Bug#1126728: steam-installer: be clearer about purpose of example polkit rules

[Simon McVittie]

Control: retitle -1 steam-installer: be clearer about purpose of example polkit rules
Control: severity -1 wishlist

On Sat, 31 Jan 2026 at 13:48:53 -0600, Kot wrote:
>The rule should be narrower in scope to only include Steam

As far as I'm aware, this is not possible (but if I'm wrong, suggestions 
welcome) - polkit can only distinguish between components that have a 
security boundary between them, and there is no security boundary 
between Steam and the rest of the desktop session if you are running it 
from this package. This is why the README.Debian suggests running Steam 
under a gaming-specific user account if privilege separation is 
important to you.

>The included /usr/share/doc/steam-installer/examples/50-steam-no-admin-actions.rules that is suggested in the README denies all PackageKit polkit requests.
>This breaks KDE Plasma's Discover and possibly GNOME Software, both of which rely on PackageKit. Packages are unable to be installed, updated or refreshed.

As the comment at the top says, this example polkit rule is intended to 
be applied to a special-purpose user account that will only run games, 
and is not going to take any administrative actions. The intention is 
that you will either switch to a different account to manage packages, 
or edit the example polkit rules to match your particular requirements.

For example you could have a user account named "kot" that has sudo 
access and all the privileges (sudo group membership), and a separate 
user account "game-player" (*not* a sudo group member) for running Steam.

If that is not the setup you are using, then these example polkit rules 
are not applicable to you.

>or at least a warning should be placed somewhere

Please suggest a suitable warning and a location where you would have 
seen it?

Thanks,
     smcv