当我们使用 X2Go 客户端登录 KDE seesion 时,用户会看到一个对话框,要求输入 sudo 密码。我不希望用户有 sudo 密码,并且我想阻止出现该对话框。用户不应该为此烦恼。
对话框标题是:Authentication Required PolicyKit1 KDE Agent
消息是:
**System policy prevents control of network connections**
An application is attempting to perform an action that requires privileges. Authentication is required to perform this action.
Password:
Action: Allow control of network connections
ID: org.freedesktop.NetworkManager.network-control
Vendor: NetworkManager
polkit.subject-pid: 20440
polkit.caller-pid: 708
- process 708 is /usr/bin/NetworkManager --no-daemon
- process 20440 is kded5 [kdeinit5]
pkaction version 0.116 (that's the policykit version)
相关策略已定义,因此不应请求/要求身份验证:
<action id="org.freedesktop.NetworkManager.network-control">
<_description>Allow control of network connections</_description>
<_message>System policy prevents control of network connections</_message>
<defaults>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
相关日志行是:
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: "Password: "
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: Request: "Password: "
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: REQUEST
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: Trying again
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: Action description has been found
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: Message of action: "System policy prevents control of network connections"
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: Initiating authentication
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: polkit_qt_listener_initiate_authentication callback for 0x55df1e7190a0
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: GSimpleAsyncResult:
Aug 07 21:50:54 desktop polkit-kde-authentication-agent-1[26611]: Listener adapter polkit_qt_listener_initiate_authentication
Aug 07 21:50:43 desktop polkit-kde-authentication-agent-1[26611]: Authentication agent result: true
Aug 07 21:50:43 desktop polkitd[838]: Registered Authentication Agent for unix-session:19 (system bus name :1.5274 [/usr/lib/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Aug 07 21:50:43 desktop polkit-kde-authentication-agent-1[26611]: Listener online
Aug 07 21:50:43 desktop polkit-kde-authentication-agent-1[26611]: Adding new listener PolkitQt1::Agent::Listener
Aug 07 21:50:43 desktop polkit-kde-authentication-agent-1[26611]: New PolkitAgentListener
Aug 07 21:50:42 desktop ksmserver[26587]: org.kde.kf5.ksmserver: Starting autostart service "/etc/xdg/autostart/polkit-kde-authentication-agent-1.desktop" ("/usr/lib/polkit-kde-authentication-agent-1")
到目前为止我尝试过创建这个 polkit 规则:
/etc/polkit-1/rules.d/00-networkmanager.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system")
{
polkit.log("NetworkManager.settings.modify.system: rule called");
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.network-control")
{
polkit.log("NetworkManager.network-control: rule called");
return polkit.Result.YES;
}
});
该规则由 root 拥有并具有第644章权限。
答案1
尝试使用pkla
(政策工具包地方政府) 文件:
$ sudo ls -la /etc/polkit-1/localauthority/50-local.d
total 16
drwxr-xr-x 2 root root 4096 Dec 28 20:08 .
drwx------ 7 root root 4096 Aug 1 2017 ..
-rw-r--r-- 1 root root 573 Dec 27 01:16 45-allow-colord.pkla
-rw-r--r-- 1 root root 206 Dec 28 20:08 50-allow-network-manager.pkla
$ sudo cat /etc/polkit-1/localauthority/50-local.d/50-allow-network-manager.pkla
[Network Manager all Users]
Identity=unix-user:*
Action=org.freedesktop.NetworkManager.settings.modify.system;org.freedesktop.NetworkManager.network-control
ResultAny=no
ResultInactive=no
ResultActive=yes
答案2
警告:此答案会禁用几乎所有 polkit 的安全保护。
试试这个:在 /etc/polkit-1/localauthority/50-local.d 文件夹中创建一个名为 universal.pkla 的文件,其中包含以下内容:
[Allow access to anything for remote users]
Identity=unix-user:*
Action=*
ResultAny=yes
ResultInactive=yes
ResultActive=yes
然后使用“sudo systemctl restart polkit.service”重新启动 polkit 或重新启动。从那以后我就没有看到任何 polkit 身份验证提示了。
答案3
我使用 debian 12 (KDE) 和 xrdp / vnc ,今天遇到了同样的问题。
虽然这是一个老问题,但没有一个答案对我有用。
事实上我曾经使用pkla
文件方式修复过颜色管理器问题。但我不知道为什么这一次对我不起作用。
以下是我阅读后解决此问题的方法man polkit
:
我没有使用文件,而是pkla
创建了一个规则文件,以在用户位于“sudo”组时允许“org.freedesktop.NetworkManager.network-control”操作。
只需在下面创建此配置:
/etc/polkit-1/rules.d/50-allow-network-manager.rules
---
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.network-control" &&
subject.isInGroup("sudo")) {
return polkit.Result.YES;
}
});
然后重新启动系统。
2023年12月26日更新:
您需要安装polkitd-pkla
软件包才能使 pklocalauthority 在 debian 上运行:
sudo apt install polkitd-pkla
所以这个 pkla 做了同样的事情:
[Allow Network Manager]
Identity=unix-group:sudo;
Action=org.freedesktop.NetworkManager.network-control
ResultAny=no
ResultInactive=no
ResultActive=yes