Ubuntu
snapd package

  1. Bug #1850977
  2. Comment #20

Comment 20 for bug 1850977

Revision history for this message
Jason Stover (ir-jms) wrote :

Thank You!!!

Can you set it like:
```
[Configuration]
AdminIdentities=
```

So *nothing* is considered an Admin?

That file has `unix-group:sudo;unix-group:admin` ... by default from what I can tell. But at least that I know this thing exists and hey, you can elevate privileges without being in sudoers (Ugh... another thing to restrict for regulations).

Does that deal only with the *name* of the group, or what it sees as the GID?

I mean, I can make another user named `bob` with a UID of 0 ... so I'm still effectively root even if I'm logged in as bob. Does this work that way with GID's? Or is it looking explicitly at the name only even if the name is irrelevant is actual system usage?

Meaning, I can have groups named: Admin, AdminA, AdminB, AdminC .... with different members but the same GID. In this way anything on the filesystem owned by the `Admin` group, can be accessed by any of the Admin groups since it's the GID that matters.

Does PolicyKit take GIDs into account, or just the name?