update-manager not asking for authentication in Oneiric Beta
Alan Pope
alan at popey.com
Thu Sep 15 11:46:34 UTC 2011
On 15 September 2011 12:11, Colin Law <clanlaw at googlemail.com> wrote:
> Normally if I run an app, or a command from the terminal, that
> attempts to write to the system area on disk, it that is not allowed.
> Hence I have to use sudo with apt-get upgrade. How is it that I can
> use update-manager to do that, but not apt-get?
>
update-manager supports policykit, a framework which allows
applications to be given the ability to do this. If you take a look at
the policykit file linked from the bug report you can see this:-
[Update already installed software]
Identity=unix-group:admin
Action=org.debian.apt.upgrade-packages
ResultActive=yes
So as I understand it this says that the dbus action
"org.debian.apt.upgrade-packages" (which is part of aptdaemon) will
return 'yes' (allow) installation of updated packages if the current
user is a member of the unix group 'admin'. You (as the first user)
are a member of this group, other users are not.
I would guess that apt-get does not support policykit/dbus in the same
way update-manager does.
> What is it that allows
> update-manager to do that but not a virus or other malware? You may
> already have answered that question above.
>
I don't know enough about dbus/policykit to answer that.
Al.
More information about the ubuntu-users
mailing list