On Fri, Jun 15, 2012 at 10:45 PM, Mark Allums <m...@allums.com> wrote: > On 6/15/2012 7:01 PM, Tom H wrote: >> On Fri, Jun 15, 2012 at 7:41 PM, Tom H <tomh0...@gmail.com> wrote: >>> On Fri, Jun 15, 2012 at 6:08 PM, Mark Allums <m...@allums.com> wrote: >>>> >>>> Synaptic has begun asking for my user password rather than the root >>>> password. Why is this happening, and how do I make it stop? I want >>>> only >>>> users with root privileges to use apt/aptitude/synaptic/gdebi/etc. and I >>>> want the original behavior restored. >>> >>> >>> I don't have a Debian install with a DE to verify the following but >>> I'd check "/etc/polkit-1/localauthority.conf.d/" where there's most >>> likely a file defining the polkit admin users. >>> >>> (Do you have users on your system who can sudo to root and not su to >>> root?!) >> >> >> check "/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf". >> >>> From "policykit-1_0.96-4+squeeze2.diff": >> >> >> +binary-install/policykit-1:: >> + # when building for Ubuntu, allow the admin group, on Debian use >> sudo group >> + if [ "$(DISTRO)" = "Ubuntu" ]; then \ >> + /bin/echo -e >> "[Configuration]\nAdminIdentities=unix-group:admin" >>> >>> >>> debian/policykit-1/etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf; >> >> \ >> + elif [ "$(DISTRO)" = "Debian" ]; then \ >> + /bin/echo -e >> "[Configuration]\nAdminIdentities=unix-group:sudo" >>> >>> >>> debian/policykit-1/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf; >> >> \ >> + fi >> >> Looking at the changelog, this was done (unless I'm misunderstanding >> the entry) in 2010: >> >> policykit-1 (0.96-4) unstable; urgency=low >> >> * debian/rules >> - When building for Debian, install a localauthority.conf.d >> configuration >> file which considers "sudo" group users as administrators. >> (Closes: #532499) >> >> -- Michael Biebl <bi...@debian.org> Tue, 16 Nov 2010 23:21:50 +0100 > > Thanks for that. I should have realized. It was indeed set to sudo. A bit > infuriating. > > I am currently the only sudo-er, and I want it to stay that way. I am also > currently the only possessor of the root password. (In event of my > incapacity, they are in a safe place.) Nevertheless, there are (some > possibly silly) reasons for my distress. Anyway... > > Oddly, if this change was made so long ago, then why did it just now change > behavior on my Sid machines, and why has it not happened to my Wheezy > machines? > > It is unique to Synaptic (it seems) on my Sid machines. For instance, > starting a root terminal brings up the usual "Enter the administrative > password" dialog. Also, on my Wheezy machines, the setting is the same, but > on them, Synaptic still asks for the root password, not the user password. > > So, while Policykit is a good lead, but I don't think it is the source of > the change. > > Thanks for your suggestions,
You're welcome. PolicyKit can be more fine-grained than just setting an admin group. You can find specific synaptic authorizations by running "pkaction" and then display the actual authorization with "pkaction --verbose --action-id <actionname>". -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=sx-hz7fok6vdfsybbdt0xozyst4vhlgl-hjl-a0oeg...@mail.gmail.com
