Welcome
Welcome to refracta

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

Well I broke pkexec somehow, synaptic opens without a passwd

Ask your questions here.

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby greenjeans » Thu Sep 22, 2016 11:17 pm

@ thwak: If you wanted to go that route, wouldn't it be easier and less likely to break anything just to make a pin file in etc/apt/preferences and pin Synaptic?
http://www.mrgreenjeans.net/opensource
Devuan-mate-minimal hybrid-iso, made with Refractasnapshot.
User avatar
greenjeans
 
Posts: 66
Joined: Tue Sep 06, 2016 10:57 pm
Location: inna woods

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby thwak » Thu Sep 22, 2016 11:35 pm

greenjeans wrote:I think pkexec is installed by default with the mate-policy-kit, so maybe it's not in xfce?
It's definitely in there on a Devuan install with the mate desktop, haven't tried a Devuan install with any of the other DE's.

On refracta, is pkexec not pulled in by gparted?
locate pkexec
even with "just fluxbox", me gots pkexec
Code: Select all
root@antix1:/home/demo# locate pkexec
/usr/bin/gparted-pkexec
/usr/bin/pkexec
/usr/bin/synaptic-pkexec
/usr/share/man/man1/pkexec.1.gz
/usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy
/usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy


Mate still has some minor dependencies here and there on some gnome libraries too,
some I can't get rid of, but found several that I could, don't know why they're still there...
maybe some of the other stuff I dumped needed them.

(unless you would prefer to grep awk and pipe rdepends output, and suchlike, in terminal)
In synaptic preferences, tick the "show package properties in main window".
(perform a search in order to filter and) Click to focus any package (likely perps: gconf, gvfs, polkit*).
In the lower-right pane, select the 'Dependencies' tab and via the selectbox choose 'Dependants'.
You can see the "why" for that package, and afterward, as you click onto other top-right rows their "why" will immediately be displayed to the lower pane.
-=-
Alternatively, right-click and "Mark for Complete Removal" a package of interest, then click 'Apply' in toolbar.
The "Are you sure? xx packages will be removed" dialog provides a CANCEL button, and displays all the
currently-installed dependants that would concurrently, necessarily, be uninstalled.

Bear in mind: "gnome-developed packages" is not analagous to "gnome (shell) packages"
Personally, I (bite off my nose to spite my face) avoid gvfs but if you setup a system without it...
as soon as enduser installs any of a myriad packages, that (gvfs) winds up getting reinstalled
(and, if you pin to prevent its installation, lotta endusers will be inconvenienced.)
thwak
 
Posts: 165
Joined: Tue Nov 20, 2012 3:58 am

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby thwak » Thu Sep 22, 2016 11:54 pm

Before someone here posts
but, but... EVERYTHING depends on gvfs
alternatives do exist (and IMO are usually superior) for each of the gvfs-dependant apps, e.g.
thunar }} spacefm
thwak
 
Posts: 165
Joined: Tue Nov 20, 2012 3:58 am

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby greenjeans » Fri Sep 23, 2016 12:18 am

thwak wrote:On refracta, is pkexec not pulled in by gparted?
locate pkexec
even with "just fluxbox", me gots pkexec
Code: Select all
root@antix1:/home/demo# locate pkexec
/usr/bin/gparted-pkexec
/usr/bin/pkexec
/usr/bin/synaptic-pkexec
/usr/share/man/man1/pkexec.1.gz
/usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy
/usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy



Ahh, pulled in by policykit-1 then?
Last edited by greenjeans on Fri Sep 23, 2016 12:32 am, edited 2 times in total.
http://www.mrgreenjeans.net/opensource
Devuan-mate-minimal hybrid-iso, made with Refractasnapshot.
User avatar
greenjeans
 
Posts: 66
Joined: Tue Sep 06, 2016 10:57 pm
Location: inna woods

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby golinux » Fri Sep 23, 2016 12:24 am

@thwak . . . it would be helpful if your lines didn't break. Makes it challenging to read your posts. Are you c/p from a word processor?
May the FORK be with you!
User avatar
golinux
 
Posts: 643
Joined: Thu Nov 08, 2012 1:23 am

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby nadir » Fri Sep 23, 2016 12:28 am

thwak wrote:
greenjeans wrote:I think pkexec is installed by default with the mate-policy-kit, so maybe it's not in xfce?
It's definitely in there on a Devuan install with the mate desktop, haven't tried a Devuan install with any of the other DE's.

On refracta, is pkexec not pulled in by gparted?
locate pkexec
even with "just fluxbox", me gots pkexec
[...

aptitude why pkexec
might be of help.
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1159
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby greenjeans » Fri Sep 23, 2016 12:48 am

There's some info on the archwiki about polkit, seems it's possible bypass password by creating a rules file either globally or for individual actions, but I haven't created one and there's not one in the system in question. So i'm stumped so far.
http://www.mrgreenjeans.net/opensource
Devuan-mate-minimal hybrid-iso, made with Refractasnapshot.
User avatar
greenjeans
 
Posts: 66
Joined: Tue Sep 06, 2016 10:57 pm
Location: inna woods

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby greenjeans » Fri Sep 23, 2016 1:11 am

Sonuvagun, there's a folder and file in the remastered/installed system that doesn't exist in the Devuan installs, it's under etc, and the folder is "PolicyKit" (with the capital letters), and the file in it is "PolicyKit.conf", an xml file that looks like this:

Code: Select all
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->

<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">

<!-- See the manual page PolicyKit.conf(5) for file format -->

<config version="0.1">
   <match user="root">
      <return result="yes"/>
   </match>
   <!-- don't ask password for user in live session -->
   <match user="guest">
      <return result="yes"/>
   </match>
   <define_admin_auth group="adm"/>
</config>


Wonder where that came from? I see that it has the comment about not asking for password in live session, but don't see anything specifying a live session.

Mebbe I should kill it and see what happens.
http://www.mrgreenjeans.net/opensource
Devuan-mate-minimal hybrid-iso, made with Refractasnapshot.
User avatar
greenjeans
 
Posts: 66
Joined: Tue Sep 06, 2016 10:57 pm
Location: inna woods

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby greenjeans » Fri Sep 23, 2016 1:29 am

Yeah, it's letting me mount other partitions too without asking for a password, it's behaving just like the livecd does, is there something I need to do to retract those permissions during install from the livecd?
http://www.mrgreenjeans.net/opensource
Devuan-mate-minimal hybrid-iso, made with Refractasnapshot.
User avatar
greenjeans
 
Posts: 66
Joined: Tue Sep 06, 2016 10:57 pm
Location: inna woods

Re: Well I broke pkexec somehow, synaptic opens without a pa

Postby fsmithred » Fri Sep 23, 2016 2:03 am

gparted-pkexec is in Refracta, but starting it from the menu does nothing. If I start it in a terminal, I'm asked for the root password. I don't really remember how it was a year or two ago, but I recall that pkexec didn't work, and for a while, gksu could not be installed. I made some changes in snapshot and installer for that.

See /lib/live/config/1080-policykit for where that file comes from.

I'm getting the same behavior on a fresh install - I can start gparted from the menu without a password. Maybe PolicyKit.conf needs to be added to the rsync excludes list.

On my main installation, the stock .desktop file does nothing, but gparted-pkexec in a terminal asks for the root password. I think I see why there's a difference.
Code: Select all
   <!-- don't ask password for user in live session -->
   <match user="user">
That's not my user name on my main box. It is my user name on the fresh install.

I guess this is everything installed that has a pkexec file.
Code: Select all
$ dpkg -S pkexec
mate-system-tools: /usr/share/man/man1/mate-services-admin-pkexec.1.gz
mate-system-tools: /usr/share/man/man1/mate-shares-admin-pkexec.1.gz
mate-system-tools: /usr/bin/mate-shares-admin-pkexec
policykit-1: /usr/share/man/man1/pkexec.1.gz
mate-system-tools: /usr/bin/mate-network-admin-pkexec
policykit-1: /usr/bin/pkexec
mate-system-tools: /usr/bin/mate-services-admin-pkexec
synaptic: /usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy
synaptic: /usr/bin/synaptic-pkexec
mate-system-tools: /usr/share/man/man1/mate-network-admin-pkexec.1.gz
gparted: /usr/bin/gparted-pkexec
gparted: /usr/share/polkit-1/actions/com.ubuntu.pkexec.gparted.policy
mate-system-tools: /usr/share/man/man1/mate-time-admin-pkexec.1.gz
mate-system-tools-common: /usr/share/polkit-1/actions/org.debian.pkexec.mate-system-tools.policy
mate-system-tools: /usr/bin/mate-time-admin-pkexec


Edit: Deleting PolicyKit.conf does not change it. I tried logging out, restarting lightdm and rebooting. No change.
User avatar
fsmithred
 
Posts: 1987
Joined: Wed Mar 09, 2011 9:13 pm

PreviousNext

Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

suspicion-preferred