The current polkit rule is very broken
- any process running as wheel user can manipulate the system without any password prompt
- nonwheel users cant even update
So this obviously has to change.
Could you look at the new file and tell if anything is missing? I am unsure if even less is really needed.
- unprivileged users can use automatic updates and don’t even need to see them. This has to work everywhere also when remote logged in, or on a running system with no logged in user.
- if you change the system, you need a password.
- without a password nobody should be able to rebase, deploy, stop updates (fixing possible security vulnerabilities) etc.
This may break software stores without polkit password prompt. But I am honestly very much against encouraging layering RPMs in GUI software stores, as this is not even officially supported.
Do you find any loopholes that should also be behind a password? Or things that should be allowed?