update-manager not asking for authentication in Oneiric Beta

Colin Law clanlaw at googlemail.com
Thu Sep 15 12:27:20 UTC 2011

On 15 September 2011 12:46, Alan Pope <alan at popey.com> wrote:
> On 15 September 2011 12:11, Colin Law <clanlaw at googlemail.com> wrote:
>> Normally if I run an app, or a command from the terminal, that
>> attempts to write to the system area on disk, it that is not allowed.
>> Hence I have to use sudo with apt-get upgrade.  How is it that I can
>> use update-manager to do that, but not apt-get?
> update-manager supports policykit, a framework which allows
> applications to be given the ability to do this. If you take a look at
> the policykit file linked from the bug report you can see this:-
> [Update already installed software]
> Identity=unix-group:admin
> Action=org.debian.apt.upgrade-packages
> ResultActive=yes
> So as I understand it this says that the dbus action
> "org.debian.apt.upgrade-packages" (which is part of aptdaemon) will
> return 'yes' (allow) installation of updated packages if the current
> user is a member of the unix group 'admin'. You (as the first user)
> are a member of this group, other users are not.
> I would guess that apt-get does not support policykit/dbus in the same
> way update-manager does.
>>  What is it that allows
>> update-manager to do that but not a virus or other malware?  You may
>> already have answered that question above.
> I don't know enough about dbus/policykit to answer that.

OK, many thanks for the info. One lives and learns.



More information about the ubuntu-users mailing list