Comment 11 for bug 1850977

My user is in the "admin" group, but that's my LDAP group. /etc/sudoers was changed to have the groups allowed be "sudoA" and "adminA" which my local user is in.

Does the polkit `auth_admin` *NOT* do an actual sudo check but just look at the group name? That's ... not good. I'll need to have some people in the LDAP admin group, but not be allowed to use sudo/install software which that policy defeats the purpose of if that's the case (regulations).

The command above gives:
--- start cut ---
$ pkcheck -a io.snapcraft.snapd.manage --process $$ -u ; echo $?
polkit\56retains_authorization_after_challenge=true
polkit\56temporary_authorization_id=tmpauthz2
0
--- end cut ---

Here's my user info with some company specific info commented out:
--- start cut ---
$ id
uid=1031(jason) gid=500(admin) groups=500(admin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare),501(XXX),502(XXX),503(XXX)
--- end cut ---

And /etc/sudoers ...
--- start cut ---
# egrep '^%[a-z]' /etc/sudoers
%adminA ALL=(ALL) ALL
%sudoA ALL=(ALL:ALL) ALL
--- end cut ---

-J