I'd like Software Center, Update Manager and some other system management applications to work without asking for password (like sudo does if configured with NOPASSWD) but only asking for a confirmation instead, or even without any confirmation. At the same time I wouldn't like to use no user password at all. Is this reachable?
Ubuntu – How to prevent system applications (like the Software Center) from asking for password
passwordpolicykitSecuritysudoxubuntu
Related Solutions
As already said, the problem may be your PolicyKit configuration. I would be interested in the contents of the files in /etc/polkit-1 directory and the file /usr/share/polkit-1/actions/org.debian.apt.policy. The output can be lengthy, so you may want to compress it and upload it somewhere rather than copy it here...
grep -IR '^[^#]' /etc/polkit-1
cat /usr/share/polkit-1/actions/org.debian.apt.policy
EDIT: After you've uploaded the files I can see that the problem is in your /var/lib/polkit-1/localauthority/50-local.d/20-xbmclive.pkla file which seems to have been installed by XBMC and effectively turns off all authentication via polkit (why it has done so and if it is really needed I don't know, I don't use this software).
[XBMC-Live user permissions]
Identity=unix-user:azizjoh
Action=*
ResultAny=no
ResultInactive=no
ResultActive=yes
It's improper to say that: "It seems that on Ubuntu, calls to sudo from the GUI are somehow being intercepted by pkexec". pkexec doesn't have much in common with sudo. In contrast with sudo, pkexec does not grant root permission to an entire process, but rather allows a finer level of control of centralized system policy.
Now, if you want to run a GUI application without being asked by a password by pkexec, this is not difficult to be done. Let's take for example GParted. When you open it, you will see the following dialog window asking you by a password:
Click Details and the dialog window will look now like:
From here all you have to do is to open /usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy file using for example the following command:
gksu gedit /usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy
and change the following lines:
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin</allow_active>with the followings:
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>Save the file and close it. Next, when you will open GParted you will not be asked for a password anymore.
Related Question
- Ubuntu – Software Center doesn’t prompt for password
- Ubuntu – How to configure pkexec to not ask for password
- Ubuntu – Software Center prompts password of another user
- Ubuntu – Sudo is not asking for password on Ubuntu 16.04
- Ubuntu – What’s exactly the point of the sudo command, in terms of security
- Ubuntu – System keeps asking for cryptswap password
- Ubuntu – How to let Polkit request root password instead users password
Best Answer
Ubuntu Software Center authorization uses policy kit. When requested for the authentication during the remove action you can expand the "Details" pointer to see the action that is being invoked. It's org.debian.apt.install-or-remove-packages . You can change the corresponding policy to not request for authentication:
Edit
/usr/share/polkit-1/actions/org.debian.apt.policy, search fororg.debian.apt.install-or-remove-packages, then find for thedefaultssection, replaceauth_adminandauth_admin_keepwithyes.