On Sun, Oct 06, 2024 at 11:24:03AM +0100, Brad Rogers wrote: > On Sun, 6 Oct 2024 10:47:24 +0100 > Joe <j...@jretrading.com> wrote: > > Hello Joe, > > >My graphical menu calls synaptic-pkexec, and it definitely wants the > > As does mine. > > >root password, and it says so explicitly. > > Here, I get a different result. The requester asks for authentication > but does not specify root password. In fact, using the root password > fails (with the exact same details as Roger described), I *must* use the > user password. > > Strange.
Not at all. Most probably synaptic is being run via pkexec, part of PolicyKit. I ran away from that Rube Goldberg dystopia years ago, so I can't give a recipe, but at least some hints. One of the things this Policy Kit does "for" you might be to see whether you are in the sudoers group, then it might (given some other details) use sudo to escalate your rights (thus asking you for your user password) or have to use su (thus asking for the root password). There are, of course, many and diverse other ways to configure Policy Kit, so some investigation will be needed. My take is that you usually don't make things more secure by making them more complex. That's why I ran away. Cheers -- t
signature.asc
Description: PGP signature
