridden at all. That is in fact part of the reason why it is in sbin. Scripts, which generally should call by absolute path (because the user may have overlay'd apt in a very similar manner to what we do + security reasons), are not affected by this. All that said, you might actually want to look into replacing your use of apt with pkcon, the cli frontend for packagekit, and then regulate password-less use via polkit. The polkit profiles should give you much finer control over what a user/group may do without password auth. Allowing NOPASSWD on all of apt is a fairly substantial security threat. e.g. apt can install local debs, so should the user(s) affected by NOPASSWD get compromised there is a readily available way to escalate to root-level access through apt. -- You are receiving this mail because: You are watching all bug changes.
