Public bug reported:

Domain groups cannot be configured as 'AdminIdentities' under
/etc/polkit-1/localauthority.conf.d

EXAMPLE CONFIG

# /etc/polkit-1/localauthority.conf.d/90-test.conf
[Configuration]
AdminIdentities=unix-group:sysapp


With the above config, 'sysapp' is a group in LDAP. SSSD is configured on the 
machine to allow domain users to log in.
Sudo rules have been configured for the 'sysapp' group and work correctly.

However, any action that creates a polkit/GUI prompt for authentication
does not allow users in the 'sysapp' group to authenticate. Instead, it
only accepts auth from the root user.


If I change the config to use a local group, instead of a domain group, 
everything works as expected.
Similarly if I specify a domain USER instead of a domain group, everything 
works as expected.

The problem seems to only be with domain/LDAP groups.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: policykit-1 0.105-33
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Mon Oct  3 15:20:36 2022
InstallationDate: Installed on 2022-07-15 (80 days ago)
InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
SourcePackage: policykit-1
UpgradeStatus: Upgraded to jammy on 2022-08-02 (61 days ago)

** Affects: policykit-1 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug jammy

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1991545

Title:
  Domain groups not accepted as  'AdminIdentities'

Status in policykit-1 package in Ubuntu:
  New

Bug description:
  Domain groups cannot be configured as 'AdminIdentities' under
  /etc/polkit-1/localauthority.conf.d

  EXAMPLE CONFIG

  # /etc/polkit-1/localauthority.conf.d/90-test.conf
  [Configuration]
  AdminIdentities=unix-group:sysapp

  
  With the above config, 'sysapp' is a group in LDAP. SSSD is configured on the 
machine to allow domain users to log in.
  Sudo rules have been configured for the 'sysapp' group and work correctly.

  However, any action that creates a polkit/GUI prompt for
  authentication does not allow users in the 'sysapp' group to
  authenticate. Instead, it only accepts auth from the root user.

  
  If I change the config to use a local group, instead of a domain group, 
everything works as expected.
  Similarly if I specify a domain USER instead of a domain group, everything 
works as expected.

  The problem seems to only be with domain/LDAP groups.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: policykit-1 0.105-33
  ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
  Uname: Linux 5.15.0-48-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Mon Oct  3 15:20:36 2022
  InstallationDate: Installed on 2022-07-15 (80 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  SourcePackage: policykit-1
  UpgradeStatus: Upgraded to jammy on 2022-08-02 (61 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1991545/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to