update-manager not asking for authentication in Oneiric Beta
Colin Law
clanlaw at googlemail.com
Thu Sep 15 12:27:20 UTC 2011
On 15 September 2011 12:46, Alan Pope <alan at popey.com> wrote:
> On 15 September 2011 12:11, Colin Law <clanlaw at googlemail.com> wrote:
>> Normally if I run an app, or a command from the terminal, that
>> attempts to write to the system area on disk, it that is not allowed.
>> Hence I have to use sudo with apt-get upgrade. How is it that I can
>> use update-manager to do that, but not apt-get?
>>
>
> update-manager supports policykit, a framework which allows
> applications to be given the ability to do this. If you take a look at
> the policykit file linked from the bug report you can see this:-
>
> [Update already installed software]
> Identity=unix-group:admin
> Action=org.debian.apt.upgrade-packages
> ResultActive=yes
>
> So as I understand it this says that the dbus action
> "org.debian.apt.upgrade-packages" (which is part of aptdaemon) will
> return 'yes' (allow) installation of updated packages if the current
> user is a member of the unix group 'admin'. You (as the first user)
> are a member of this group, other users are not.
>
> I would guess that apt-get does not support policykit/dbus in the same
> way update-manager does.
>
>> What is it that allows
>> update-manager to do that but not a virus or other malware? You may
>> already have answered that question above.
>>
>
> I don't know enough about dbus/policykit to answer that.
OK, many thanks for the info. One lives and learns.
Colin
--
gplus.to/clanlaw
More information about the ubuntu-users
mailing list