尝试连接到在 Ubuntu 18.04 上运行的 tigervnc 服务器(使用 TigerVNC viewer Windows 客户端)。初始身份验证后,我收到一个额外的身份验证提示,上面写着“需要身份验证才能创建颜色项目...”。这种情况仅在 tigervnc 服务器重启后首次登录时发生。有什么办法可以绕过这个问题吗?
答案1
我通过创建此文件并将权限设置为 644 并将所有者设置为 root:root: 来解决这个问题。
文件名:/etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
内容:
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" ||
action.id == "org.freedesktop.color-manager.create-profile" ||
action.id == "org.freedesktop.color-manager.delete-device" ||
action.id == "org.freedesktop.color-manager.delete-profile" ||
action.id == "org.freedesktop.color-manager.modify-device" ||
action.id == "org.freedesktop.color-manager.modify-profile"
) && (
subject.isInGroup("{nogroup}")
)
)
{
return polkit.Result.YES;
}
});
答案2
让我提取具体的修复方法仅适用于 18.04从续集到这篇优秀的博客文章后者深入挖掘了该问题的根本原因;前者正确地修复了该问题 — 同时避免了由return polkit.Result.YES;
此处和其他地方已发布的解决方案引起的崩溃。
cat << EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF
这是相关的仅适用于 PolKit < 0.106(pkaction --version
)。
对于 PolKit 0.106+ (Ubuntu18.10+)此授权以不同的方式通过 javascript .conf 文件授予:
cat << EOF | sudo tee /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" ||
action.id == "org.freedesktop.color-manager.create-profile" ||
action.id == "org.freedesktop.color-manager.delete-device" ||
action.id == "org.freedesktop.color-manager.delete-profile" ||
action.id == "org.freedesktop.color-manager.modify-device" ||
action.id == "org.freedesktop.color-manager.modify-profile"
//-- no group restriction; allow any user to manipulate color profiles!
//-- uncomment and substitude adm with the group you need, if needed.
// ) && (
// subject.isInGroup("{adm}")
))
{
return polkit.Result.YES;
}
});
EOF