Oliver, > if you are marked as admin in the policyKit setup
Where do you find this? Where is the definition for what `auth_admin` does located? From the freedesktop site it *seems* that it's an "Administrative user," which to me is sudoers. As the system admin I'm not defining an admin user anywhere else but sudoers. If it's just by group that's broken all to hell... The freedesktop.org site states[1]: > If the system is configured without a root account it may prompt for a specific user designated as the administrative user: Where do you designate a user as the administrative user outside of putting them in sudoers? I need to implement government regulations. Some users need to be in the admin group from LDAP, but cannot install software on workstations. sudoers *should* control this. The init system has nothing to do with account elevation... unless they're taking that over as well. This was a straight up install from Ubuntu. Nothing in my Salt configurations touch polkit settings. Since I'm doing LDAP login, there's /etc/pam.d entries in files for LDAP auth that polkit uses. Would this be interfering? -J [1] - https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1850977 Title: Snap installs software without user having sudo access Status in policykit-1 package in Ubuntu: New Status in snapd package in Ubuntu: Incomplete Bug description: $ lsb_release -rd Description: Ubuntu 18.04.2 LTS Release: 18.04 $ apt-cache policy gnome-software gnome-software: Installed: 3.28.1-0ubuntu4.18.04.8 Candidate: 3.28.1-0ubuntu4.18.04.12 Version table: 3.28.1-0ubuntu4.18.04.12 500 500 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages *** 3.28.1-0ubuntu4.18.04.8 100 100 /var/lib/dpkg/status 3.28.1-0ubuntu4 500 500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 What I expect to happen: Software is not installed for a user without sudo access. What does happen: I'm logging in with an LDAP user. This user does not have sudo access. When I select software from gnome-software ("Ubuntu Software"), it pops up and asks for my users password. I enter this in, and the software then installs (tested with blender, libreoffice, opencl driver). My user does *not* have sudo access on the system. $ sudo su - [sudo] password for jason: jason is not in the sudoers file. This incident will be reported. It appears these *may* be being installed with Snaps ... which still: How, without having root access, can an unprivileged user install something onto the system? ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-software 3.28.1-0ubuntu4.18.04.8 ProcVersionSignature: Ubuntu 5.0.0-32.34~18.04.2-generic 5.0.21 Uname: Linux 5.0.0-32-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Fri Nov 1 13:53:03 2019 InstallationDate: Installed on 2019-11-01 (0 days ago) InstallationMedia: Ubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) InstalledPlugins: gnome-software-plugin-flatpak N/A gnome-software-plugin-limba N/A gnome-software-plugin-snap 3.28.1-0ubuntu4.18.04.8 ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: gnome-software UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1850977/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
