How to configure pkexec to not ask for password?

privileges pkexec password sudo
9,892

It's improper to say that: "It seems that on Ubuntu, calls to sudo from the GUI are somehow being intercepted by pkexec". pkexec doesn't have much in common with sudo. In contrast with sudo, pkexec does not grant root permission to an entire process, but rather allows a finer level of control of centralized system policy.

Now, if you want to run a GUI application without being asked by a password by pkexec, this is not difficult to be done. Let's take for example GParted. When you open it, you will see the following dialog window asking you by a password:

gparted authenticate

Click Details and the dialog window will look now like:

gparted authenticate - details

From here all you have to do is to open /usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy file using for example the following command:

gksu gedit /usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy

and change the following lines:

      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>

with the followings:

      <allow_any>yes</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>

Save the file and close it. Next, when you will open GParted you will not be asked for a password anymore.

Share:
9,892

Related videos on Youtube

Chinmay Kanchi
Author by

Chinmay Kanchi

I'm a developer and data scientist with Enlyft (formerly iDatalabs). We're hiring engineers! Remote work available. https://enlyft.com/careers/

Updated on September 18, 2022

Comments

  • Chinmay Kanchi
    Chinmay Kanchi over 1 year

    I have a GUI application that needs to call a daemon (written in Python) with superuser privileges. I would like to do this without prompting the user for a password.

    Since the daemon is a script, I can't set the SUID bit directly. I could write a C wrapper for this, but I'd rather not reinvent the wheel, especially when a mistake on my part could lead to the system's security being severely compromised.

    What I'd normally do in this situation is to add a line in /etc/sudoers that allows users to execute the daemon as root without a password, using the NOPASSWD directive. This works fine from the command line. However, when I do this from the GUI, a pkexec dialog pops up asking for the user's password. It seems that on Ubuntu, calls to sudo from the GUI are somehow being intercepted by pkexec.

    Is there a clean way around this? I'd really rather not have to deal with the hassles of a setuid script.

    • Admin
      Admin over 10 years
      About what application do you speak?
    • Admin
      Admin over 10 years
      Any GUI app. When a GUI app attempts to run sudo somecommand, the dialog box that pops up is a pkexec password dialog, regardless of whether there is a sudoers policy allowing the execution of the program.
  • Chinmay Kanchi
    Chinmay Kanchi over 10 years
    Yes, pkexec does indeed intercept calls to sudo. Let me see if I can build a minimal example of this behaviour.
  • Chinmay Kanchi
    Chinmay Kanchi over 10 years
    I can't replicate this in a simple app, it might only happen in some very specific situations and I don't have the time to trace the bug. I'm going to accept your answer. Cheers.
  • Radu Rădeanu
    Radu Rădeanu over 10 years
    @ChinmayKanchi Let's be more clear. I will take for example again gparted. When you run from terminal sudo gparted, you run /usr/sbin/gparted file with root privileges. When you start gparted from the GUI, you start in fact gparted-pkexec (you can verify this inside /usr/share/applications/gparted.desktop file) which is /usr/bin/gparted-pkexec that is a shell script whose purpose is to run the following command: pkexec "/usr/sbin/gparted" which is equivalent with pkexec gparted. So, nothing to do with sudo. And this command you should use in terminal, not sudo gparted.
  • Radu Rădeanu
    Radu Rădeanu over 10 years
    @ChinmayKanchi sudo should be used only for shell apps, not GUI apps. See man sudo and man pkexec in this sense.
  • Chinmay Kanchi
    Chinmay Kanchi over 10 years
    Yes, I am aware of both of your points. My situation is that I have a GUI app (written by me) that attempts to launch a shell program (a daemon, also written by me) using sudo. For some reason, doing this results in pkexec getting invoked instead of sudo, which means that any sudo policies I've created for the daemon get ignored.
  • Anwar
    Anwar over 7 years
    changing in /usr is recommended. do i n /etc
  • Mr. Clear
    Mr. Clear about 2 years
    I don't have this "Details" button on Ubuntu 18.04.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I configure Linux to not require sudo for specific commands for specific users?
execute shell script without entering password
Allow certain guests to execute certain commands
Sudo is not asking for password on Ubuntu 16.04
Terminal problems entering password
I cannot enter my password when using sudo to install Sophos AV for Linux
Changed root password on my server, now can't login anymore
Run script with arguments as sudo without being asked for password
Is there any difference between sudo password and the one I used to login?
Ubuntu Server Automatically Insert Password Using Python3