How can I give permission to a user be able to UNLOCK Users GUI to Create New Users when connected thru xRDP Sessions?

18.04 remote-desktop xrdp policy

7,025

Solution 1

Creating /etc/polkit-1/localauthority/50-local.d/46-user-admin.pkla with the following content worked to me:

[user admin]
Identity=unix-user:*
Action=org.gnome.controlcenter.user-accounts.administration
ResultAny=auth_admin_keep
ResultInactive=no
ResultActive=no

Solution 2

The problem is related to Polkit technology. Different rights are granted when you are locally connected and remotely connected.

Please read till the end.....

You can see policies in place by browsing /usr/share/polkit-1/actions... in this directory; you have two files that might control the user account control panel... you have to look for org.gnome-controlcenter.users-account.policy. At the bottom of the file, you have something like

  <allow_any>no</allow_any>
  <allow_inactive>no</allow_inactive>
  <allow_active>auth_admin_keep</allow_active>

The allow_inactive value is the one controlling rights in remote session.... You can try to change value in this file and see if this is good for you....

A better way leave this file intact but create an additional file (*.pkla) that would contain the exception you want to apply..... example of pkla file content

to allow all users to perform user management.....

[Allow Users administration]
Identity=unix-user:*
Action=org.gnome-controlcenter.users-account.policy  
ResultAny=no 
ResultInactive=yes
ResultActive=yes

save this file under /etc/polkit-1/localauthority/50-local.d/

name it for example 46-user-admin.pkla

Then try again to see if you can perform the management of user within the xRDP session....

To be more restrictive, change the line

Identity=unix-user:*

Identity=unix-user:%name of a group%

so only the group will have the possibility to manage this feature...

I hope this is enough info for you to start and to look in the right direction....

we are preparing a post about this topic...When ready, we will link it to this comment as well so you might have a look into it if you still have issues

Hope this help

Till next time See ya

7,025

Overlord

Updated on September 18, 2022

Comments

Overlord over 1 year

I've really dug into Google and AskUbuntu this week, but I wasn't able to find a satisfactory answer to this issue I'm facing...

I've created a user with ADMIN permissions on my Ubuntu 18.04 using the available GUI from GNOME. Every time I access that interface, to be able to create a new user using that screen, I have first to click on UNLOCK button at the top of the screen, close to the X (close window) button. This procedure works very well when I'm logged onto console, locally.

But when I try to perform the exact same procedure when connected to my Ubuntu using a xRDP Session, I'm not able to click on that button. When I'm connected remotely, the UNLOCK button at the top of the screen is greyed out, and a message is displayed when I hover the cursor over the button: "System policy prevents changes."

What policy do I have to change on my Ubuntu installation in order to have the same behavior, at that screen, no matter if I'm logged at Console or remotely connected thru xRDP?
- Gustavo over 2 years
  
  Same happens for adding printers. In this case, just go to a terminal and sudo system-config-printer