[Touch-packages] [Bug 1853115] Re: localauthority.conf - AdminIdentities: unix-group is ignored
Same problem on my end, also on 20.04 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1853115 Title: localauthority.conf - AdminIdentities: unix-group is ignored Status in policykit-1 package in Ubuntu: Confirmed Bug description: Allowed users and groups as admins for pkexec are defined in: /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:localadmin As you can see, I added unix-group:localadmin My user is localadmin-user1 who is in the local group localadmin. It does not matter if I create a new configuration file /etc/polkit-1/localauthority.conf.d/99-myadmins.conf or expand the original 51-ubuntu-admin.conf [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:localadmin If I add the user himself instead of his group localadmin the user is listed the allowed list for pkexec. [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-user:localadmin-user1 How to reproduce: - create local user and group (here: localadmin) - add unix-group:localadmin to /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf - pkexec mount -> the local user in group localadmin is not listed - add unix-user:localadmin-user1 to /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf - pkexec mount -> the local user localadmin-user1 is listed Kubuntu 19.10 policykit-10.105-26ubuntu1 SSSD for system authorization including domain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1853115/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1853115] Re: localauthority.conf - AdminIdentities: unix-group is ignored
I am experiencing the same issue on Ubuntu 20.04.4 with the below polkit config, where sysapp is an LDAP group, and we are using SSSD for LDAP login to our machines. # This file is managed by Puppet. DO NOT EDIT. [Configuration] AdminIdentities=unix-group:sysapp;unix-group:sudo;unix-group:admin When attempting to install software via GUI (snap-store) or update packages, the GUI prompt only accepts authorisation from users in the 'sudo' or 'admin' groups. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1853115 Title: localauthority.conf - AdminIdentities: unix-group is ignored Status in policykit-1 package in Ubuntu: Confirmed Bug description: Allowed users and groups as admins for pkexec are defined in: /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:localadmin As you can see, I added unix-group:localadmin My user is localadmin-user1 who is in the local group localadmin. It does not matter if I create a new configuration file /etc/polkit-1/localauthority.conf.d/99-myadmins.conf or expand the original 51-ubuntu-admin.conf [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:localadmin If I add the user himself instead of his group localadmin the user is listed the allowed list for pkexec. [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-user:localadmin-user1 How to reproduce: - create local user and group (here: localadmin) - add unix-group:localadmin to /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf - pkexec mount -> the local user in group localadmin is not listed - add unix-user:localadmin-user1 to /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf - pkexec mount -> the local user localadmin-user1 is listed Kubuntu 19.10 policykit-10.105-26ubuntu1 SSSD for system authorization including domain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1853115/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1853115] Re: localauthority.conf - AdminIdentities: unix-group is ignored
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: policykit-1 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1853115 Title: localauthority.conf - AdminIdentities: unix-group is ignored Status in policykit-1 package in Ubuntu: Confirmed Bug description: Allowed users and groups as admins for pkexec are defined in: /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:localadmin As you can see, I added unix-group:localadmin My user is localadmin-user1 who is in the local group localadmin. It does not matter if I create a new configuration file /etc/polkit-1/localauthority.conf.d/99-myadmins.conf or expand the original 51-ubuntu-admin.conf [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:localadmin If I add the user himself instead of his group localadmin the user is listed the allowed list for pkexec. [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin;unix-user:localadmin-user1 How to reproduce: - create local user and group (here: localadmin) - add unix-group:localadmin to /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf - pkexec mount -> the local user in group localadmin is not listed - add unix-user:localadmin-user1 to /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf - pkexec mount -> the local user localadmin-user1 is listed Kubuntu 19.10 policykit-10.105-26ubuntu1 SSSD for system authorization including domain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1853115/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
