Ubuntu
snapd package

  1. Bug #1850977
  2. Comment #16

Comment 16 for bug 1850977

Revision history for this message
Jason Stover (ir-jms) wrote :

I think I may have found it.... It looks like policykit has some rules with entries like:

```
subject.isInGroup("sudo")
```

That's ... broken. Just being in the `sudo` group should *NOT* let me install software or elevate my priviledges, *ESPECIALLY* if the user isn't actually in the sudoers. It's a broken assumption.

I changed the /etc/sudoers file so the `sudo` group does *NOT* have permissions explicitly for this reason.