Trying to connect to tigervnc server running on Ubuntu 18.04 (using TigerVNC viewer windows client). After the initial authentication, I get an additional authentication prompt that reads "Authentication is required to create a color pr...". This happens only for the first login following a tigervnc server restart. Is there anyway I can bypass this?
Asked
Active
Viewed 1.2k times
2 Answers
6
I fixed this by creating this file and setting perms to 644, and owner root:root:
Filename: /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
Contents:
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" ||
action.id == "org.freedesktop.color-manager.create-profile" ||
action.id == "org.freedesktop.color-manager.delete-device" ||
action.id == "org.freedesktop.color-manager.delete-profile" ||
action.id == "org.freedesktop.color-manager.modify-device" ||
action.id == "org.freedesktop.color-manager.modify-profile"
) && (
subject.isInGroup("{nogroup}")
)
)
{
return polkit.Result.YES;
}
});
wryan
- 179
- 4
-
2Can you explain how you came up with that, why it works, or where you got the info from? – Dogweather Sep 11 '18 at 22:01
-
A really good write-up on this can be found here: https://c-nergy.be/blog/?p=12073 – ulidtko Apr 23 '20 at 17:18
-
Besides: `... && subject.isInGroup("{nogroup}")` makes no sense. Just delete or comment-out the check. This is JavaScript. – ulidtko Apr 23 '20 at 17:20
2
Let me just extract the concrete fix for 18.04 only from the sequel to this excellent blog post. The latter drills down to the root cause of this issue; the former fixes it properly — while avoiding a crash caused by the return polkit.Result.YES; solution already posted here and elsewhere.
cat << EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF
This is relevant only for PolKit < 0.106 (pkaction --version).
For PolKit 0.106+ (Ubuntu 18.10+) this authorization is granted differently, via the javascript .conf file:
cat << EOF | sudo tee /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" ||
action.id == "org.freedesktop.color-manager.create-profile" ||
action.id == "org.freedesktop.color-manager.delete-device" ||
action.id == "org.freedesktop.color-manager.delete-profile" ||
action.id == "org.freedesktop.color-manager.modify-device" ||
action.id == "org.freedesktop.color-manager.modify-profile"
//-- no group restriction; allow any user to manipulate color profiles!
//-- uncomment and substitude adm with the group you need, if needed.
// ) && (
// subject.isInGroup("{adm}")
))
{
return polkit.Result.YES;
}
});
EOF
ulidtko
- 5,613
- 1
- 35
- 49