My thoughts exactly. It seems the enrollment files are stored in
/var/lib/fprintd, which is already restricted to root access with read
access for others, and the directories and files under it are root only
without even read permissions for others, yet fprintd-enroll seems able
to change them even
Ahh, this takes me back to fondly remembered days of yore...with the
OS/2 shredder. Drag and drop was the new hotness and it was everywhere,
even for silly things like changing system fonts - and closing programs
and ejecting CD's whose icons were dropped on the shredder. It didn't
make sense then
Upon further reflection, instead of chmod o-x, use chmod 700. Otherwise,
the fprintd-enroll executable can be copied to the home directory and
executed from there, successfully changing the enrolled prints without
requiring root.
--
You received this bug notification because you are a member of U
I'm using 16.04 and installed from the default repos with a simple "sudo
apt install libpam-fprintd", and I'm seeing the same (original)
behaviour, as in fprintd-enroll doesn't require root to change the
enrolled fingerprints (and asks for 5 swipes to confirm enrollment).
The chmod o-x suggestion
