Allow regular user to update software via GUI and update notifier












5















I want to demote a user with admin right to a regular user.



But I want to let her continue to do the updates as before via the GUI. Explicitly, allow the updates to happen when asked to do so via the update notifier dialog.



I don't know if it's possible, and if yes, what sudo rules should I use so that that user can do the updates.



I am only familiar with apt command.
What command/software are used to get notification about updates, and then to run the update process ?



Is it too complicated and requires administrative privileges after all ?










share|improve this question



























    5















    I want to demote a user with admin right to a regular user.



    But I want to let her continue to do the updates as before via the GUI. Explicitly, allow the updates to happen when asked to do so via the update notifier dialog.



    I don't know if it's possible, and if yes, what sudo rules should I use so that that user can do the updates.



    I am only familiar with apt command.
    What command/software are used to get notification about updates, and then to run the update process ?



    Is it too complicated and requires administrative privileges after all ?










    share|improve this question

























      5












      5








      5


      1






      I want to demote a user with admin right to a regular user.



      But I want to let her continue to do the updates as before via the GUI. Explicitly, allow the updates to happen when asked to do so via the update notifier dialog.



      I don't know if it's possible, and if yes, what sudo rules should I use so that that user can do the updates.



      I am only familiar with apt command.
      What command/software are used to get notification about updates, and then to run the update process ?



      Is it too complicated and requires administrative privileges after all ?










      share|improve this question














      I want to demote a user with admin right to a regular user.



      But I want to let her continue to do the updates as before via the GUI. Explicitly, allow the updates to happen when asked to do so via the update notifier dialog.



      I don't know if it's possible, and if yes, what sudo rules should I use so that that user can do the updates.



      I am only familiar with apt command.
      What command/software are used to get notification about updates, and then to run the update process ?



      Is it too complicated and requires administrative privileges after all ?







      apt updates notification






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 3 '18 at 14:35









      solsTiCesolsTiCe

      6,01922048




      6,01922048






















          2 Answers
          2






          active

          oldest

          votes


















          6














          The GUI uses Polkit for authentication and authorization. The relevant Polkit actions seem to be, for apt:



          org.debian.apt.cancel-foreign
          org.debian.apt.change-config
          org.debian.apt.change-repository
          org.debian.apt.clean
          org.debian.apt.get-trusted-vendor-keys
          org.debian.apt.install-file
          org.debian.apt.install-or-remove-packages
          org.debian.apt.install-packages-from-new-repo
          org.debian.apt.install-packages.high-trust-repo
          org.debian.apt.install-purchased-packages
          org.debian.apt.set-proxy
          org.debian.apt.update-cache
          org.debian.apt.upgrade-packages


          Possibly, you might need the following as well, for snaps:



          io.snapcraft.login
          io.snapcraft.snapd.login
          io.snapcraft.snapd.manage
          io.snapcraft.snapd.manage-interfaces


          Additionally, Ubuntu Software does various actions via PackageKit, so actions for those as well:



          org.freedesktop.packagekit.cancel-foreign
          org.freedesktop.packagekit.clear-offline-update
          org.freedesktop.packagekit.device-rebind
          org.freedesktop.packagekit.package-downgrade
          org.freedesktop.packagekit.package-eula-accept
          org.freedesktop.packagekit.package-install
          org.freedesktop.packagekit.package-install-untrusted
          org.freedesktop.packagekit.package-reinstall
          org.freedesktop.packagekit.package-remove
          org.freedesktop.packagekit.repair-system
          org.freedesktop.packagekit.system-network-proxy-configure
          org.freedesktop.packagekit.system-sources-configure
          org.freedesktop.packagekit.system-sources-refresh
          org.freedesktop.packagekit.system-trust-signing-key
          org.freedesktop.packagekit.system-update
          org.freedesktop.packagekit.trigger-offline-update
          org.freedesktop.packagekit.trigger-offline-upgrade
          org.freedesktop.packagekit.upgrade-system


          And for update-manager:



          com.ubuntu.update-notifier.pkexec.cddistupgrader
          com.ubuntu.update-notifier.pkexec.package-system-locked


