The above still stands... but that isn't it for `snap` ... I changed all the `isIngroup("sudo")` to use `sudoA` since that's the actually group that's in sudoers...
And snap is still letting me install the blender snap in `--classic` mode. So.... How do you find out what polkit rules are running at any given time? The `io.snapcraft.snapd.manage' action has: ``` <allow_any>auth_admin</allow_any> ``` But where is what `auth_admin` does defined? It *looks* like it's seeing it as a local login and just allowing it. If I log in through SSH and try the same command I get: $ snap install blender --classic error: access denied (try with sudo) Being a locally logged in user does not mean you should have the ability to install software. Again, that's an incorrect assumption being made.... :/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850977 Title: Snap installs software without user having sudo access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1850977/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs