I running into an issue where when I attempt to suspend my Gnome desktop, the system freezes for about 20-30 seconds, and then prompts me for my root password in order to suspend the system. Has anyone else seen this problem?
Hi bwilson30,
I’ve had the same with KDE and after my 12.2 to 12.3 upgrade. It seemed to be a matter of policykit settings.
Sorry that I cannot offer details for the Gnome environment, but as it may be similar in this matter to KDE, here’re where I was able to change things under KDE… and I’m translating from German NLS here :
In the “systems settings” application, I chose “system administration” - “action permissions” (first entry in sys adm). There, under “org.freedesktop” - “The UPower project” - “Suspend the system” (AKA org.freedesktop.upower.suspend) I had a “local authorization” that I deleted and set the implicit authorizations to “yes” (all three - you may want to set up more limiting settings). After a restart, “suspend” worked without requiring any password input.
Regards,
Jens
Thanks for the response. I’m not sure what the problem was, but I think an update regarding the permissions fixed the issue. I wish I had paid closer attention to what the update was.
On 04/05/2013 12:36 AM, bwilson30 wrote:
> I wish I had paid
> closer attention to what the update was.
if you know when it was fixed, you can probably find it in
/var/log/zypp/history
because each action has a date/time listed…
–
dd
I have had this problem, which was started by an update, then fixed by another update, then screwed up again by another update. I tried the above advise, but found no local authorization entry to delete. Set implicit authos (all 3) to “yes.” Restart. Problem not fixed. I suspect this problem was fixed (and relapsed) by “systemd-presets-branding…” patches/updates. I found a “suspend” entry under one of several “systemd project” categories in the above described app (Configure Desktop->System Administration->actions policy. But I find that this app is not working, trying to “Apply” changes returned an error msg after delay, changes to settings are not retained, but revert to previous…
Same problem here, although I was able to get “actions policy” to save my setting (when I reboot and go back into action policy the changes I made show), but even with them all set to implicit I still get that prompt, this is incredibly annoying.
When you close the lid on a laptop IT SHOULD SUSPEND, no if’s and’s or but’s. This really needs to be fixed.
That settings module is just plain broken, even if it may seem to work.
It already got removed from openSUSE’s default installation, see the changelog of “kdebase4-workspace”:
* Sat May 18 2013 hrvoje.senjan@gmail.com
- Remove polkit-kde-kcmmodules-1 from Requires, as the package is
broken - it overwrites rules shipped by other packages (kde#308934),
and confuses users that it does something it doesn't (bnc#814763)
The two bugs mentioned are these:
https://bugzilla.novell.com/show_bug.cgi?id=814763
https://bugs.kde.org/show_bug.cgi?id=308934
The only working and supported method to change those polkit permissions is to add them to /etc/polkit-default-privs.local and run “set_polkit_default_privs” afterwards.
In this case, you would have to add:
org.freedesktop.upower.suspend yes
But: Suspend should work without having to enter a password on a default install. (and it does here)
Have you maybe changed the security settings in /etc/sysconfig/security? (especially “PERMISSION_SECURITY” should be set to “easy local”)
Maybe you have a problem with logind. What does “loginctl” output?
Well, actually with KDE 4.11 it is:
org.freedesktop.login1.suspend yes
Can’t check with 4.10 (as included in openSUSE 12.3) now.
But to be on the safe side, you can just add BOTH lines.
Let me clarify: it happens with more than one user logged in, and I can’t find any way to make it suspend without prompting for authorization in this scenario. its a horrible, horrible default.
Here’s what happens:
User 1 and user 2 are logged in. I close the lid in the user 1 session. Nothing happens. I open the lid, there is no prompt or anything in user 1, if I switch to user 2 there is an prompt saying I need authorization to suspend with multiple users logged in. As soon as I click anything on that prompt (even if I click cancel and don’t put a password) if immediately suspends.
Do you have the package “acpid” installed then? If yes, remove it.
Sounds like two suspend systems are fighting with each other.
The corresponding polkit rule should be this then in your case I guess:
org.freedesktop.login1.suspend-multiple-sessions
which also defaults to “yes” for the active console on a default installation.
To find out which rule is blocking you, click on details and hover the mouse on the text next to “Action:”.
I want to add that I just tried it.
I am NOT getting asked for the root password even when 2 users are logged in simultaneously.
And I’m having the default polkit settings.
So this is no horrible default, but something is wrong on your system…
I have the same problem, and can’t figure it out. (openSuSE 12.3 KDE). when I try to put the system to Sleep mode, first it asks for the root password but then immediately locks the screen, so now I have to login, enter the password, and then again execute sleep mode. it happened after one of the upgrades.
