update-manager not asking for authentication in Oneiric Beta

Alan Pope alan at popey.com
Thu Sep 15 11:46:34 UTC 2011

On 15 September 2011 12:11, Colin Law <clanlaw at googlemail.com> wrote:
> Normally if I run an app, or a command from the terminal, that
> attempts to write to the system area on disk, it that is not allowed.
> Hence I have to use sudo with apt-get upgrade.  How is it that I can
> use update-manager to do that, but not apt-get?

update-manager supports policykit, a framework which allows
applications to be given the ability to do this. If you take a look at
the policykit file linked from the bug report you can see this:-

[Update already installed software]

So as I understand it this says that the dbus action
"org.debian.apt.upgrade-packages" (which is part of aptdaemon) will
return 'yes' (allow) installation of updated packages if the current
user is a member of the unix group 'admin'. You (as the first user)
are a member of this group, other users are not.

I would guess that apt-get does not support policykit/dbus in the same
way update-manager does.

>  What is it that allows
> update-manager to do that but not a virus or other malware?  You may
> already have answered that question above.

I don't know enough about dbus/policykit to answer that.


More information about the ubuntu-users mailing list