Well this thread is about "root terminals" and gnome-terminal (for example) doesn't supply a polkit rule so your suggestion wouldn't work.L_V wrote:No, because not "all" programs need a polkit rule.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
no root term after upgrade deb 9-10
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: no root term after upgrade deb 9-10
deadbang
Re: no root term after upgrade deb 9-10
..... read again ... and may be simply try. Just be curious.
If it works for me and others, no reason it does work for you.
If it works for me and others, no reason it does work for you.
-
- Global Moderator
- Posts: 2683
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 196 times
Re: no root term after upgrade deb 9-10
It started right before the freeze, the root permissions mess. For awhile we needed the gnome-admin helper thingie to make the few polkit compliant things work. Many only had the right packages in what is now bullseye. One by one the issues got corrected and a non-gnome desktop now doesn't need the gnome helper. By release it seems all were fixed.
Sometimes, passwords just suck...I prefer 'possession of the keyboard security'
The working things now that just open from the menu when I click, like I own the damn system...
com.ubuntu.pkexec.gdebi-gtk.policy
com.ubuntu.pkexec.synaptic.policy
org.bleachbit.policy
org.freedesktop.pkexec.usbview.policy
org.gnome.gparted.policy
org.xfce.thunar.policy
org.xfce.xfce4-terminal.policy
Sometimes, passwords just suck...I prefer 'possession of the keyboard security'
Code: Select all
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
com.ubuntu.pkexec.gdebi-gtk.policy
com.ubuntu.pkexec.synaptic.policy
org.bleachbit.policy
org.freedesktop.pkexec.usbview.policy
org.gnome.gparted.policy
org.xfce.thunar.policy
org.xfce.xfce4-terminal.policy
Re: no root term after upgrade deb 9-10
There is nothing new with Policykit already available in Jessie and even before.
The purpose is to embed the permission policy rule directly in the program package.
It is impossible for visudo to manage program permission with the granularity of Policykit, and visudo is then untouched when a program is installed.
In summary, visudo manages the permissions at low level (user/groups permission policy).
Policykit is more dedicated to graphical applications, with some fine-tuning for each desktop environment.
The purpose is to embed the permission policy rule directly in the program package.
It is impossible for visudo to manage program permission with the granularity of Policykit, and visudo is then untouched when a program is installed.
In summary, visudo manages the permissions at low level (user/groups permission policy).
Policykit is more dedicated to graphical applications, with some fine-tuning for each desktop environment.
-
- Global Moderator
- Posts: 2683
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 196 times
Re: no root term after upgrade deb 9-10
...that's nice. That list came about, to fruition, during buster and not before.L_V wrote:There is nothing new with Policykit already available in Jessie and even before.
Re: no root term after upgrade deb 9-10
Not sure if the program rules directory has not been changed over the time since Jessie.
https://packages.debian.org/jessie/policykit-1
Even a GUI tool was available in KDE to manage policykit rules, and has been removed later.
Polkit-kde => https://packages.debian.org/jessie/polkit-kde-1 (became doc only).
https://packages.debian.org/jessie/policykit-1
Even a GUI tool was available in KDE to manage policykit rules, and has been removed later.
Polkit-kde => https://packages.debian.org/jessie/polkit-kde-1 (became doc only).
Re: no root term after upgrade deb 9-10
:|Really? With all the answers, you can't clickL_V wrote:Not sure if the program rules directory has not been changed over the time since Jessie.
https://packages.debian.org/jessie/policykit-1
- https://packages.debian.org/jessie/amd6 ... 1/filelist
- https://packages.debian.org/bullseye/am ... 1/filelist
and just swap between tabs ...
- https://packages.debian.org/bullseye/am ... 1/filelist
Re: no root term after upgrade deb 9-10
Listing polkit files will not give you any information of the environement used by Polkit to find program policies.djk44883 wrote:and just swap between tabs ...
Policykit-1 is used by Debian since something about 2009 (version 0.95-1)
https://lists.debian.org/debian-testing ... 00019.html
Examples of policies placement:
---------------
policykit-1: /usr/share/polkit-1/actions/org.freedesktop.policykit.policy
kdelibs5-data: /usr/share/kde4/apps/kjava/kjava.policy
freeplane: /usr/share/freeplane/freeplane.policy
isakmpd: /etc/isakmpd/isakmpd.policy
openjdk-11-jre-headless: /etc/java-11-openjdk/security/java.policy
tomcat9: /etc/tomcat9/policy.d/01system.policy
---------------
An interesting one to understand Policykit is udisks2, which policy is at /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
Mounting a disk partition in a terminal requires root permission.
But in a desktop environment, a user can plug a USB key, mount it and use it.
The USB key will be mounted at /media/$USER/$DISK_LABEL, without requesting any root permission.
The disk partitions visible in a file manager can be mounted by a user, if allowed at visudo level, but a password will be requested.
Policykit is managing these permission mechanisms at higher level, making the bridge with visudo.
Only programs used in a desktop environment really requiring specific permissions have Polkit policies.
Others do not have any Polkit policies, because not needed, not necessary.
A terminal does not need any Polkit policies.
But if a user for unclear justification insists to open a terminal in a root graphic environment, and not his own user environment, he normally can with pkexec.
Code: Select all
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY xterm
It seems that Polkit problems are more concentrated on gnome. I've seen in this forum a user who had problems to mount disk partition in "thunar" where I never had in Dolphin.
Code: Select all
# pkexec env
SHELL=/bin/bash
PATH=/usr/sbin:/usr/bin:/sbin:/bin:/root/bin
LOGNAME=root
USER=root
HOME=/root
PKEXEC_UID=1000
Re: no root term after upgrade deb 9-10
I certainly don't mean to discount any of your useful information - thanks!L_V wrote:Listing polkit files will not give you any information of the environement used by Polkit to find program policies.
I was commenting about changes to the directories for polkit not the environment used to find policies.Not sure if the program rules directory has not been changed over the time since Jessie.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: no root term after upgrade deb 9-10
OK, the "root terminal" menu entry is provided by gksu.desktop, which is part of the gksu package and has been removed for Debian 10.
Here's a "safer" alternative: https://forum.mxlinux.org/viewtopic.php ... 34#p521734 ← see the bit after the EDIT.
Here's a "safer" alternative: https://forum.mxlinux.org/viewtopic.php ... 34#p521734 ← see the bit after the EDIT.
deadbang