I have had this problem from the very beginning when I installed openSuSE 12.3 (I always make a fresh installation, no upgrade). Yesterday, I googled about it again, and after nothing described in this thread above, I found the solution on some other forum. I forgot which one, but the trick is to add the lines ALL = NOPASSWD: /usr/sbin/pm-hibernate ALL = NOPASSWD: /usr/sbin/pm-suspend to /etc/sudoers. Here, is your login name. Now I can hibernate without root pass word. I don’t know, if this is a good idea security wise, however…
I have had this problem from the very beginning when I installed openSuSE 12.3 (I always make a fresh installation, no upgrade). Yesterday, I googled about it again, and after nothing described in this thread above, I found the solution on some other forum. I forgot which one, but the trick is to add the lines ALL = NOPASSWD: /usr/sbin/pm-hibernate ALL = NOPASSWD: /usr/sbin/pm-suspend to /etc/sudoers. I used visudo for that, as indicated in the header of the file. Here, is your login name. Now I can hibernate without root pass word. I don’t know, if this is a good idea security wise, however…
No, it’s not really. All logged in users even from remote can suspend your system now using sudo. I guess that doesn’t really affect you negatively though.
But again: It should not be necessary to supply the root password on a default install.
So, please, give a bit more information, such as which Desktop environment you’re using, or how you tried to suspend.
For running /usr/sbin/pm-suspend you do need root permissions of course, that’s by design.
But it should work ok as user using your desktop environment’s method or running “systemctl suspend”.
And please post the output of:
loginctl
grep PERMISSION /etc/sysconfig/security
This answer also applies to ilasolomon, of course…
I see, but that shouldn’t affect me very much, because I’m the only user of my laptops. As long as nobody hacks into my system he won’t be able to hibernate/suspend, right?
To answer your questions: I use kde 4.11 from the opensuse repositories, but that behavior of hibernate hasn’t changed ever since I installed openSuSE 12.3. No matter whether I use the Lock/Logout widget or whether I press the power button (I’ve told in the Battery Monitor Settings to hibernate pressing the power button), I always had to give the root password. Suspend to memory worked without it all the time.
loginctl gives
SESSION UID USER SEAT
1 1000 hees seat0
1 sessions listed.
and
grep PERMISSION /etc/sysconfig/security
PERMISSION_SECURITY=“easy local”
PERMISSION_FSCAPS=""
PERMISSION_SECURITY. If PERMISSION_SECURITY contains ‘secure’ or
Right.
To answer your questions: I use kde 4.11 from the opensuse repositories, but that behavior of hibernate hasn’t changed ever since I installed openSuSE 12.3. No matter whether I use the Lock/Logout widget or whether I press the power button (I’ve told in the Battery Monitor Settings to hibernate pressing the power button), I always had to give the root password. Suspend to memory worked without it all the time.
loginctl gives
SESSION UID USER SEAT
1 1000 hees seat0
1 sessions listed.
and
grep PERMISSION /etc/sysconfig/security
PERMISSION_SECURITY=“easy local”
PERMISSION_FSCAPS=“”PERMISSION_SECURITY. If PERMISSION_SECURITY contains ‘secure’ or
That looks ok.
Now, what does those give:
pkaction --verbose --action-id org.freedesktop.upower.suspend
pkaction --verbose --action-id org.freedesktop.login1.suspend
And does “systemctl suspend” work?
Oops, sorry, I just now recognized you are talking about hibernate not suspend! (well, that’s what you get when you hijack a thread… )
So i need the output of those of course:
pkaction --verbose --action-id org.freedesktop.upower.hibernate
pkaction --verbose --action-id org.freedesktop.login1.hibernate
And does “systemctl hibernate” work?
Interestingly, now after some times working, even with this hack in /etc/sudoers it doesn’t work again anymore!
When trying to hibernate, no matter whether with the Lock/Logout widget on the panel of my kde 4.11 desktop, hitting the power button on my laptop (which correctly wants to hibernate the laptop) or I try it by hand from an xterm. This gives
hees@lap-hees:~> systemctl hibernate
Failed to issue method call: Access denied
Failed to issue method call: Access denied
Then for your questions of the pkaction outputs:
hees@lap-hees:~/public_html/publ> pkaction --verbose --action-id org.freedesktop.upower.hibernate
org.freedesktop.upower.hibernate:
description: Hibernate the system
message: Authentication is required to hibernate the system
vendor: The UPower Project
vendor_url: UPower
icon: system-suspend
implicit any: yes
implicit inactive: yes
implicit active: yes
hees@lap-hees:~/public_html/publ> pkaction --verbose --action-id org.freedesktop.login1.hibernate
org.freedesktop.login1.hibernate:
description: Hibernate the system
message: Authentication is required for hibernating the system.
vendor: The systemd Project
vendor_url: systemd
icon:
implicit any: auth_admin_keep
implicit inactive: auth_admin_keep
implicit active: yes
What do you mean? Does the hibernate not work anymore, or are you asked for the root password?
When trying to hibernate, no matter whether with the Lock/Logout widget on the panel of my kde 4.11 desktop, hitting the power button on my laptop (which correctly wants to hibernate the laptop) or I try it by hand from an xterm. This gives
hees@lap-hees:~> systemctl hibernate
Failed to issue method call: Access denied
Failed to issue method call: Access denied
So there seems to be something wrong with polkit.
Which version do you have installed?
rpm -qi polkit
You outputs look correct. You should be able to hibernate without password.