Unfortunately it isn't that easy in my case. I need to have every action attempted logged. That will still give it to me, but modifying what's happening by changing what's being requested.
So, if a normal user attempts something, the best case is for it to ask for the users password and fail when they don't have permission to do the action, or the password entered is wrong. Second best, is to fall back to asking for the root password. I can deal with the logging inaccuracy. But not always ask for the root password in every case which is what that override will do. I'm going to be needing to implement some custom polkit/apparmour stuff eventually anyway (now that I've seen this), but this came about as I am not a Debian/Ubuntu person. So I hit something that _shouldn't_ have been happening in my mind (hey, no sudoers access, no way to run as root) ... It threw me that it was happening. But thanks to everyone for digging into this with me. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1850977 Title: Snap installs software without user having sudo access Status in gnome-software package in Ubuntu: Invalid Status in policykit-1 package in Ubuntu: New Status in snapd package in Ubuntu: Invalid Bug description: $ lsb_release -rd Description: Ubuntu 18.04.2 LTS Release: 18.04 $ apt-cache policy gnome-software gnome-software: Installed: 3.28.1-0ubuntu4.18.04.8 Candidate: 3.28.1-0ubuntu4.18.04.12 Version table: 3.28.1-0ubuntu4.18.04.12 500 500 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages *** 3.28.1-0ubuntu4.18.04.8 100 100 /var/lib/dpkg/status 3.28.1-0ubuntu4 500 500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 What I expect to happen: Software is not installed for a user without sudo access. What does happen: I'm logging in with an LDAP user. This user does not have sudo access. When I select software from gnome-software ("Ubuntu Software"), it pops up and asks for my users password. I enter this in, and the software then installs (tested with blender, libreoffice, opencl driver). My user does *not* have sudo access on the system. $ sudo su - [sudo] password for jason: jason is not in the sudoers file. This incident will be reported. It appears these *may* be being installed with Snaps ... which still: How, without having root access, can an unprivileged user install something onto the system? ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-software 3.28.1-0ubuntu4.18.04.8 ProcVersionSignature: Ubuntu 5.0.0-32.34~18.04.2-generic 5.0.21 Uname: Linux 5.0.0-32-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Fri Nov 1 13:53:03 2019 InstallationDate: Installed on 2019-11-01 (0 days ago) InstallationMedia: Ubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) InstalledPlugins: gnome-software-plugin-flatpak N/A gnome-software-plugin-limba N/A gnome-software-plugin-snap 3.28.1-0ubuntu4.18.04.8 ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: gnome-software UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1850977/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp