当前位置: 首页>>技术教程>>正文


更新管理器不要求输入密码

,

问题描述

Oneiric 更新管理器不再要求输入密码来更新已安装的软件。这是与以前版本相比的行为变化。有没有办法恢复这种行为并让 Oneiric 中的更新管理器再次要求输入密码?

谢谢!

最佳方案

这是故意的行为改变( source ):

\\n

As of Ubuntu 11.10, update-manager no longer prompts for the user’s password to apply updates. This was decided to improve usability and to make it easier for users to apply security updates and therefore increase system security. The rationale is as follows:

\\n

    \\n

  • Like in previous releases, by default only people in the admin group are allowed access to perform security updates.

    \\n

  • \\n

  • Only updates for already installed software can be applied without a password. Installing additional software still requires people to enter their password.

    \\n

  • \\n

  • The password prompt had become an irritant for some people such that they would just press ‘Cancel’ instead of installing the updates. The password prompt decreased system security for those users.

    \\n

  • \\n

  • People that did dutifully apply updates became conditioned to enter their privileged password perhaps daily. When the user is prompted for the password, it should mean something and the frequency of update-manager updates meant that some people no longer thought about why they were entering their password. For these users, the password prompt had the potential to reduce security.

    \\n

  • \\n

\\n

For environments where this change is deemed not appropriate, this functionality can be disabled by the administrator via PolicyKit or by creating users that are not in the admin group (a recommended practice to begin with).

\\n

相关 PolicyKit 策略在文件 /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla 中:

[Update already installed software]
Identity=unix-group:admin
Action=org.debian.apt.upgrade-packages
ResultActive=yes

这授予管理员组中的任何人无需输入密码即可更新软件包的权限。我以前从未使用过 PolicyKit,但根据我对 manpage for pklocalauthority 的阅读,要覆盖它,您应该创建一个 this 文件。

/var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla

你需要超级用户权限来创建它,所以使用这个命令……

gksudo gedit /var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla

这将在 gedit 中打开一个新文件并将以下策略条目放入其中:

[Require password to upgrade already installed software]
Identity=unix-group:admin
Action=org.debian.apt.upgrade-packages
ResultActive=auth_admin

保存并退出 gedit,您现在可以打开更新管理器,它会在应用任何更新之前要求您确认密码。

参考资料

本文由Ubuntu问答整理, 博文地址: https://ubuntuqa.com/article/12867.html,未经允许,请勿转载。