I performed a fresh install of Lubuntu 12.04 with minimal desktop, as described here.
To clarify, I did a command-line install from the Lubuntu alternative install disc, then I did an apt-get install --no-install-recommends lubuntu-desktop
.
Everything is working fine, except that Synaptic will not run from the menu entry in the panel. I am not prompted for a password, and no window of any sort appears after clicking the menu entry. I installed lxshortcut to see what the shortcut was running, and the command is synaptic-pkexec
. If I type this command into the "Run" menu, I get the same behavior (or lack thereof).
I can get Synaptic to open up just fine by typing gksudo synaptic
at the "Run" menu. Also, if I run "synaptic-pkexec" from the terminal, then I am prompted for my password within the terminal, and after that Synaptic opens normally.
Can someone please suggest the right way to get Synaptic working? I could just change the menu entry to "gksudo synaptic", but I'm guessing that it's set to synaptic-pkexec
for a reason. I have a vague understanding that this pkexec
business has something to do with PolicyKit, but I don't really know what PolicyKit is or how to tell if something is broken with it.
Best Answer
I am using an alternative solution to the accepted answer. I prefer using
lxpolkit
instead ofpolicykit-1-gnome
since it is designed for LXDE.This problem with
pkexec
not launching the authentication screen is very common. The first thing to check is whether you have a graphical policy kit interface (eitherlxpolkit
orpolicykit-1-gnome
) installed and configured for LXDE because these packages are flagged to be removed during a major upgrade of lubuntu. Apparently neither are included when installing the distro.Solution
Install
lxpolkit
.sudo apt-get install lxpolkit
Logout and login.
Set
lxpolkit
as default policy agentIn the menu, go to
Preferences > Default applications for LXSession
(or runlxsession-default-apps
in a terminal). In the first section "Running applications" (Update: Default apps manager 14.10 is different. Use theCore applications
tab.), go to the option forPolkit agent
and make sure lxpolkit is selected.Instead of using the package
policykit-1-gnome
,lxsession
will now uselxpolkit
for LXDE.Why Apps Launched With
pkexec
Don't Run From the LXDE MenuIt comes down to the way apps in the X11 system are launched with pkexec.
The apps that appear in the lxpanel menu are stored and configured in either
/usr/share/applications
(global menus items) or~/.local/share/applications
(user specific). See LXDE Wiki - Main MenuIn these directories you will find a .desktop file for each of the applications appearing in your menu. Here is an example of
/usr/share/applications/synaptic.desktop
:Notice the line
Exec=synaptic-pkexec
.In the absence of a policy kit interface, the user is normally asked for a password in the command line. Since this is a menu item, this is launched in the background and there is no command line to enter the password. Hence, you need to make sure you are using
lxpolkit
. Or if you prefer the gnome polkit, install the packagepolicykit-1-gnome
which launches the login menu wheneverpkexec
is used. I have removed the packagepolicykit-1-gnome
and usinglxpolkit
works well for all applications.Alternative Solutions
Use gksudo Instead of pkexec
You could right-click applications like synaptic in the menu, click Properties, and change the Command field from
synaptic-pkexec
togksudo synaptic
. Or via command line, copy the original file to your user's applications directory withsudo cp /usr/share/applications/synaptic.desktop ${HOME}/.local/share/applications/synaptic.desktop
Then edit the line
Exec=synaptic-pkexec
and replace it withExec=gksudo synaptic
gksudo's "primary purpose is to run graphical commands that need root without the need to run an X terminal emulator and using su directly." - GKSU(1)
And for good reason! See Running Sudo Graphically.
This of course requires that every application relying on pkexec be edited to launch with gksudo which requires more work on your part if you're using lxpanel. A nice comparison of security and usability features for gksudo and PolicyKit can be found at Comparison of privilege authorization features.
Write Your Own
pkexec
Policy For Individual ApplicationsThis is more than I want to do, but it may be useful in some situations. I don't recommend doing this without a strong understanding of writing PolicyKit Actions.
Here's an example, which I have not tested, from City-busz -Using 'pkexec' command instead of 'gksu':
Hat tip to renegat at archlinux.org for compiling relevant excerpts from related LXDE and PolicyKit documentation that ultimately led me to using LXPolkit as the preferred solution.