My user is in the "admin" group, but that's my LDAP group. /etc/sudoers was changed to have the groups allowed be "sudoA" and "adminA" which my local user is in.
Does the polkit `auth_admin` *NOT* do an actual sudo check but just look at the group name? That's ... not good. I'll need to have some people in the LDAP admin group, but not be allowed to use sudo/install software which that policy defeats the purpose of if that's the case (regulations). The command above gives: --- start cut --- $ pkcheck -a io.snapcraft.snapd.manage --process $$ -u ; echo $? polkit\56retains_authorization_after_challenge=true polkit\56temporary_authorization_id=tmpauthz2 0 --- end cut --- Here's my user info with some company specific info commented out: --- start cut --- $ id uid=1031(jason) gid=500(admin) groups=500(admin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare),501(XXX),502(XXX),503(XXX) --- end cut --- And /etc/sudoers ... --- start cut --- # egrep '^%[a-z]' /etc/sudoers %adminA ALL=(ALL) ALL %sudoA ALL=(ALL:ALL) ALL --- end cut --- -J -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850977 Title: Snap installs software without user having sudo access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1850977/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
