Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Polkit-Packagekit Authentication after chmod

  1. #11

    Default Re: Polkit-Packagekit Authentication after chmod

    Quote Originally Posted by deano_ferrari View Post
    I assume no overrides in /etc/polkit-default-privs.local?[/CODE]
    None.

    Quote Originally Posted by deano_ferrari View Post
    Ok, and this should also report user 1000 is active....
    Code:
    loginctl show-session $XDG_SESSION_ID
    It seems to:
    Code:
    Id=4
    User=1000
    Name=myusername
    Timestamp=Mon 2018-02-12 11:29:00 CET
    TimestampMonotonic=1829777867
    VTNr=7
    Seat=seat0
    Display=:0
    Remote=no
    Service=sddm
    Desktop=KDE
    Scope=session-4.scope
    Leader=6111
    Audit=4
    Type=x11
    Class=user
    Active=yes
    State=active
    IdleHint=no
    IdleSinceHint=0
    IdleSinceHintMonotonic=0
    Quote Originally Posted by deano_ferrari View Post
    I'm not sure what else could be wrong here....
    I'm still baffled how chmod and chown can cause this problem. And why a complete reinstall didn't fix it. I will create a new account to see whether the problem occurs then.

    Quote Originally Posted by deano_ferrari View Post
    Perhaps this too...
    Code:
    env|grep XDG
    It returns:
    Code:
    XDG_VTNR=7
    XDG_SESSION_ID=4
    XDG_SESSION_CLASS=user
    XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session1
    XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
    XDG_CONFIG_DIRS=/etc/xdg
    XDG_SESSION_TYPE=x11
    XDG_SEAT=seat0
    XDG_SESSION_DESKTOP=KDE
    XDG_DATA_DIRS=/usr/share
    XDG_RUNTIME_DIR=/run/user/1000
    XDG_CURRENT_DESKTOP=KDE

  2. #12

    Default Re: Polkit-Packagekit Authentication after chmod

    Huh. Created a test account and after logging in, it too popped up the authentication dialogue for the software updates. So it seems I committed a post hoc fallacy by associating it with chmod and chown.

  3. #13

    Default Re: Polkit-Packagekit Authentication after chmod

    Did you change the system security level maybe?
    That governs whether the root password is needed or not.

    Code:
    grep SECURITY /etc/sysconfig/security

  4. #14

    Default Re: Polkit-Packagekit Authentication after chmod

    Quote Originally Posted by wolfi323 View Post
    Did you change the system security level maybe?
    That governs whether the root password is needed or not.

    Code:
    grep SECURITY /etc/sysconfig/security
    You mean "Security Center and Hardening"? I did create a new account, put my files into it, ran chmod and chown --- and went looking for a way to make the system create files and directories with rwXr-X--- permissions. I did set the file permissions in "Security Center and Hardening" to secure.

    Code:
    PERMISSION_SECURITY="secure local"
    # PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or
    And indeed, switching the file permissions back to "easy" means that software updates can run without requiring a root password. SOLVED. YEAH.

    I didn't notice any difference with the actual file permissions (of newly created files and directories) so I forgot I changed it. And it does say file permissions. They should update the help dialogue to "does **** all to your file permissions, but ****s with software updates".

    EDIT: At least the profanity filter work like it's supposed to.

    EDIT: Thanks for the help everyone who replied.

  5. #15

    Default Re: Polkit-Packagekit Authentication after chmod

    Quote Originally Posted by ae_lex View Post
    You mean "Security Center and Hardening"? I did create a new account, put my files into it, ran chmod and chown --- and went looking for a way to make the system create files and directories with rwXr-X--- permissions. I did set the file permissions in "Security Center and Hardening" to secure.

    Code:
    PERMISSION_SECURITY="secure local"
    # PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or
    And indeed, switching the file permissions back to "easy" means that software updates can run without requiring a root password. SOLVED. YEAH.
    Yes, "secure" permissions require the root password to install updates, while "easy" allows a locally logged in user to do that without a password.

    If you do want to have secure permissions and still being able to install updates without the root password, that can be overridden in the "local" permissions.
    Feel free to ask for further instructions in that case.

    But "secure" will have other implications too, like not being able to mount removable devices (like an USB stick) as user.

    I didn't notice any difference with the actual file permissions (of newly created files and directories) so I forgot I changed it. And it does say file permissions. They should update the help dialogue to "does **** all to your file permissions, but ****s with software updates".
    Yes, that's how it is since years.

