On 03/11/2022 15:17, Sam Morris wrote:
But I suppose this should become a bug against polkitd-pkla since in
practice its 49-polkit-pkla-compat.rules will never be called since
40-debian-sudo.rules is called first.
Perhaps one solution would be to renumber to << 40, and ship a
pklocalauthority config file with 'unix-group:sudo'. This will ensure
that systems where polkitd-pkla is installed will match the default
behaviour of systems where it isn't installed.
FYI, Fedora ship their default admin rules with these numbers:
# ls /etc/polkit-1/rules.d/
49-polkit-pkla-compat.rules 50-default.rules
50-default.rules is equivalent to Debian's 40-debian-sudo.rules file
(although Fedora use the wheel group rather than sudo).
--
Sam Morris <https://robots.org.uk/>
PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9