          And for synaptic:



          com.ubuntu.pkexec.synaptic


          To configure Polkit privileges, create a .pkla file in /etc/polkit-1/localauthority/50-local.d named, say, allow-pkg-mgmt.pkla, containing:



          [Allow Package Management to user foo]
          Identity=unix-user:foo
          Action=org.debian.apt.*;io.snapcraft.*;org.freedesktop.packagekit.*;com.ubuntu.update-notifier.*
          ResultActive=auth_self


          See man 8 pklocalauthority for more on configuring Polkit privileges, and the output of pkaction for more actions. For some reason, I had to use ResultActive instead of ResultAny before it would ask for the unprivileged user's password.






          share|improve this answer


























          • seems a very good answer to me. checking right now in a VM if this works. Isn't ResultAny=auth_self shouldn't be auth_admin isntead ?

            – solsTiCe
            Dec 15 '18 at 12:42













          • Depends. Do you want actions done by this user to require authentication from an admin user?

            – muru
            Dec 15 '18 at 13:46






          • 1





            One thing I want to add here: in case you want to use Identity=unix-group:adm at your site (or some other group), since Ubuntu 18.04 you need to add this group as well under AdminIdentities= in the file /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf.

            – Sebastian Stark
            Dec 15 '18 at 21:41











          • @SebastianStark you don't need to add to that file. You can create a second file and set admin identities in it. askubuntu.com/a/642756/158442

            – muru
            Dec 16 '18 at 4:27











          • @muru even better

            – Sebastian Stark
            Dec 17 '18 at 14:03



















          0














          The polkit looks a bit complicated to me.



          I would add an entry in /etc/sudoers, like:



          her-login ALL=(root) NOPASSWORD: apt update
          her-login ALL=(root) NOPASSWORD: apt upgrade
          ( check syntax! )



          And then create a icon that starts 'sudo apt update && sudo apt upgrade'



          This allows 'her-login' to run just 2 commands as root...
          Same could be done done for, say sudo mintupdate, if a more 'GUI' approch is wanted.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "89"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1089727%2fallow-regular-user-to-update-software-via-gui-and-update-notifier%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            6














            The GUI uses Polkit for authentication and authorization. The relevant Polkit actions seem to be, for apt:



            org.debian.apt.cancel-foreign
            org.debian.apt.change-config
            org.debian.apt.change-repository
            org.debian.apt.clean
            org.debian.apt.get-trusted-vendor-keys
            org.debian.apt.install-file
            org.debian.apt.install-or-remove-packages
            org.debian.apt.install-packages-from-new-repo
            org.debian.apt.install-packages.high-trust-repo
            org.debian.apt.install-purchased-packages
            org.debian.apt.set-proxy
            org.debian.apt.update-cache
            org.debian.apt.upgrade-packages


            Possibly, you might need the following as well, for snaps:



            io.snapcraft.login
            io.snapcraft.snapd.login
            io.snapcraft.snapd.manage
            io.snapcraft.snapd.manage-interfaces


            Additionally, Ubuntu Software does various actions via PackageKit, so actions for those as well:



            org.freedesktop.packagekit.cancel-foreign
            org.freedesktop.packagekit.clear-offline-update
            org.freedesktop.packagekit.device-rebind
            org.freedesktop.packagekit.package-downgrade
            org.freedesktop.packagekit.package-eula-accept
            org.freedesktop.packagekit.package-install
            org.freedesktop.packagekit.package-install-untrusted
            org.freedesktop.packagekit.package-reinstall
            org.freedesktop.packagekit.package-remove
            org.freedesktop.packagekit.repair-system
            org.freedesktop.packagekit.system-network-proxy-configure
            org.freedesktop.packagekit.system-sources-configure
            org.freedesktop.packagekit.system-sources-refresh
            org.freedesktop.packagekit.system-trust-signing-key
            org.freedesktop.packagekit.system-update
            org.freedesktop.packagekit.trigger-offline-update
            org.freedesktop.packagekit.trigger-offline-upgrade
            org.freedesktop.packagekit.upgrade-system


            And for update-manager:



            com.ubuntu.update-notifier.pkexec.cddistupgrader
            com.ubuntu.update-notifier.pkexec.package-system-locked


