Description of problem: I am in a system where my user (provided by pam_sssd) is the following: $ id uid=22220(nmavrogi) gid=22220(nmavrogi) groups=22220(nmavrogi),135(mock),1070(devel),5356(prc-ext),5977(idm-dev-lab) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 He does not exist in the password file. I do however have the following user in my password file: $ id test uid=1000(test) gid=1000(test) groups=1000(test),10(wheel) When I have to install something through packagekit command not found, I get asked for the password of my test user!!! How reproducible: $ indent -linux common/common.c bash: indent: command not found... Install package 'indent' to provide command 'indent'? [N/y] y [Prompt for test's password] Expected results: I should be asked my user's password.
Reassigning to sssd, as this issue also exists if I use yum extender. Thus it is not related to package kit.
I doubt it's related to sssd but Please provide steps to reproduce: In my case, command just fails it does not want to install any package. sh$ indent -linux common/common.c -bash: indent: command not found sh$ echo $? 127
Isn't this the expected behavior when you assign the 'Account Type' 'Administrator', i.e. adding the user to the wheel group, in the Gnome user manager?
I also remember that Nikos uses a bit non-standard config with id_provider=proxy proxying to files, so it would also be nice to see the PAM config files..
I'm pretty sure it is not related to SSSD at all but a policykit feature. To reproduce make sure you have a user in the wheel group, stop sssd and call pkexec. pkexec will ask you for the password of the user from the wheel group. If there are multiple users in the wheel group the first one is used.
So it will be good if Nikos can confirm it with output of command "getent group wheel" If it's true than workaround might be to change of users in wheel group.
(In reply to Lukas Slebodnik from comment #2) > I doubt it's related to sssd but > > Please provide steps to reproduce: > In my case, command just fails it does not want to install any package. > > > sh$ indent -linux common/common.c > -bash: indent: command not found > sh$ echo $? > 127 run yum extender.
(In reply to Lukas Slebodnik from comment #6) > So it will be good if Nikos can confirm it with output of command > "getent group wheel" > > If it's true than workaround might be to change of users in wheel group. $ getent group wheel wheel:x:10:test
(In reply to Sumit Bose from comment #5) > I'm pretty sure it is not related to SSSD at all but a policykit feature. > > To reproduce make sure you have a user in the wheel group, stop sssd and > call pkexec. pkexec will ask you for the password of the user from the wheel > group. If there are multiple users in the wheel group the first one is used. Should then this be assigned to policykit? I doubt that this is an intended feature.
(In reply to Nikos Mavrogiannopoulos from comment #9) > (In reply to Sumit Bose from comment #5) > > I'm pretty sure it is not related to SSSD at all but a policykit feature. > > > > To reproduce make sure you have a user in the wheel group, stop sssd and > > call pkexec. pkexec will ask you for the password of the user from the wheel > > group. If there are multiple users in the wheel group the first one is used. > > Should then this be assigned to policykit? I doubt that this is an intended > feature. My bad. It seems that my user is not in the wheel group but only in sudo group, thus the prompt is indeed the expected one. Policykit seems to do the right thing even in the wrong order. Sorry for the noise.