Created attachment 12220 [details] Copypaste of terminal Greetings, I was able to get access to root account without knowing ( remembering ) password after installation on "alt-kworkstation-10.1-install-x86_64.iso" md5 of installation iso: c1e5326723ffacff16761beda9293f14 How did I managed to do that? 1. running "pkexec passwd root" on regular user ( in wheel group, installation puts me there automatically ) 2. changing root password to new one without knowing old one 3. If that was someone else's system, I could do nasty stuff to it There is same behaviour after upgrading to latest versions. Luckily it does not work if user trying to do that isn´t in wheel group. I'll try that behaviour on ALT virtualization too
Note: a user from the wheel group is not a regular user, but a system administrator. You can configure polkit to always ask for the root password by installing the polkit-rule-admin-root package. I build starterkits with this package: https://en.altlinux.org/Starterkits
(Ответ для Антон Мидюков на комментарий #1) > Note: a user from the wheel group is not a regular user, but a system > administrator. > > You can configure polkit to always ask for the root password by installing > the polkit-rule-admin-root package. I build starterkits with this package: > https://en.altlinux.org/Starterkits Based on this, I propose to close the bug
