policyKit does not involve sudo in any way, it uses systemd-logind from the session to elevate privileges. if you are marked as admin in the policyKit setup you will indeed be able to do admin things no matter what is written in sudoers ;)
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1850977 Title: Snap installs software without user having sudo access Status in policykit-1 package in Ubuntu: New Status in snapd package in Ubuntu: Incomplete Bug description: $ lsb_release -rd Description: Ubuntu 18.04.2 LTS Release: 18.04 $ apt-cache policy gnome-software gnome-software: Installed: 3.28.1-0ubuntu4.18.04.8 Candidate: 3.28.1-0ubuntu4.18.04.12 Version table: 3.28.1-0ubuntu4.18.04.12 500 500 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages *** 3.28.1-0ubuntu4.18.04.8 100 100 /var/lib/dpkg/status 3.28.1-0ubuntu4 500 500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 What I expect to happen: Software is not installed for a user without sudo access. What does happen: I'm logging in with an LDAP user. This user does not have sudo access. When I select software from gnome-software ("Ubuntu Software"), it pops up and asks for my users password. I enter this in, and the software then installs (tested with blender, libreoffice, opencl driver). My user does *not* have sudo access on the system. $ sudo su - [sudo] password for jason: jason is not in the sudoers file. This incident will be reported. It appears these *may* be being installed with Snaps ... which still: How, without having root access, can an unprivileged user install something onto the system? ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-software 3.28.1-0ubuntu4.18.04.8 ProcVersionSignature: Ubuntu 5.0.0-32.34~18.04.2-generic 5.0.21 Uname: Linux 5.0.0-32-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Fri Nov 1 13:53:03 2019 InstallationDate: Installed on 2019-11-01 (0 days ago) InstallationMedia: Ubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) InstalledPlugins: gnome-software-plugin-flatpak N/A gnome-software-plugin-limba N/A gnome-software-plugin-snap 3.28.1-0ubuntu4.18.04.8 ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: gnome-software UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1850977/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
