Starting around Ubuntu 11.10 or so, Canonical implemented PolicyKit rules that allowed users to gain certain access permissions for which I was uncomfortable. I documented my first exposure to this issue xxhere|polkit-adminxx.

After having upgraded to Xubuntu 14.04 64-bit, this issue is still in force, with some more permissions given to users through this facility. The xxprior instructions|polkit-adminxx are still applicable, with attention paid to the fact that additional stanzas are now defined within the configuration file.