Comment 7 for bug 1532264

I'm using 16.04 and installed from the default repos with a simple "sudo apt install libpam-fprintd", and I'm seeing the same (original) behaviour, as in fprintd-enroll doesn't require root to change the enrolled fingerprints (and asks for 5 swipes to confirm enrollment).

The chmod o-x suggestion worked in that executing fprintd-enroll now requires root, but I suspect whatever files it writes to are still vulnerable to someone accessing my (rarely) unlocked and unattended machine, but at least now they'd have to come prepared with their own fingerprint enrollment files instead of just running it from a terminal and swiping a few times. This also seems like it would be an easy fix in the repo package, at least until a proper upstream fix is done. Is anyone even working on fprintd upstream anymore, though?