:: Re: [devuan-dev] synaptic failing t…
Góra strony
Delete this message
Reply to this message
Autor: Andreas Messer
Data:  
Dla: svante.signell, devuan developers internal list
Temat: Re: [devuan-dev] synaptic failing to start from menu
On Tue, May 15, 2018 at 01:23:42PM +0200, Svante Signell wrote:
> On Tue, 2018-05-15 at 13:05 +0200, Jaromil wrote:
> > re all,
> >
> > On Tue, 15 May 2018, KatolaZ wrote:
> >
> > > On Tue, May 15, 2018 at 10:37:29PM +1200, Daniel Reurich wrote:
> > > > man pk-exec might help...
> > > >
> > > >
> > > > The issue is possibly a missing polkit rule...
> > > >
> > > >
> > >
> > > I don't think RTFM is at all helpful here... :(
> > >
> > > If you have an idea and/or come up with a description/solution of
> > > the
> > > problem, we might try to find a fix.
> >
> > I agree we should fix it at least in the default desktop XFCE which
> > seems to be the one affected. There may be more suid programs from
> > menu that have the same problem.
> >
> > the problem seems to be solved by substituting pk-exec with gksu
> >
> > But I'm not sure this is a safe way to solve it given the
> > vulnerabilities of gksu. Wondering if someone knows how to fix from
> > polkit rules as Daniel suggests.
>
> Maybe it is this problem:
> https://git.devuan.org/devuan-packages/policykit-1/merge_requests/4/com
> mits


I can confirm, that when removing the file
/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf
from system I can not run synaptic anymore as user as well unless I know
the "root" password. In that case polkit asks for the root account
password. If the "root" account has no password set - which
is the default in most cases for security reasons - its not possible to
run synaptic at all since polkit refuses using the root account then.

What this polkit file actually does is to tell polkit that users in the
"sudo" group are considered administrative users and thus are allowed to
run administrative commands (just like sudo would allow them to run any
command as root)

I think if this file is missing, also a lot more polkit depending
administrative applications might not work as intended.

--
gnuPG keyid: 8C2BAF51
fingerprint: 28EE 8438 E688 D992 3661 C753 90B3 BAAA 8C2B AF51