            And for synaptic:



            com.ubuntu.pkexec.synaptic


            To configure Polkit privileges, create a .pkla file in /etc/polkit-1/localauthority/50-local.d named, say, allow-pkg-mgmt.pkla, containing:



            [Allow Package Management to user foo]
            Identity=unix-user:foo
            Action=org.debian.apt.*;io.snapcraft.*;org.freedesktop.packagekit.*;com.ubuntu.update-notifier.*
            ResultActive=auth_self


            See man 8 pklocalauthority for more on configuring Polkit privileges, and the output of pkaction for more actions. For some reason, I had to use ResultActive instead of ResultAny before it would ask for the unprivileged user's password.






            share|improve this answer


























            • seems a very good answer to me. checking right now in a VM if this works. Isn't ResultAny=auth_self shouldn't be auth_admin isntead ?

              – solsTiCe
              Dec 15 '18 at 12:42













            • Depends. Do you want actions done by this user to require authentication from an admin user?

              – muru
              Dec 15 '18 at 13:46






            • 1





              One thing I want to add here: in case you want to use Identity=unix-group:adm at your site (or some other group), since Ubuntu 18.04 you need to add this group as well under AdminIdentities= in the file /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf.

              – Sebastian Stark
              Dec 15 '18 at 21:41











            • @SebastianStark you don't need to add to that file. You can create a second file and set admin identities in it. askubuntu.com/a/642756/158442

              – muru
              Dec 16 '18 at 4:27











            • @muru even better

              – Sebastian Stark
              Dec 17 '18 at 14:03
















            6














            The GUI uses Polkit for authentication and authorization. The relevant Polkit actions seem to be, for apt:



            org.debian.apt.cancel-foreign
            org.debian.apt.change-config
            org.debian.apt.change-repository
            org.debian.apt.clean
            org.debian.apt.get-trusted-vendor-keys
            org.debian.apt.install-file
            org.debian.apt.install-or-remove-packages
            org.debian.apt.install-packages-from-new-repo
            org.debian.apt.install-packages.high-trust-repo
            org.debian.apt.install-purchased-packages
            org.debian.apt.set-proxy
            org.debian.apt.update-cache
            org.debian.apt.upgrade-packages


            Possibly, you might need the following as well, for snaps:



            io.snapcraft.login
            io.snapcraft.snapd.login
            io.snapcraft.snapd.manage
            io.snapcraft.snapd.manage-interfaces


            Additionally, Ubuntu Software does various actions via PackageKit, so actions for those as well:



            org.freedesktop.packagekit.cancel-foreign
            org.freedesktop.packagekit.clear-offline-update
            org.freedesktop.packagekit.device-rebind
            org.freedesktop.packagekit.package-downgrade
            org.freedesktop.packagekit.package-eula-accept
            org.freedesktop.packagekit.package-install
            org.freedesktop.packagekit.package-install-untrusted
            org.freedesktop.packagekit.package-reinstall
            org.freedesktop.packagekit.package-remove
            org.freedesktop.packagekit.repair-system
            org.freedesktop.packagekit.system-network-proxy-configure
            org.freedesktop.packagekit.system-sources-configure
            org.freedesktop.packagekit.system-sources-refresh
            org.freedesktop.packagekit.system-trust-signing-key
            org.freedesktop.packagekit.system-update
            org.freedesktop.packagekit.trigger-offline-update
            org.freedesktop.packagekit.trigger-offline-upgrade
            org.freedesktop.packagekit.upgrade-system


            And for update-manager:



            com.ubuntu.update-notifier.pkexec.cddistupgrader
            com.ubuntu.update-notifier.pkexec.package-system-locked


            And for synaptic:



            com.ubuntu.pkexec.synaptic


            To configure Polkit privileges, create a .pkla file in /etc/polkit-1/localauthority/50-local.d named, say, allow-pkg-mgmt.pkla, containing:



            [Allow Package Management to user foo]
            Identity=unix-user:foo
            Action=org.debian.apt.*;io.snapcraft.*;org.freedesktop.packagekit.*;com.ubuntu.update-notifier.*
            ResultActive=auth_self


            See man 8 pklocalauthority for more on configuring Polkit privileges, and the output of pkaction for more actions. For some reason, I had to use ResultActive instead of ResultAny before it would ask for the unprivileged user's password.






            share|improve this answer


























            • seems a very good answer to me. checking right now in a VM if this works. Isn't ResultAny=auth_self shouldn't be auth_admin isntead ?

