[Bug 1591672] Re: update-manager does not obey require-password policy
Julian Andres Klode
1591672 at bugs.launchpad.net
Tue Sep 1 12:45:51 UTC 2020
After changing the group to unix-group:sudo I could not reproduce this
bug. Are you sure the user you tested this for was only in the admin
group and not the sudo group (which is also given permission to upgrade
without password)?
[Update already installed software]
Identity=unix-group:admin;unix-group:sudo
Action=org.debian.apt.upgrade-packages
ResultActive=yes
** Changed in: aptdaemon (Ubuntu)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptdaemon in Ubuntu.
https://bugs.launchpad.net/bugs/1591672
Title:
update-manager does not obey require-password policy
Status in aptdaemon package in Ubuntu:
Incomplete
Bug description:
In order to enforce password check prior an update to occur, policy
file was installed.
/var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla
[Require password to upgrade already installed software]
Identity=unix-group:admin
Action=org.debian.apt.upgrade-packages
ResultActive=auth_admin
Up to a recent update this was working as expected. No anymore.
What happens
------------
Updates are performed without requesting administrative password
Expected result
---------------
update-manager to request administrative password prior performing the update
System info
-----------
# lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
# dpkg -l | grep update-manager
ii python3-update-manager 1:16.04.3 all python 3.x module for update-manager
ii update-manager 1:16.04.3 all GNOME application that manages apt updates
ii update-manager-core 1:16.04.3 all manage release upgrades
# dpkg -l | grep policy
ii libnuma1:amd64 2.0.11-1ubuntu1 amd64 Libraries for controlling NUMA policy
ii libsemanage-common 2.3-1build3 all Common files for SELinux policy management libraries
ii libsemanage1:amd64 2.3-1build3 amd64 SELinux policy management library
ii plainbox-secure-policy 0.25-1 all policykit policy required to use plainbox (secure version)
ii policykit-1 0.105-14.1 amd64 framework for managing administrative policies and privileges
ii policykit-1-gnome 0.105-2ubuntu2 amd64 GNOME authentication agent for PolicyKit-1
ii policykit-desktop-privileges 0.20 all run common desktop actions without password
# apt-cache policy update-manager
update-manager:
Installed: 1:16.04.3
Candidate: 1:16.04.3
Version table:
*** 1:16.04.3 500
500 http://fr.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
500 http://fr.archive.ubuntu.com/ubuntu xenial/main i386 Packages
100 /var/lib/dpkg/status
# find /var/lib/polkit-1/localauthority
/var/lib/polkit-1/localauthority
/var/lib/polkit-1/localauthority/50-local.d
/var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla
/var/lib/polkit-1/localauthority/90-mandatory.d
/var/lib/polkit-1/localauthority/20-org.d
/var/lib/polkit-1/localauthority/10-vendor.d
/var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/fwupd.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/com.canonical.unity.webapps.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/50-com.canonical.indicator.sound.AccountsService.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/unity-greeter.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla
/var/lib/polkit-1/localauthority/30-site.d
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1591672/+subscriptions
More information about the foundations-bugs
mailing list