Unfortunately it isn't that easy in my case. I need to have every action
attempted logged. That will still give it to me, but modifying what's
happening by changing what's being requested.
So, if a normal user attempts something, the best case is for it to ask
for the users password and fail when
As an addition... If I remove the 51-ubuntu-admin.conf file, when I run
`snap install blender --classic`, it pops up a dialog box asking for the
"Administrator" password.
Entering roots password will install it.
This is the behaviour wanted. Not install it with only the users
authentication.
--
That's what I want though. I want control through sudoers, not polkit.
The file: /etc/polkit-1/localauthority.conf.d/50-localauthority.conf ... still
contains:
```
[Configuration]
AdminIdentities=unix-user:0
```
I don't know why you need to say root is an admin, but whatever it's
there... And
Thank You!!!
Can you set it like:
```
[Configuration]
AdminIdentities=
```
So *nothing* is considered an Admin?
That file has `unix-group:sudo;unix-group:admin` ... by default from
what I can tell. But at least that I know this thing exists and hey, you
can elevate privileges without being in
The above still stands... but that isn't it for `snap` ... I changed all
the `isIngroup("sudo")` to use `sudoA` since that's the actually group
that's in sudoers...
And snap is still letting me install the blender snap in `--classic`
mode. So How do you find out what polkit rules are running
Seems to be more appropriate to assign this to snapd than gnome-
software.
** Summary changed:
- gnome-software installs software without user having sudo access
+ Snap installs software without user having sudo access
** Tags added: snap
** Package changed: gnome-software (Ubuntu) => snapd
Attached is a screenshot of the VM window where the terminal install was
done.
** Attachment added: "Installation using snap on account without sudo access"
https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1850977/+attachment/5303117/+files/Screenshot_2019-11-05_15-28-49.png
--
Here's the lines from journalctl -b 0 The "sudo" was from me doing:
sudo su - ... just prior to the "snap install blender --classic"
--- start cut ---
Nov 05 15:15:39 jms-u18t sudo[18049]: pam_unix(sudo:auth): authentication
failure; logname= uid=1031 euid=0 tty=/dev/pts/0 ruser=jason
A dialog box appears. It just shows the Full Name field, and the name
shown is "Jason Stover" (login: jason) for the LDAP account. The Local
Admin account name is "Jason Local" (login: jlocal).
The passwords between the two accounts is also different incase it was
showing th
Public bug reported:
$ lsb_release -rd
Description:Ubuntu 18.04.2 LTS
Release:18.04
$ apt-cache policy gnome-software
gnome-software:
Installed: 3.28.1-0ubuntu4.18.04.8
Candidate: 3.28.1-0ubuntu4.18.04.12
Version table:
3.28.1-0ubuntu4.18.04.12 500
500
10 matches
Mail list logo