              – solsTiCe
              Dec 15 '18 at 12:42













            • Depends. Do you want actions done by this user to require authentication from an admin user?

              – muru
              Dec 15 '18 at 13:46






            • 1





              One thing I want to add here: in case you want to use Identity=unix-group:adm at your site (or some other group), since Ubuntu 18.04 you need to add this group as well under AdminIdentities= in the file /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf.

              – Sebastian Stark
              Dec 15 '18 at 21:41











            • @SebastianStark you don't need to add to that file. You can create a second file and set admin identities in it. askubuntu.com/a/642756/158442

              – muru
              Dec 16 '18 at 4:27











            • @muru even better

              – Sebastian Stark
              Dec 17 '18 at 14:03














            6












            6








            6







            The GUI uses Polkit for authentication and authorization. The relevant Polkit actions seem to be, for apt:



            org.debian.apt.cancel-foreign
            org.debian.apt.change-config
            org.debian.apt.change-repository
            org.debian.apt.clean
            org.debian.apt.get-trusted-vendor-keys
            org.debian.apt.install-file
            org.debian.apt.install-or-remove-packages
            org.debian.apt.install-packages-from-new-repo
            org.debian.apt.install-packages.high-trust-repo
            org.debian.apt.install-purchased-packages
            org.debian.apt.set-proxy
            org.debian.apt.update-cache
            org.debian.apt.upgrade-packages


            Possibly, you might need the following as well, for snaps:



            io.snapcraft.login
            io.snapcraft.snapd.login
            io.snapcraft.snapd.manage
            io.snapcraft.snapd.manage-interfaces


            Additionally, Ubuntu Software does various actions via PackageKit, so actions for those as well:



            org.freedesktop.packagekit.cancel-foreign
            org.freedesktop.packagekit.clear-offline-update
            org.freedesktop.packagekit.device-rebind
            org.freedesktop.packagekit.package-downgrade
            org.freedesktop.packagekit.package-eula-accept
            org.freedesktop.packagekit.package-install
            org.freedesktop.packagekit.package-install-untrusted
            org.freedesktop.packagekit.package-reinstall
            org.freedesktop.packagekit.package-remove
            org.freedesktop.packagekit.repair-system
            org.freedesktop.packagekit.system-network-proxy-configure
            org.freedesktop.packagekit.system-sources-configure
            org.freedesktop.packagekit.system-sources-refresh
            org.freedesktop.packagekit.system-trust-signing-key
            org.freedesktop.packagekit.system-update
            org.freedesktop.packagekit.trigger-offline-update
            org.freedesktop.packagekit.trigger-offline-upgrade
            org.freedesktop.packagekit.upgrade-system


            And for update-manager:



            com.ubuntu.update-notifier.pkexec.cddistupgrader
            com.ubuntu.update-notifier.pkexec.package-system-locked


            And for synaptic:



            com.ubuntu.pkexec.synaptic


            To configure Polkit privileges, create a .pkla file in /etc/polkit-1/localauthority/50-local.d named, say, allow-pkg-mgmt.pkla, containing:



            [Allow Package Management to user foo]
            Identity=unix-user:foo
            Action=org.debian.apt.*;io.snapcraft.*;org.freedesktop.packagekit.*;com.ubuntu.update-notifier.*
            ResultActive=auth_self


            See man 8 pklocalauthority for more on configuring Polkit privileges, and the output of pkaction for more actions. For some reason, I had to use ResultActive instead of ResultAny before it would ask for the unprivileged user's password.






