此行为由 PolicyKit 的LocalAuthority配置控制。来自ADMINISTRATOR AUTHENTICATION以下部分man pklocalauthority:
Run Code Online (Sandbox Code Playgroud)By default, "administrator authentication" is defined as asking for the root password. Since some systems, for usability reasons, don't have a root password and instead rely on a group of users being member of an administrative group that gives them super-user privileges, the Local Authority can be configured to support this use-case as well. Configuration for the Local Authority is read from files in the /etc/polkit-1/localauthority.conf.d directory. All files are read in lexigraphical order (using the C locale) meaning that later files can override earlier ones. The file 50-localauthority.conf contains the settings provided by the OS vendor. Users and 3rd party packages can drop configuration files with a priority higher than 60 to change the defaults.
至少在我的(18.04)Ubuntu系统中,两个相关文件是50-localauthority.conf和51-ubuntu-admin.conf:
$ head /etc/polkit-1/localauthority.conf.d/*
==> /etc/polkit-1/localauthority.conf.d/50-localauthority.conf <==
# Configuration file for the PolicyKit Local Authority.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
#
# See the pklocalauthority(8) man page for more information
# about configuring the Local Authority.
#
[Configuration]
AdminIdentities=unix-user:0
==> /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf <==
[Configuration]
AdminIdentities=unix-group:sudo;unix-group:admin
因此,为了恢复到使用AdminIdentities=unix-user:0(ie root) 而不是 Ubuntu 默认值AdminIdentities=unix-group:sudo;unix-group:admin(即sudo和/或admin组的成员)的 PolicyKit 默认值,只需重命名该51-ubuntu-admin.conf文件以使其更早加载或根本不加载 - 对于例子
sudo mv /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf{,.ignore}
或注释掉AdminIdentities其中的条目。前一种选择可能更干净且更易于维护。
| 归档时间: |
|
| 查看次数: |
3361 次 |
| 最近记录: |