Allow user to upgrade installed packages

My users don't have administrative privileges. I don't allow them to install packages from Ubuntu repositories but they must be able to install all updates availables from Ubuntu repositories and my custom one.

I created the file /var/lib/polkit-1/localauthority/50-local.d/automaticupdates.pkla:

[Update Manager]
Identity=unix-user:*
Action=org.debian.apt.upgrade-packages
ResultActive=yes

This work when no new packages are proposed by software update, but if an updated packages try to push a new package, it fails (=ask for admin password) because it need org.debian.apt.install-or-remove-packages permission.

If I uncheck theses new packages and start the update process, the update starts... and install theses packages anyway even without the permission.

There is a way to make update manager to install all updates without asking for admin password?

This is an example of update not working without admin password:

The following NEW packages will be installed:
linux-headers-3.2.0-33{a} linux-headers-3.2.0-33-generic{a}
linux-image-3.2.0-33-generic{a}
The following packages will be upgraded:
apport apport-gtk gir1.2-gtk-3.0 gnome-settings-daemon libgail-3-0
libgtk-3-0 libgtk-3-bin libgtk-3-common linux-generic
linux-headers-generic linux-image-generic linux-libc-dev python-apport
python-problem-report
14 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/55.4 MB of archives. After unpacking 217 MB will be used.


Another option might be to just turn on unattended upgrades, then the users won't even see the prompts:

  • How do I enable automatic updates?