Hi!
When using TW headless with VNC on a remote machine I’m required to enter the root password to check for updates and to install them using the app in the task bar.
I would like to require the root password even for local sessions before the updates are installed by the app.
I looked under Settings -> System Settings as well as in the context menu for “Software Updates”, without success. Any idea where to change this?
This is governed by polkit, but there’s no GUI application to change the polkit rules.
You can add this line to /etc/polkit-default-privs.local though:
org.freedesktop.packagekit.upgrade-system auth_admin
Then run “sudo /sbin/set_polkit_default_privs” to apply the change.
Or change the system security level to “secure”, either in YaST->Security and Users->Security Center and Hardening or /etc/sysconfig/security.
(in the latter case, if you edit that file by hand you need to run “/sbin/set_polkit_default_privs” manually as well, YaST should take care of that)
But that will have other impact on your system as well, like requiring a root password to mount removable media.
Many thanks for the reply!
I edited the polkit security settings, unfortunately no updates for the moment to test the new setting.
Would that also work on 13.2 installation?
Yes, it should work with all distribution versions, as long as you are using a PackageKit frontend (apper, plasma5-pk-updates, whatever).
Ah, OK!
I’m in YaSt now (on the 13.2 machine…) there it is “File Permissions” under “Misc. Settings” to be changed from “Easy” to “Secure”, correct?
Yes.
But as I wrote, this will affect other things too, like needing the root password for mounting removable media, or even shutting down the system.
If you only want to change the behavior of the update applet, you need to modify /etc/polkit-default-privs.local as explained.
Yeppp, that effect is intended for the 13.2 notebook, but not for the TW, where I edited polkit
Thanx again!
Hi again!
On my TW install the polkit file looks like:
#
# /etc/polkit-default-privs.local
#
# This file is used by set_polkit_default_privs to check or set
# the implicit default privileges granted by PolicyKit
#
# In particular, this file will not be touched during an upgrade of the
# installation. It is designed to be a placeholder for local
# additions by the administrator of the system.
#
# Note that you need to run /sbin/set_polkit_default_privs for
# changes to take effect.
#
# Format:
# <privilege> <any>:<inactive>:<active>
#
org.freedesktop.packagekit.upgrade-system auth_admin
…and I ran
sudo /sbin/set_polkit_default_privs
and even did a reboot, however, I could make the task bar app look for updates (found 27) and install them without any password needed.
On the 13.2 with the other option (files set to “secure”) I’m asked for root password to look for updates AND for installing, as intended.
So what am I missing with the polkit-solution? :shame:
PS: Tried it on two other TWs, same result.
Any ideas why this is not working as intended?
Because I told you the wrong polkit rule apparently…
Sorry.
Try this instead:
org.freedesktop.packagekit.system-update auth_admin
A system upgrade requires the root password anyway, and is actually not even supported by the zypp plugin IIANM.
Works! Many thanks!PS: Install uMatrix Addon in Firefox and try to login to this forum. FUN!