Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: password troubles policykit interfereing

  1. #1
    Join Date
    Jul 2009
    Location
    Rockyford Alberta Canada
    Posts
    1,388

    Default password troubles policykit interfereing

    Hi just got off phone with friend about her system. She has just told me that Policykit has been coming up for days saying an action that requires root privilages needs a password and she has been just cancelling it. I had her try to open yast which should have asked for her root password and her root password didn't work showing only media check and update under software management and a message YAST running with non-root privileges.

    To my knowledge we were never using policykit as I heard it is nothing but trouble especially with root passwords. how can I get rid of policykit and reset her password for her. Her sign-on Mary has a password which gives her root ability when needed. Any ideal what to do, can't upgrade to 42.1/.2/.3 if we can't get back root privilege.
    When your up to your a** in Alligators it's pretty hard to remember you intended to drain the swamp (author unknown)

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,704
    Blog Entries
    1

    Default Re: password troubles policykit interfereing

    Quote Originally Posted by techwiz03 View Post
    Hi just got off phone with friend about her system. She has just told me that Policykit has been coming up for days saying an action that requires root privilages needs a password and she has been just cancelling it.
    PolKit authentication only comes up when an application running with user privileges requests (via polkitd) an action that will require root privileges. What is your friend trying to do specifically?

    I had her try to open yast which should have asked for her root password and her root password didn't work showing only media check and update under software management and a message YAST running with non-root privileges.
    That's unrelated to PolKit though.

    To my knowledge we were never using policykit as I heard it is nothing but trouble especially with root passwords.
    How had you actively inhibited it then? (It's been an active authentication framework for years.)

    There are security implications with trying to circumvent PolKit, but it is possible to make a system more permissive if you understand the risks involved.

  3. #3
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: password troubles policykit interfereing

    see
    https://en.opensuse.org/SDB:Recover_root_password
    it's rather simple but it does require an extra media
    about polkit it's always been there it's just not too visible
    https://doc.opensuse.org/documentati...policykit.html
    I've been using polkit tweaks since 13.1 (maybe even earlier)

  4. #4
    Join Date
    Sep 2012
    Posts
    7,101

    Default Re: password troubles policykit interfereing

    Quote Originally Posted by I_A View Post
    it does require an extra media
    Just boot with "init=/bin/sh", no password needed.

  5. #5
    Join Date
    Jul 2009
    Location
    Rockyford Alberta Canada
    Posts
    1,388

    Default Re: password troubles policykit interfereing

    Quote Originally Posted by deano_ferrari View Post
    PolKit authentication only comes up when an application running with user privileges requests (via polkitd) an action that will require root privileges. What is your friend trying to do specifically?


    That's unrelated to PolKit though.


    How had you actively inhibited it then? (It's been an active authentication framework for years.)

    There are security implications with trying to circumvent PolKit, but it is possible to make a system more permissive if you understand the risks involved.
    2. I never tried to circumvent polkit. when I set our systems up, I designated autosign-in of a single main user and items like YAST prompt for the root password. Policykit shows in the launch menu under system but I never click it as it has always been unclear how to use it. An internet search brought up tons of horror stories of losing root privilage after using it. I suspect she may have clicked it by accident and not knowing how to use linux may have changed things.
    1.Originally, she was having trouble with her modem and was trying to get back her internet access. She had multiple settings in her kwallet where there should only have been one setting. We cleared the invalid and unrecognized settings and she got back internet and wifi-printer access then she told me that on the next start-up she kept getting Polacykit box asking for password and kwallet asking for password continuously.
    She seems to have only guest privilages on her main account which use to have superuser rights. Using YAST won't let her login using her root password saying it is wrong. Using superuser terminal says access denied when she uses her root password and policykit pops up asking for root password which then says the password is wrong.

    Up to now we were just trying to recover and sort files from her previous dead systems into an NTFS partition on the working system. Tonight I was going to walk her through upgrading 13.2 to Leap 42.1 and then do a 42.1 to 42.3 upgrade tomorrow. And that's when she told me policykit won't let her open YAST to check her repos.
    When your up to your a** in Alligators it's pretty hard to remember you intended to drain the swamp (author unknown)

  6. #6
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: password troubles policykit interfereing

    what do you mean her account had super user rights did you edit the sudoers file or was the root password the same as the user account (that does not make her account an administrator account it''s an ordinary user who happens to have the same password as root)
    from what you are describing it would seam kdewallet is asking for her password I don't use kdewallet but it might be asking for a master password not necessarily her account password most definitely not the root password
    did she do a graphical logon with the root account? that could messed things beyond recognition
    unless that's a custom config with an encrypted lvm just to what arvidjaar suggested
    during boot press the 'e' key and add
    Code:
    init=/bin/sh
    to the boot parameters then reset the root password after you boot into shell mount the root partition and change the root password
    Code:
    # mount -o remount,rw /dev/sda1 /mnt
    # cd /mnt
    # chroot /mnt
    # passwd
    replace sda1 with the root partition you might need to run fdisk to list your partitions

    if her /home partition is fine just do a clean install of 42.3 there is little to be gained doing an upgrade from 13.x to LEAP as kde4 has been killed off years ago and afaik kdewallet in LEAP is a kf5 app and does not use the old kde4 database of passwords (I might be wrong)

  7. #7
    Join Date
    Jul 2009
    Location
    Rockyford Alberta Canada
    Posts
    1,388

