cannot change authorization for apper

In the Actions Policy under System Settings, I went to org.freedesktop
followed by The PackageKit Project. There under “update packages” I
changed the implicit authorization level of an “Active console” to
“Administrator Authentication”. My intent was to force apper to ask for
my root password before downloading and installing updates, so that a
regular user cannot do that.

However, it still just downloads and installs the updates without asking
me for a password.

Is there some other place where I need to make a change in the settings?
I think that here where it says "Update packages"must not be the right
location.


G.O.
Box #1: 12.3 | KDE 4.10 | AMD Phenom IIX4 | 64 | 16GB
Box #2: 12.2 | KDE 4.9.2 | AMD Athlon X3 | 64 | 4GB
Laptop: 12.2 | KDE 4.10 | Core i7-2620M | 64 | 8GB
learning openSUSE and loving it

How do you set up Apper to require a root password to complete an
update? I tried under System Settings -> org.freedesktop -> The
PackageKit project and changed the “active console” setting to
“administrator”. I thought this would then force Apper to ask for a root
password so that not just anyone can hit “ok” for the updates. However,
nothing changed, and I still am not required to give a root password.


G.O.
Box #1: 12.3 | KDE 4.10 | AMD Phenom IIX4 | 64 | 16GB
Box #2: 12.2 | KDE 4.9.2 | AMD Athlon X3 | 64 | 4GB
Laptop: 12.2 | KDE 4.10 | Core i7-2620M | 64 | 8GB
learning openSUSE and loving it

I am now trying that out, to see if I get the same result.

I’ll have to wait for some new updates to come through before I can actually test what happens.

Yes, I get the same result.

PolicyKit seems to have been reorganized, and it is harder to read the configuration files to see what is happening.

On 04/11/2013 06:26 AM, nrickert wrote:
> nrickert;2546169 Wrote:
>> I am now trying that out, to see if I get the same result.
> Yes, I get the same result.
>
> PolicyKit seems to have been reorganized, and it is harder to read the
> configuration files to see what is happening.
>
>
Ok, I filed a bug report, https://bugzilla.novell.com/show_bug.cgi?id=814763


G.O.
Box #1: 12.3 | KDE 4.10 | AMD Phenom IIX4 | 64 | 16GB
Box #2: 12.2 | KDE 4.9.2 | AMD Athlon X3 | 64 | 4GB
Laptop: 12.2 | KDE 4.10 | Core i7-2620M | 64 | 8GB
learning openSUSE and loving it

I have just added a comment to the bug report - a guess as to what might be the problem.

I decided to test out my guess. I edited the file “/etc/polkit-1/rules.d/90-default-privs.rules”. And, after that change, I am now prompted for the root password in order to do updates.

Here’s the unified diff between the old and new versions of 90-default-privs.rules


--- /bkup/90-default-privs.rules     2013-03-25 06:51:30.190721650 -0500
+++ 90-default-privs.rules      2013-04-11 17:22:13.626921257 -0500
@@ -477,7 +477,7 @@
                'org.freedesktop.accounts.change-own-user-data':
                         'yes', 'yes', 'yes' ],
                'org.freedesktop.packagekit.system-update':
-                        'auth_admin_keep', 'auth_admin_keep', 'yes' ],
+                        'auth_admin_keep', 'auth_admin_keep', 'auth_admin_keep' ],
                'org.opensuse.yast.modules.yapi.kerberos.write':
                         'no', 'no', 'no' ],
                'com.hp.driveguard.toggle':

Or, to explain in words, I changed “yes” to “auth_admin_keep” in the line that looked as if it had to do with update policy.