How to prevent system applications (like the Software Center) from asking for password?
Solution 1
Ubuntu Software Center authorization uses policy kit. When requested for the authentication during the remove action you can expand the "Details" pointer to see the action that is being invoked. It's org.debian.apt.install-or-remove-packages . You can change the corresponding policy to not request for authentication:
Edit /usr/share/polkit-1/actions/org.debian.apt.policy
, search for org.debian.apt.install-or-remove-packages
, then find for the defaults
section, replace auth_admin
and auth_admin_keep
with yes
.
Solution 2
Adding to joão-pinto's answer, since software center now uses snapcraft's policies, the file to be modified should be this one:
/usr/share/polkit-1/actions/io.snapcraft.snapd.policy
look for the policy with id io.snapcraft.snapd.manage
and change all entries under defaults to yes
.
You should have this:
<action id="io.snapcraft.snapd.manage">
<description gettext-domain="snappy">Install, update, or remove packages</description>
<message gettext-domain="snappy">Authentication is required to install, update, or remove packages</message>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
Tested on Ubuntu 20.04.1 LTS
Solution 3
Towards a more generic solution
Since the policies/actions can change from version to version (there are two other answers mentioning two other different files), the best way to handle this is:
- Install some package for testing
- Check
/var/log/auth.log
- Identify the file used and the action and make the changes according to this
After installing a package, the entries in /var/log/auth.log
were these:
Apr 13 02:06:14 dragon PackageKit: uid 1000 is trying to obtain org.freedesktop.packagekit.package-install auth (only_trusted:1)
Apr 13 02:06:25 dragon polkitd(authority=local): Operator of unix-session:1 successfully authenticated as unix-user:jgr to gain TEMPORARY authorization for action org.freedesktop.packagekit.package-install for system-bus-name::1.79 [/usr/bin/python3 /usr/bin/software-properties-gtk] (owned by unix-user:jgr)
Apr 13 02:06:25 dragon PackageKit: uid 1000 obtained auth for org.freedesktop.packagekit.package-install
I've searched and found the file where the action is:
sudo grep -l -r "org.freedesktop.packagekit.package-install" /usr/share/polkit-1/
/usr/share/polkit-1/actions/org.freedesktop.packagekit.policy
Using this information, on my Ubuntu 20.04.2 LTS, I edit the following file: /usr/share/polkit-1/actions/org.freedesktop.packagekit.policy
.
The I've changed the <defaults>
on action: <action id="org.freedesktop.packagekit.package-install">
to:
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
Related videos on Youtube
Ivan
Updated on September 17, 2022Comments
-
Ivan almost 2 years
I'd like Software Center, Update Manager and some other system management applications to work without asking for password (like sudo does if configured with NOPASSWD) but only asking for a confirmation instead, or even without any confirmation. At the same time I wouldn't like to use no user password at all. Is this reachable?
-
karthick87 over 13 yearsIt wont work for software center.
-
Code.Decode over 13 yearsThat method does remove the authentication/password prompts for many applications, but not for the Software Centre.
-
Kyle Clarke over 13 yearsIt worked for the update-manager, I figured it would work on the software centre. My bad. I used this method on someone else's computer and not on my own, my bad.
-
NightwishFan over 13 yearsDo you just have to disable the keyring to get this to work?
-
Ivan over 13 yearsSetting "%admin ALL=(ALL) NOPASSWD: ALL" in /etc/sudoers is the first thing I do after I install linux to a PC. But this does not seem to affect GUI applications.
-
dylan murphy over 12 yearsthis is what i see in org.debian.apt.policy, which things do i need to change to yes?
<allow_any>auth_admin</allow_any> <allow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin_keep</allow_active>
-
João Pinto over 12 yearsReplace auth_admin and auth_admin_keep with yes .
-
Shameerariff over 3 yearsProviding access to everything was not a wise idea. You got to reconsider this. It may not be suitable for serious people. Update is totally different from new app installation. On this permission anybody can install any app snappy domain.