[18:09] <ScaredySquirrel> I want to know how you'd tell PolicyKit not to ask users in the sudo group for any passwors
[18:09] <ScaredySquirrel> passwords when I do something that requires root priviledges
[18:10] <ScaredySquirrel> tails@tails-Inspiron-3582:/mnt/myusb$ id -Gn|grep -oe '\<sudo\>'
[18:10] <ScaredySquirrel> sudo
[18:10] <ScaredySquirrel> tails@tails-Inspiron-3582:/mnt/myusb$ cat /etc/os-release 
[18:10] <ScaredySquirrel> NAME="Ubuntu"
[18:10] <ScaredySquirrel> VERSION="20.04 LTS (Focal Fossa)"
[18:11] <ScaredySquirrel> and here's my policykit : http://dpaste.com/2CK3Z6M
[18:17] <ScaredySquirrel> would anything be wrong with my policykit file? what else do I need to change?
[18:34] <TJ-> ScaredySquirrel: I wonder if a rule would help? see https://wiki.archlinux.org/index.php/Polkit#Authorization_rules
[18:37] <ScaredySquirrel> TJ-: I don't know how to use globs
[18:39] <ScaredySquirrel> if(action.id =~ "org.debian.apt.*" && subject.isInGroup("sudo")) { return polkit.Result.YES; }
[18:43] <TJ-> I don't think the glob * is required
[18:45] <ScaredySquirrel> but why?
[18:45] <ScaredySquirrel> there's this nopasswd global rules thingy but then firefox would laugh and auto authenticate
[18:46] <ScaredySquirrel> it doesn't use polkit so no...not the case
[18:46] <ScaredySquirrel> there would have to be a huge hole in there to make it launch a little program that uses polkit and dbus and then that would happen
[18:46] <ScaredySquirrel> because it doesn't care in this case
[18:46] <ScaredySquirrel> about what little dbus handle the app uses
[18:49] <ScaredySquirrel> so that nopasswd global rules is telling it to ignore the action
[18:49] <TJ-> If it is the polkit user agent pormpting for the password then you should be able to use a polkit rule to handle it
[18:50] <ScaredySquirrel> wait does polkit at least put a dialog up with Authenticate and click there and it just goes ahead and elevates to root?
[18:51] <ScaredySquirrel> at least if you put nopasswd global rule in?
[18:52] <ScaredySquirrel> i mean in that case
[18:52] <TJ-> for a global rule I'd expect no prompt
[18:52] <TJ-> I'm on about the current situation before making any changes
[18:53] <TJ-> As rules are written in Javascript you'd need to create a RegExp object and then call .test(...) on it
[18:53] <ScaredySquirrel> about the Current situation it says Authenticate I click there and it asks for a password when I have no password set
[18:54] <TJ-> asks for the password of a user where that user has no password?
[18:54] <ScaredySquirrel> yes
[18:55] <ScaredySquirrel> that user is is sudo <command> with NOPASSWD in sudoers for his sudo group so he needs no password for that
[18:55] <TJ-> well that makes sense, it's not polkit's fault the invoking user has no password
[18:56] <ScaredySquirrel> however policykit has its no password policy
[18:56] <ScaredySquirrel> where only policykit asks for and requires a password when it has no password
[18:56] <TJ-> ScaredySquirrel: but polkit doesn't use sudo/sudoers, it is entirely separate. All it does do is observe which group(s) a user should be in
[18:57] <TJ-> It used to be the adm group
[18:57] <ScaredySquirrel> mhm its seperate so what to do to apply the same nopasswd policy to polkit for users in the sudo group?
[18:58] <ScaredySquirrel> and i take in mind its not sudo so its not the same system
[18:58] <ScaredySquirrel> polkit will not use the same policy as sudo
[18:58] <ScaredySquirrel> i just want similar
[18:59] <TJ-> As I understood it, you only want no-password to apply to a sub-set of calls, not for everthing a user might try to do
[18:59] <ScaredySquirrel> unless policykit always forces you to use the Authenticate dialog
[19:00] <ScaredySquirrel> if an app can just take over and press Authenticate for you that's not what I want
[19:00] <TJ-> the link I provided earlier gives good examples of various scenarios, https://wiki.archlinux.org/index.php/Polkit#For_specific_actions