root group is irrelevant here, and should not be used to enforce ACLs.
On Ubuntu, root user is disabled by default. Instead, regular user
accounts are treated as admin accounts if they have the permission to
`sudo` into root. This is done, by default, by adding user accounts to
`sudo` group. This is also what gnome account services / policykit / etc
use to determine `who is admin`.
E.g. in gnome-settings on Ubuntu, one can toggle user accounts between
normal and administrator, which removes/adds sudo group to a given
account.
Policykit does correct authentication to execute this action. Accounts
in `sudo` group can execute it directly, otherwise a policykit popup
appears listing all existing `sudo` group members and asking to
authenticate as one of those people. I have just tested that this all
works correctly on cosmic.
So, if you don't expect this behaviour on this particular account,
`sudo` group is the one to remove. But note that is the same group that
makes `sudo -i` work, so please don't lock yourself out if that's the
only sudo capable account!
Thus everything works as expected, and administrator accounts can do the
same action (with less validation) via `sudo nano /etc/default/locale`.
** Changed in: systemd (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1800297
Title:
localectl updates /etc/default/locale without root privileges
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1800297/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