            share|improve this answer















            The GUI uses Polkit for authentication and authorization. The relevant Polkit actions seem to be, for apt:



            org.debian.apt.cancel-foreign
            org.debian.apt.change-config
            org.debian.apt.change-repository
            org.debian.apt.clean
            org.debian.apt.get-trusted-vendor-keys
            org.debian.apt.install-file
            org.debian.apt.install-or-remove-packages
            org.debian.apt.install-packages-from-new-repo
            org.debian.apt.install-packages.high-trust-repo
            org.debian.apt.install-purchased-packages
            org.debian.apt.set-proxy
            org.debian.apt.update-cache
            org.debian.apt.upgrade-packages


            Possibly, you might need the following as well, for snaps:



            io.snapcraft.login
            io.snapcraft.snapd.login
            io.snapcraft.snapd.manage
            io.snapcraft.snapd.manage-interfaces


            Additionally, Ubuntu Software does various actions via PackageKit, so actions for those as well:



            org.freedesktop.packagekit.cancel-foreign
            org.freedesktop.packagekit.clear-offline-update
            org.freedesktop.packagekit.device-rebind
            org.freedesktop.packagekit.package-downgrade
            org.freedesktop.packagekit.package-eula-accept
            org.freedesktop.packagekit.package-install
            org.freedesktop.packagekit.package-install-untrusted
            org.freedesktop.packagekit.package-reinstall
            org.freedesktop.packagekit.package-remove
            org.freedesktop.packagekit.repair-system
            org.freedesktop.packagekit.system-network-proxy-configure
            org.freedesktop.packagekit.system-sources-configure
            org.freedesktop.packagekit.system-sources-refresh
            org.freedesktop.packagekit.system-trust-signing-key
            org.freedesktop.packagekit.system-update
            org.freedesktop.packagekit.trigger-offline-update
            org.freedesktop.packagekit.trigger-offline-upgrade
            org.freedesktop.packagekit.upgrade-system


            And for update-manager:



            com.ubuntu.update-notifier.pkexec.cddistupgrader
            com.ubuntu.update-notifier.pkexec.package-system-locked


            And for synaptic:



            com.ubuntu.pkexec.synaptic


            To configure Polkit privileges, create a .pkla file in /etc/polkit-1/localauthority/50-local.d named, say, allow-pkg-mgmt.pkla, containing:



            [Allow Package Management to user foo]
            Identity=unix-user:foo
            Action=org.debian.apt.*;io.snapcraft.*;org.freedesktop.packagekit.*;com.ubuntu.update-notifier.*
            ResultActive=auth_self


            See man 8 pklocalauthority for more on configuring Polkit privileges, and the output of pkaction for more actions. For some reason, I had to use ResultActive instead of ResultAny before it would ask for the unprivileged user's password.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Dec 20 '18 at 6:12

























            answered Dec 15 '18 at 5:12









            murumuru

            1




            1













            • seems a very good answer to me. checking right now in a VM if this works. Isn't ResultAny=auth_self shouldn't be auth_admin isntead ?

              – solsTiCe
              Dec 15 '18 at 12:42













            • Depends. Do you want actions done by this user to require authentication from an admin user?

              – muru
              Dec 15 '18 at 13:46






            • 1





              One thing I want to add here: in case you want to use Identity=unix-group:adm at your site (or some other group), since Ubuntu 18.04 you need to add this group as well under AdminIdentities= in the file /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf.

              – Sebastian Stark
              Dec 15 '18 at 21:41











            • @SebastianStark you don't need to add to that file. You can create a second file and set admin identities in it. askubuntu.com/a/642756/158442

              – muru
              Dec 16 '18 at 4:27











            • @muru even better

              – Sebastian Stark
              Dec 17 '18 at 14:03



















            • seems a very good answer to me. checking right now in a VM if this works. Isn't ResultAny=auth_self shouldn't be auth_admin isntead ?

              – solsTiCe
              Dec 15 '18 at 12:42













            • Depends. Do you want actions done by this user to require authentication from an admin user?

              – muru
              Dec 15 '18 at 13:46






            • 1





              One thing I want to add here: in case you want to use Identity=unix-group:adm at your site (or some other group), since Ubuntu 18.04 you need to add this group as well under AdminIdentities= in the file /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf.

