[Bug 1800297] Re: localectl updates /etc/default/locale without root privileges

Mon Oct 29 17:35:53 UTC 2018

root group is irrelevant here, and should not be used to enforce ACLs.

On Ubuntu, root user is disabled by default. Instead, regular user
accounts are treated as admin accounts if they have the permission to
`sudo` into root. This is done, by default, by adding user accounts to
`sudo` group. This is also what gnome account services / policykit / etc
use to determine `who is admin`.

E.g. in gnome-settings on Ubuntu, one can toggle user accounts between
normal and administrator, which removes/adds sudo group to a given
account.

Policykit does correct authentication to execute this action. Accounts
in `sudo` group can execute it directly, otherwise a policykit popup
appears listing all existing `sudo` group members and asking to
authenticate as one of those people. I have just tested that this all
works correctly on cosmic.

So, if you don't expect this behaviour on this particular account,
`sudo` group is the one to remove. But note that is the same group that
makes `sudo -i` work, so please don't lock yourself out if that's the
only sudo capable account!

Thus everything works as expected, and administrator accounts can do the
same action (with less validation) via `sudo nano /etc/default/locale`.

** Changed in: systemd (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1800297

Title:
  localectl updates /etc/default/locale without root privileges

Status in systemd package in Ubuntu:
  Invalid

Bug description:
  localectl updates /etc/default/locale when it is run as non root user:
  $ localectl set-locale LANG=en_US.UTF-8

  $ ls -l /etc/default/locale 
  -rw-r--r-- 1 root root 17 Oct 26 12:46 /etc/default/locale

  My account is neither root nor in group root:
  $ groups
  christian adm cdrom sudo dip plugdev lpadmin sambashare

  $ ls -al `which localectl`
  -rwxr-xr-x 1 root root 21916 Oct  4 16:58 /usr/bin/localectl

  --- 
  ProblemType: Bug
  ApportVersion: 2.20.10-0ubuntu13
  Architecture: i386
  CurrentDesktop: LXQt
  DistroRelease: Ubuntu 18.10
  MachineType: Dell Inc. MM061
  Package: systemd 239-7ubuntu10
  PackageArchitecture: i386
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-10-generic root=/dev/mapper/vg0-fedora ro
  ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12
  SystemdDelta:
   [EXTENDED]   /lib/systemd/system/rc-local.service → /lib/systemd/system/rc-local.service.d/debian.conf
   [EXTENDED]   /lib/systemd/system/user at .service → /lib/systemd/system/user at .service.d/timeout.conf

   2 overridden configuration files found.
  Tags:  cosmic
  Uname: Linux 4.18.0-10-generic i686
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
  _MarkForUpload: True
  dmi.bios.date: 06/13/2007
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A17
  dmi.board.name: 0KD882
  dmi.board.vendor: Dell Inc.
  dmi.chassis.type: 8
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: dmi:bvnDellInc.:bvrA17:bd06/13/2007:svnDellInc.:pnMM061:pvr:rvnDellInc.:rn0KD882:rvr:cvnDellInc.:ct8:cvr:
  dmi.product.name: MM061
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1800297/+subscriptions