El 31/10/14 09:29, shawn wilson escribió:
I'm trying to allow an apt user to run apt* commands. I've got this polkit: /etc/polkit-1/localauthority/30-site.d/10-org.com.foo.apt.pkla [Configuration] AdminIdentities=unix-user:apt Action=org.debian.apt.* ResultAny=no ResultInactive=no ResultActive=yes However when I: su - apt it looks like nothing has changed: $ apt-get update E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied) E: Unable to lock directory /var/lib/apt/lists/ E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied) E: Unable to lock the administration directory (/var/lib/dpkg/), are you root? I've got aptdaemon installed. Any idea what I'm doing wrong here?
I'm not an expert in Debian package management, but I think that the error is what it says, the user lacks appropriate permissions for those files and directories. I recommend that you configure sudo to allow those users to invoke at least apt-get. You can also use sudo to log the commands and even the command line interaction. See the man page of sudo and sudoers.
Bear in mind that users who can install and uninstall packages can make the system unusable or purposely install a vulnerable package to perform privilege escalation. If they can add repositories, they can easily direct the package manager to a specially crafted package which will give them root access without the need to exploit an existing package. If you wouldn't trust root access to those users, don't give them package management capabilities.
Regards.