如何让 Polkit 请求 root 密码而不是用户密码

Question

此行为由 PolicyKit 的当地政府配置。来自以下ADMINISTRATOR AUTHENTICATION部分man pklocalauthority：

   By default, "administrator authentication" is defined as asking for the
   root password. Since some systems, for usability reasons, don't have a
   root password and instead rely on a group of users being member of an
   administrative group that gives them super-user privileges, the Local
   Authority can be configured to support this use-case as well.

   Configuration for the Local Authority is read from files in the
   /etc/polkit-1/localauthority.conf.d directory. All files are read in
   lexigraphical order (using the C locale) meaning that later files can
   override earlier ones. The file 50-localauthority.conf contains the
   settings provided by the OS vendor. Users and 3rd party packages can
   drop configuration files with a priority higher than 60 to change the
   defaults.

至少在我的（18.04）Ubuntu系统中，两个相关文件是50-localauthority.conf和51-ubuntu-admin.conf：

$ head /etc/polkit-1/localauthority.conf.d/*
==> /etc/polkit-1/localauthority.conf.d/50-localauthority.conf <==
# Configuration file for the PolicyKit Local Authority.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
#
# See the pklocalauthority(8) man page for more information
# about configuring the Local Authority.
#

[Configuration]
AdminIdentities=unix-user:0

==> /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf <==
[Configuration]
AdminIdentities=unix-group:sudo;unix-group:admin

因此，为了恢复 PolicyKit 默认设置，即使用AdminIdentities=unix-user:0（即root）而不是 Ubuntu 默认设置AdminIdentities=unix-group:sudo;unix-group:admin（即成员sudo和/或admin组），只需重命名该51-ubuntu-admin.conf文件以便更早加载或根本不加载它即可 - 例如

sudo mv /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf{,.ignore}

或者注释掉AdminIdentities其中的条目。前一种选择可能更简洁，更易于维护。

Answer 1

此行为由 PolicyKit 的当地政府配置。来自以下ADMINISTRATOR AUTHENTICATION部分man pklocalauthority：

   By default, "administrator authentication" is defined as asking for the
   root password. Since some systems, for usability reasons, don't have a
   root password and instead rely on a group of users being member of an
   administrative group that gives them super-user privileges, the Local
   Authority can be configured to support this use-case as well.

   Configuration for the Local Authority is read from files in the
   /etc/polkit-1/localauthority.conf.d directory. All files are read in
   lexigraphical order (using the C locale) meaning that later files can
   override earlier ones. The file 50-localauthority.conf contains the
   settings provided by the OS vendor. Users and 3rd party packages can
   drop configuration files with a priority higher than 60 to change the
   defaults.

至少在我的（18.04）Ubuntu系统中，两个相关文件是50-localauthority.conf和51-ubuntu-admin.conf：

$ head /etc/polkit-1/localauthority.conf.d/*
==> /etc/polkit-1/localauthority.conf.d/50-localauthority.conf <==
# Configuration file for the PolicyKit Local Authority.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
#
# See the pklocalauthority(8) man page for more information
# about configuring the Local Authority.
#

[Configuration]
AdminIdentities=unix-user:0

==> /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf <==
[Configuration]
AdminIdentities=unix-group:sudo;unix-group:admin

因此，为了恢复 PolicyKit 默认设置，即使用AdminIdentities=unix-user:0（即root）而不是 Ubuntu 默认设置AdminIdentities=unix-group:sudo;unix-group:admin（即成员sudo和/或admin组），只需重命名该51-ubuntu-admin.conf文件以便更早加载或根本不加载它即可 - 例如

sudo mv /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf{,.ignore}

或者注释掉AdminIdentities其中的条目。前一种选择可能更简洁，更易于维护。

如何让 Polkit 请求 root 密码而不是用户密码

答案1

相关内容