Re: How: Require root password instead of user password for GUI programs
On Fri, Apr 07, 2023 at 11:38:28PM +0100, Brian wrote: > On Fri 07 Apr 2023 at 21:09:59 +0200, to...@tuxteam.de wrote: [...] > > You folks keeping up with desktop environments are > > real heroes:-) > > It's a dirty job, but someone has to do it :). I gave up and ended at Fvwm in a big round circle. I'm too old for this shit. Cheers -- t signature.asc Description: PGP signature
Re: How: Require root password instead of user password for GUI programs
On Fri 07 Apr 2023 at 21:09:59 +0200, to...@tuxteam.de wrote:
> On Fri, Apr 07, 2023 at 06:22:48PM +0200, B.M. wrote:
>
> [...]
>
> > PolicyKit got replaced by polkit (at least in current Debian Testing),
> > and the "old" solution with setting AdminIdentities doesn't work
> > anymore. Instead one has to add a file /etc/polkit-1/rules.d/50-
> > default.rules as follows:
> >
> > polkit.addAdminRule(function(action, subject) {
> > return ["unix-user:0"];
> > });
>
> Gah.
>
> > in order to require root credentials for admin tasks (if sudo is
> > installed).
> >
> > I hope someone finds this useful.
>
> You folks keeping up with desktop environments are
> real heroes:-)
It's a dirty job, but someone has to do it :).
--
Brian.
Re: How: Require root password instead of user password for GUI programs
On Fri, Apr 07, 2023 at 06:22:48PM +0200, B.M. wrote:
[...]
> PolicyKit got replaced by polkit (at least in current Debian Testing),
> and the "old" solution with setting AdminIdentities doesn't work
> anymore. Instead one has to add a file /etc/polkit-1/rules.d/50-
> default.rules as follows:
>
> polkit.addAdminRule(function(action, subject) {
> return ["unix-user:0"];
> });
Gah.
> in order to require root credentials for admin tasks (if sudo is
> installed).
>
> I hope someone finds this useful.
You folks keeping up with desktop environments are
real heroes:-)
Cheers
--
t
signature.asc
Description: PGP signature
Re: How: Require root password instead of user password for GUI programs
On Thu, 2023-04-06 at 11:04 -0400, Jeffrey Walton wrote:
> On Thu, Apr 6, 2023 at 8:36 AM B.M. wrote:
> >
> > I configured my system such that some users are in group sudo, but
> > they are
> > asked for the root password instead of just their user password by
> > creating a
> > file within /etc/sudoers.d/ with the line:
> >
> > Defaults rootpw
> >
> > This is working just fine, but for graphical applications it
> > doesn't work: e.g.
> > to start synaptic I get a password prompt requiring my user
> > password, not the
> > root password.
> >
> > How can I configure my system such that entering the root password
> > is also
> > required in these cases?
> >
> > (Maybe there is something with polkit, but I couldn't figure out
> > myself...)
>
> May be helpful:
> https://askubuntu.com/questions/1199006/how-to-let-polkit-request-root-password-instead-users-password
>
> And possibly
> https://askubuntu.com/questions/1246661/defaults-rootpw-for-the-gui-password-prompt
>
> Jeff
Thank you for your ideas.
In fact it seems that these solutions are a bit outdated - I found out
that the following is needed, as documented in the Arch Wiki.
PolicyKit got replaced by polkit (at least in current Debian Testing),
and the "old" solution with setting AdminIdentities doesn't work
anymore. Instead one has to add a file /etc/polkit-1/rules.d/50-
default.rules as follows:
polkit.addAdminRule(function(action, subject) {
return ["unix-user:0"];
});
in order to require root credentials for admin tasks (if sudo is
installed).
I hope someone finds this useful.
Best,
Bernd
Re: How: Require root password instead of user password for GUI programs
On Thu, 6 Apr 2023 11:04:13 -0400 Jeffrey Walton wrote: > On Thu, Apr 6, 2023 at 8:36 AM B.M. wrote: > > > > I configured my system such that some users are in group sudo, but > > they are asked for the root password instead of just their user > > password by creating a file within /etc/sudoers.d/ with the line: > > > > Defaults rootpw > > > > This is working just fine, but for graphical applications it > > doesn't work: e.g. to start synaptic I get a password prompt > > requiring my user password, not the root password. > > > > How can I configure my system such that entering the root password > > is also required in these cases? > > > > (Maybe there is something with polkit, but I couldn't figure out > > myself...) > > May be helpful: > https://askubuntu.com/questions/1199006/how-to-let-polkit-request-root-password-instead-users-password > > And possibly > https://askubuntu.com/questions/1246661/defaults-rootpw-for-the-gui-password-prompt > > Jeff > On Debian, it is my experience that a default installation of Synaptic always requires the root password. It is invoked by synaptic-pkexec. -- Joe
Re: How: Require root password instead of user password for GUI programs
On Thu, Apr 6, 2023 at 8:36 AM B.M. wrote: > > I configured my system such that some users are in group sudo, but they are > asked for the root password instead of just their user password by creating a > file within /etc/sudoers.d/ with the line: > > Defaults rootpw > > This is working just fine, but for graphical applications it doesn't work: > e.g. > to start synaptic I get a password prompt requiring my user password, not the > root password. > > How can I configure my system such that entering the root password is also > required in these cases? > > (Maybe there is something with polkit, but I couldn't figure out myself...) May be helpful: https://askubuntu.com/questions/1199006/how-to-let-polkit-request-root-password-instead-users-password And possibly https://askubuntu.com/questions/1246661/defaults-rootpw-for-the-gui-password-prompt Jeff
How: Require root password instead of user password for GUI programs
Hi, I configured my system such that some users are in group sudo, but they are asked for the root password instead of just their user password by creating a file within /etc/sudoers.d/ with the line: Defaults rootpw This is working just fine, but for graphical applications it doesn't work: e.g. to start synaptic I get a password prompt requiring my user password, not the root password. How can I configure my system such that entering the root password is also required in these cases? (Maybe there is something with polkit, but I couldn't figure out myself...) Thank you. Have a nice day, Bernd