    You might want to file a bug report (bugzilla.opensuse.org, same username/password as here) about this.
    But I don't think they will change it for the released Leap 42.3...

  6. #16

    Default Re: Polkit-Packagekit Authentication after chmod

    Quote Originally Posted by wolfi323 View Post
    Yes, that's how it is since years.

    You might want to file a bug report (bugzilla.opensuse.org, same username/password as here) about this.
    But I don't think they will change it for the released Leap 42.3...
    PS: that option is not supposed to change file permissions in the user's home.

    It changes file permissions of the system-wide installed files and also the polkit rules.
    But that's probably not clear enough by the description...

    You can change the permissions of newly created user files in /etc/login.defs (option UMASK).
    Probably in YaST as well, but I forgot where exactly.

  7. #17

    Default Re: Polkit-Packagekit Authentication after chmod

    Quote Originally Posted by wolfi323 View Post
    Yes, "secure" permissions require the root password to install updates, while "easy" allows a locally logged in user to do that without a password.

    If you do want to have secure permissions and still being able to install updates without the root password, that can be overridden in the "local" permissions.
    Feel free to ask for further instructions in that case.

    But "secure" will have other implications too, like not being able to mount removable devices (like an USB stick) as user.
    Yeah, it makes sense to call it file permissions because everything is a file on linux/unix, but it's not intuitive.

    Quote Originally Posted by wolfi323 View Post
    Yes, that's how it is since years.

    You might want to file a bug report (bugzilla.opensuse.org, same username/password as here) about this.
    But I don't think they will change it for the released Leap 42.3...
    Done. About the help description. (I hope I did it right.)

    Quote Originally Posted by wolfi323 View Post
    PS: that option is not supposed to change file permissions in the user's home.

    It changes file permissions of the system-wide installed files and also the polkit rules.
    But that's probably not clear enough by the description...

    You can change the permissions of newly created user files in /etc/login.defs (option UMASK).
    Probably in YaST as well, but I forgot where exactly.
    I noticed nothing changed after setting it.

    Nope, not clear at all.

    I did search for a way to change UMASK, but I immediately found warnings that it was set by PAM. Digging deep into unix file permissions was fun, but also illuminating because it doesn't do what you intuitively think it does. UMASK uses some interesting logic (first negation then logical AND), but can also be changed for each Konsole session. Anyway, researching file permissions taught me they weren't worth obsessing about. I just needed to chmod and chown because I was consolidating my files into one account. Then software updates went bonkers. LOL That shows how easily you can go looking for trouble.

    You can only change the "umask for home directory" through Yast, AFAIK.

  8. #18

    Default Re: Polkit-Packagekit Authentication after chmod

    Quote Originally Posted by ae_lex View Post
    You can only change the "umask for home directory" through Yast, AFAIK.
    Yes, but that should also affect newly created files in the user's home directory.
    (unless the umask is set explicitly via some other means)

    Btw, I think that setting should be in YaST->Security and Users->User and Group Management.

  9. #19

    Default Re: Polkit-Packagekit Authentication after chmod

    Quote Originally Posted by wolfi323 View Post
    Yes, but that should also affect newly created files in the user's home directory.
    (unless the umask is set explicitly via some other means)

    Btw, I think that setting should be in YaST->Security and Users->User and Group Management.
    Didn't mean to imply is was located elsewhere. It was just the only setting I found with umask.

    Nope. It only affects the user's home directory. One thing I found out researching file permissions is that umask can be changed whenever you want. Try the following in Konsole:

    Code:
    umask          (gives you the current umask setting)
    umask 077      (changes it)
    touch file.txt
    ls -l file.txt (to check the permissions)
    and close Konsole, restart it, and check the value of umask again. It should be back to the original. That's basically how you can create the home directory with permissions very different from the system's umask value.

    Given the strict hierarchical nature of *nix, the setting "umask for home directory" makes sense. If it's set with umask 077 then another user on the same computer cannot access your home directory and it therefore doesn't matter if all your files inside it are e.g. world-readable.

    And I'm going to stop displaying I've recently read up on this.

  10. #20

    Default Re: Polkit-Packagekit Authentication after chmod

    Ok, I was only trying to help.

    Apparently you know better now anyway, and that is good... (and thanks for sharing your new insights)

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •