On Thu, 2023-04-06 at 11:04 -0400, Jeffrey Walton wrote:
> On Thu, Apr 6, 2023 at 8:36 AM B.M. <b-m...@gmx.ch> wrote:
> >
> > I configured my system such that some users are in group sudo, but
> > they are
> > asked for the root password instead of just their user password by
> > creating a
> > file within /etc/sudoers.d/ with the line:
> >
> > Defaults rootpw
> >
> > This is working just fine, but for graphical applications it
> > doesn't work: e.g.
> > to start synaptic I get a password prompt requiring my user
> > password, not the
> > root password.
> >
> > How can I configure my system such that entering the root password
> > is also
> > required in these cases?
> >
> > (Maybe there is something with polkit, but I couldn't figure out
> > myself...)
>
> May be helpful:
> https://askubuntu.com/questions/1199006/how-to-let-polkit-request-root-password-instead-users-password
>
> And possibly
> https://askubuntu.com/questions/1246661/defaults-rootpw-for-the-gui-password-prompt
>
> Jeff
Thank you for your ideas.
In fact it seems that these solutions are a bit outdated - I found out
that the following is needed, as documented in the Arch Wiki.
PolicyKit got replaced by polkit (at least in current Debian Testing),
and the "old" solution with setting AdminIdentities doesn't work
anymore. Instead one has to add a file /etc/polkit-1/rules.d/50-
default.rules as follows:
polkit.addAdminRule(function(action, subject) {
return ["unix-user:0"];
});
in order to require root credentials for admin tasks (if sudo is
installed).
I hope someone finds this useful.
Best,
Bernd
