[Bug 1853115] [NEW] localauthority.conf - AdminIdentities: unix-group is ignored

Tue, 19 Nov 2019 01:06:24 -0800 

Public bug reported:

Allowed users and groups as admins for pkexec are defined in:

  /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf

  [Configuration]
  AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:localadmin


As you can see, I added unix-group:localadmin

My user is localadmin-user1 who is in the local group localadmin. It does not 
matter if I create a new configuration file
  /etc/polkit-1/localauthority.conf.d/99-myadmins.conf or expand the original 
51-ubuntu-admin.conf


  [Configuration]
  AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:localadmin


If I add the user himself instead of his group localadmin the user is listed 
the allowed list for pkexec.

  [Configuration]
  AdminIdentities=unix-group:sudo;unix-group:admin;unix-user:localadmin-user1


How to reproduce:
- create local user and group (here: localadmin)
- add unix-group:localadmin to 
/etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf
- pkexec mount
  -> the local user in group localadmin is not listed
- add unix-user:localadmin-user1 to 
/etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf
- pkexec mount
  -> the local user localadmin-user1 is listed


----
Kubuntu 19.10
policykit-1    0.105-26ubuntu1
SSSD for system authorization including domain

** Affects: policykit-1 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853115

Title:
  localauthority.conf - AdminIdentities: unix-group is ignored

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1853115/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to