              – Sebastian Stark
              Dec 15 '18 at 21:41











            • @SebastianStark you don't need to add to that file. You can create a second file and set admin identities in it. askubuntu.com/a/642756/158442

              – muru
              Dec 16 '18 at 4:27











            • @muru even better

              – Sebastian Stark
              Dec 17 '18 at 14:03

















            seems a very good answer to me. checking right now in a VM if this works. Isn't ResultAny=auth_self shouldn't be auth_admin isntead ?

            – solsTiCe
            Dec 15 '18 at 12:42







            seems a very good answer to me. checking right now in a VM if this works. Isn't ResultAny=auth_self shouldn't be auth_admin isntead ?

            – solsTiCe
            Dec 15 '18 at 12:42















            Depends. Do you want actions done by this user to require authentication from an admin user?

            – muru
            Dec 15 '18 at 13:46





            Depends. Do you want actions done by this user to require authentication from an admin user?

            – muru
            Dec 15 '18 at 13:46




            1




            1





            One thing I want to add here: in case you want to use Identity=unix-group:adm at your site (or some other group), since Ubuntu 18.04 you need to add this group as well under AdminIdentities= in the file /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf.

            – Sebastian Stark
            Dec 15 '18 at 21:41





            One thing I want to add here: in case you want to use Identity=unix-group:adm at your site (or some other group), since Ubuntu 18.04 you need to add this group as well under AdminIdentities= in the file /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf.

            – Sebastian Stark
            Dec 15 '18 at 21:41













            @SebastianStark you don't need to add to that file. You can create a second file and set admin identities in it. askubuntu.com/a/642756/158442

            – muru
            Dec 16 '18 at 4:27





            @SebastianStark you don't need to add to that file. You can create a second file and set admin identities in it. askubuntu.com/a/642756/158442

            – muru
            Dec 16 '18 at 4:27













            @muru even better

            – Sebastian Stark
            Dec 17 '18 at 14:03





            @muru even better

            – Sebastian Stark
            Dec 17 '18 at 14:03













            0














            The polkit looks a bit complicated to me.



            I would add an entry in /etc/sudoers, like:



            her-login ALL=(root) NOPASSWORD: apt update
            her-login ALL=(root) NOPASSWORD: apt upgrade
            ( check syntax! )



            And then create a icon that starts 'sudo apt update && sudo apt upgrade'



            This allows 'her-login' to run just 2 commands as root...
            Same could be done done for, say sudo mintupdate, if a more 'GUI' approch is wanted.






            share|improve this answer




























              0














              The polkit looks a bit complicated to me.



              I would add an entry in /etc/sudoers, like:



              her-login ALL=(root) NOPASSWORD: apt update
              her-login ALL=(root) NOPASSWORD: apt upgrade
              ( check syntax! )



              And then create a icon that starts 'sudo apt update && sudo apt upgrade'



              This allows 'her-login' to run just 2 commands as root...
              Same could be done done for, say sudo mintupdate, if a more 'GUI' approch is wanted.






              share|improve this answer


























                0












                0








                0







                The polkit looks a bit complicated to me.



                I would add an entry in /etc/sudoers, like:



                her-login ALL=(root) NOPASSWORD: apt update
                her-login ALL=(root) NOPASSWORD: apt upgrade
                ( check syntax! )



                And then create a icon that starts 'sudo apt update && sudo apt upgrade'



                This allows 'her-login' to run just 2 commands as root...
                Same could be done done for, say sudo mintupdate, if a more 'GUI' approch is wanted.






                share|improve this answer













                The polkit looks a bit complicated to me.



                I would add an entry in /etc/sudoers, like:



                her-login ALL=(root) NOPASSWORD: apt update
                her-login ALL=(root) NOPASSWORD: apt upgrade
                ( check syntax! )



                And then create a icon that starts 'sudo apt update && sudo apt upgrade'



                This allows 'her-login' to run just 2 commands as root...
                Same could be done done for, say sudo mintupdate, if a more 'GUI' approch is wanted.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 20 '18 at 8:08









                Holger MorgenHolger Morgen

                567




                567






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1089727%2fallow-regular-user-to-update-software-via-gui-and-update-notifier%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    How to change which sound is reproduced for terminal bell?

                    Can I use Tabulator js library in my java Spring + Thymeleaf project?

                    Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents