Package: pkexec Version: 122-3 Severity: normal To reproduce:
* Have a user in the sudo group, and default polkitd configuration, so they can do root-equivalent things after authenticating as themselves * Initial state: do not be logged in to the machine at all * Log in on a text virtual console (getty/login) or with interactive ssh, or use `ssh -t machine pkexec ...` to force allocation of a pseudo-terminal * Run: systemctl restart avahi-daemon.service (or any other service that is installed and is harmless to restart) * Run: pkexec true * Enter the user's correct password whenever prompted to authenticate Expected result: * `systemctl restart avahi-daemon.service` prompts for the user's password, then restarts avahi-daemon, successfully * `pkexec true` prompts for the user's password, then runs `true`, successfully Actual result: systemctl successfully prompts for the user's password, demonstrating that polkitd is working as intended (so this is a pkexec bug and not a polkitd bug): > $ ssh -t testvm systemctl restart avahi-daemon.service > ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ==== > Authentication is required to restart 'avahi-daemon.service'. > Authenticating as: Test User,,, (user) > Password: <type correct password here> > ==== AUTHENTICATION COMPLETE ==== > Connection to 192.168.122.143 closed. but pkexec fails with "No session for cookie": > $ ssh -t testvm pkexec true > ==== AUTHENTICATING FOR org.freedesktop.policykit.exec ==== > Authentication is needed to run `/usr/bin/true' as the super user > Authenticating as: Test User,,, (user) > Password: <type correct password here> > polkit-agent-helper-1: error response to PolicyKit daemon: > GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie > ==== AUTHENTICATION FAILED ==== > Error executing command as another user: Not authorized > > This incident has been reported. > Connection to 192.168.122.143 closed. Logging in on tty6 with getty/login has similar symptoms. I used ssh for the version quoted here because it was easier to copy/paste. smcv -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-3-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pkexec depends on: ii libc6 2.36-8 ii libglib2.0-0 2.74.5-1 ii libpam0g 1.5.2-6 ii libpolkit-agent-1-0 122-3 ii libpolkit-gobject-1-0 122-3 ii polkitd 122-3 pkexec recommends no packages. pkexec suggests no packages. Versions of packages pkexec is related to: pn elogind <none> pn libpam-elogind <none> ii libpam-systemd 252.5-2 ii systemd 252.5-2 -- no debconf information _______________________________________________ Pkg-utopia-maintainers mailing list Pkg-utopia-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers