summaryrefslogtreecommitdiffstats
path: root/features/root_access_control.feature
blob: 569dd2a8c56532427bd70ea2957292cdbb87e05e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
@product
Feature: Root access control enforcement
  As a Tails user
  when I set an administration password in Tails Greeter
  I can use the password for attaining administrative privileges.
  But when I do not set an administration password
  I should not be able to attain administration privileges at all.

  Scenario: If an administrative password is set in Tails Greeter the live user should be able to run arbitrary commands with administrative privileges.
    Given I set sudo password "asdf"
    And I log in to a new session
    And Tails Greeter has dealt with the sudo password
    Then I should be able to run administration commands as the live user

  Scenario: If no administrative password is set in Tails Greeter the live user should not be able to run arbitrary commands administrative privileges.
    Given I have started Tails from DVD without network and logged in
    And Tails Greeter has dealt with the sudo password
    Then I should not be able to run administration commands as the live user with the "" password
    And I should not be able to run administration commands as the live user with the "amnesia" password
    And I should not be able to run administration commands as the live user with the "live" password

  Scenario: If an administrative password is set in Tails Greeter the live user should be able to get administrative privileges through PolicyKit
    Given I set sudo password "asdf"
    And I log in to a new session
    And Tails Greeter has dealt with the sudo password
    And GNOME has started
    And running a command as root with pkexec requires PolicyKit administrator privileges
    Then I should be able to run a command as root with pkexec

  Scenario: If no administrative password is set in Tails Greeter the live user should not be able to get administrative privileges through PolicyKit with the standard passwords.
    Given I have started Tails from DVD without network and logged in
    And running a command as root with pkexec requires PolicyKit administrator privileges
    Then I should not be able to run a command as root with pkexec and the standard passwords