    Default Re: password troubles policykit interfereing

    Quote Originally Posted by I_A View Post
    see
    https://en.opensuse.org/SDB:Recover_root_password
    it's rather simple but it does require an extra media
    about polkit it's always been there it's just not too visible
    https://doc.opensuse.org/documentati...policykit.html
    I've been using polkit tweaks since 13.1 (maybe even earlier)
    Looked over both of these, I have a live 13.2 USB as does she. I recall boot suse 13.2 live, install suse 13.2, and memtest but don't recall a recovery mode??
    going to init=/bin/sh is something I have no knowledge on how to do. Because it appears she is somehow changed to guest instead of privileged user I am not sure we can get to a super-console even with sudo or su.
    When your up to your a** in Alligators it's pretty hard to remember you intended to drain the swamp (author unknown)

  8. #8
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,704
    Blog Entries
    1

    Default Re: password troubles policykit interfereing

    Quote Originally Posted by techwiz03 View Post
    2. I never tried to circumvent polkit. when I set our systems up, I designated autosign-in of a single main user and items like YAST prompt for the root password. Policykit shows in the launch menu under system but I never click it as it has always been unclear how to use it. An internet search brought up tons of horror stories of losing root privilage after using it. I suspect she may have clicked it by accident and not knowing how to use linux may have changed things.
    Sounds like you've been reading myths and legends rather than the actual documentation.

    1.Originally, she was having trouble with her modem and was trying to get back her internet access. She had multiple settings in her kwallet where there should only have been one setting. We cleared the invalid and unrecognized settings and she got back internet and wifi-printer access then she told me that on the next start-up she kept getting Polacykit box asking for password and kwallet asking for password continuously.
    She seems to have only guest privilages on her main account which use to have superuser rights. Using YAST won't let her login using her root password saying it is wrong. Using superuser terminal says access denied when she uses her root password and policykit pops up asking for root password which then says the password is wrong.
    This doesn't read like a PolKit issue though. Resetting the root password does take some technical proficiency as well. Like arvidjaar already mentioned, the easiest way is to edit grub2, so that it boot in single-user mode with 'init=/bin/sh'. Then the root password can be changed with the 'passwd' command.

    Up to now we were just trying to recover and sort files from her previous dead systems into an NTFS partition on the working system. Tonight I was going to walk her through upgrading 13.2 to Leap 42.1 and then do a 42.1 to 42.3 upgrade tomorrow. And that's when she told me policykit won't let her open YAST to check her repos.
    Sound like there's a bit of confusion here. PolKit is not involved with this. YaST uses sudo privileges to gain the required root access.
    Last edited by deano_ferrari; 16-Sep-2017 at 00:13.

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,704
    Blog Entries
    1

    Default Re: password troubles policykit interfereing

    Quote Originally Posted by techwiz03 View Post
    Looked over both of these, I have a live 13.2 USB as does she. I recall boot suse 13.2 live, install suse 13.2, and memtest but don't recall a recovery mode??
    going to init=/bin/sh is something I have no knowledge on how to do. Because it appears she is somehow changed to guest instead of privileged user I am not sure we can get to a super-console even with sudo or su.
    Get to the grub screen and press 'e' to edit. Arrow down to the 'linux' line and cursor to the end of the entries thre. Remove "quiet splash" and add 'single' and 'init=/bin/sh'. Then press F10 to boot.

    When you get a '#' prompt, run the passwd command and enter the desired root password. When done reboot. Hopefully, that's all that's required.
    Last edited by deano_ferrari; 15-Sep-2017 at 23:31. Reason: Syntax corrections

  10. #10
    Join Date
    Jul 2009
    Location
    Rockyford Alberta Canada
    Posts
    1,388

    Default Re: password troubles policykit interfereing

    Quote Originally Posted by I_A View Post
    what do you mean her account had super user rights did you edit the sudoers file or was the root password the same as the user account (that does not make her account an administrator account it''s an ordinary user who happens to have the same password as root)
    from what you are describing it would seam kdewallet is asking for her password I don't use kdewallet but it might be asking for a master password not necessarily her account password most definitely not the root password
    did she do a graphical logon with the root account? that could messed things beyond recognition
    unless that's a custom config with an encrypted lvm just to what arvidjaar suggested
    during boot press the 'e' key and add
    Code:
    init=/bin/sh
    to the boot parameters then reset the root password after you boot into shell mount the root partition and change the root password
    Code:
    # mount -o remount,rw /dev/sda1 /mnt
    # cd /mnt
    # chroot /mnt
    # passwd
    replace sda1 with the root partition you might need to run fdisk to list your partitions

    if her /home partition is fine just do a clean install of 42.3 there is little to be gained doing an upgrade from 13.x to LEAP as kde4 has been killed off years ago and afaik kdewallet in LEAP is a kf5 app and does not use the old kde4 database of passwords (I might be wrong)
    You are right. When I set her system up I made one main user with shared root password with root. At login she is auto-logged in and if she logs-out she gets her account as the only one showing and enters her password to log back in.

    Her home is not on a separate partition. The whole 13.2 tree is on sda1, swap sda2, NTFS on sda3 virtualbox-windows is in home and home has a link to the ntfs such that both virtual windows and linux can share the ntfs partition with all her stuff.

    Her usb 13.2 flashdrive is 16GB. I am wondering just how sucessful we will be putting leap 42.3 onto the flashdrive if this mess has cost her her internet and being able to do root functions.
    When your up to your a** in Alligators it's pretty hard to remember you intended to drain the swamp (author unknown)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •