I think I may have found it.... It looks like policykit has some rules with entries like:
``` subject.isInGroup("sudo") ``` That's ... broken. Just being in the `sudo` group should *NOT* let me install software or elevate my priviledges, *ESPECIALLY* if the user isn't actually in the sudoers. It's a broken assumption. I changed the /etc/sudoers file so the `sudo` group does *NOT* have permissions explicitly for this reason. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850977 Title: Snap installs software without user having sudo access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1850977/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs