pkexec asks for user-password, should be root-password [solved]

[spielmops]

I installed LMDE5 (32-bit, Gui is now XFCE) and unlocked root. Changed /etc/sudoers to ask for root-password and now sudo works as expected by me: sudo asks for the root-password.

But: pkexec asks for the user-password and I want pkexec to ask for the root-password as well. I searched the web and this machine the whole day, compared it even with another laptop with Mint-Ubuntu, where pkexec wants the root-password. The rules are the same, the files in /etc/polkit are the same.

I can not find the reason for this behaviour, can anyone give me a hint or point me to a solution?

Spielmops

[spielmops]

Answer:

If in /etc/polkit exists a file with the entry

Code: Select all

AdminIdentities=unix-group:sudo

,
then you have to delete it. From then on the system asks for the root password.

Spielmops

[linux-rox]

I would like to point out to any newbies reading the thread, pkexec should ask for the user/sudo password. That's how the operating system is designed. Indeed, by default, the root password isn't even enabled.

The OP wants to do it differently, and that's his prerogative, but it's not standard practice and shouldn't be imitated without good reason.

[spielmops]

For newbies also:
The way of not having an administrator and letting the ordinary user do everything was eventually adopted by Windows Home. I grew up with versions of Linux that stayed on the safe side and strictly separated root and user. I've been working with Linux for 25 years and strangely enough there has never been a break-in to my computers. But I can imagine that nowadays the alternative facts count more...

Spielmops

[linux-rox]

Wish I had a nickel for every newbie who showed up on a user forum having broken their system because they followed confident-sounding advice from an experienced user. Your preference is not the design philosophy of this operating system. The implication of the thread title is plain wrong. And if someone modifies their polkit file as you suggest without also enabling the root account they will be unable to open GUI apps with elevated privileges. Meanwhile, not all users get sudo privileges. Giving those who do two hats doesn't make them any more careful, which is what really counts.

[spielmops]

And if someone modifies their polkit file as you suggest

I did not modify my polkit-file

they will be unable to open GUI apps with elevated privileges

That is the reason, why I mentioned unlocking root first.

Your preference is not the design philosophy of this operating system

Yes, you got that and I did too. That does not mean, that the philosophy of this OS is the best.

The strict separating of /user/root was the philosophy 25 years ago, when I started with Linux. And at that time, setting up a separate home partition was always advised. And everywhere in the GUI it was just a simple click - just like in the browser. But all of that is now seen as wrong. So that Linux feels better for those switching from Windows?

Spielmops

[linux-rox]

Yes, I get it. You're smarter than the developers. You know how Linux should be done. Your way is the RIGHT way. Let's bear in mind, sudo has been around since approximately the Late Bronze Age. That you don't like it doesn't make it a bad thing. You are free, of course, to set up your system however you like. Doesn't mean anyone else should copy you. At least, now they have been warned. What they do from here is their choice also.

Apparently you need to have the last word. Knock yourself out. I've said what I have to say.

[spielmops]

Alexa: play Laid Back with Bakerman.
Playing ....

You′ve got to cool down
Take it easy
You've got to cool down
Relax take it easy
Slow down relax

If you would please read my post once again and carefully. I never said, that I know it better! I mentioned a different philosophy that was in place when Linux was introduced 25 years ago, and that's what developers came up with, not me.

Spielmops

[Shiva]

I generally avoid posting when topic has been closed, but the previous debate has no real sense.

If pkexec asks for user password, it's because the creator of the polkit asked for it with a line similar to :

Code: Select all

<allow_active>auth_user_keep</allow_active>

If he wanted root password, he'd have asked for it with, for example :

Code: Select all

<allow_active>auth_admin_keep</allow_active>

He probably chose the user_password to allow any user to perform the task managed by the polkit (e.g. open nemo with privileges or backup/restore a timeshift snap) and not only the superuser.

[spielmops]

Sorry, wrong! Within the polkit-rules in every rule only admins are allowed. It's the entry in /etc/polkit with sudo as described.