17

I'd like Software Center, Update Manager and some other system management applications to work without asking for password (like sudo does if configured with NOPASSWD) but only asking for a confirmation instead, or even without any confirmation. At the same time I wouldn't like to use no user password at all. Is this reachable?

Ivan
  • 55,987
  • 65
  • 150
  • 212

6 Answers6

20

Ubuntu Software Center authorization uses policy kit. When requested for the authentication during the remove action you can expand the "Details" pointer to see the action that is being invoked. It's org.debian.apt.install-or-remove-packages . You can change the corresponding policy to not request for authentication:

Edit /usr/share/polkit-1/actions/org.debian.apt.policy, search for org.debian.apt.install-or-remove-packages, then find for the defaults section, replace auth_admin and auth_admin_keep with yes .

Oli
  • 289,791
  • 117
  • 680
  • 835
João Pinto
  • 17,029
  • 5
  • 55
  • 68
3

Adding to joão-pinto's answer, since software center now uses snapcraft's policies, the file to be modified should be this one:

/usr/share/polkit-1/actions/io.snapcraft.snapd.policy

look for the policy with id io.snapcraft.snapd.manage and change all entries under defaults to yes.

You should have this:

  <action id="io.snapcraft.snapd.manage">
    <description gettext-domain="snappy">Install, update, or remove packages</description>
    <message gettext-domain="snappy">Authentication is required to install, update, or remove packages</message>
    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

Tested on Ubuntu 20.04.1 LTS

porras
  • 31
  • 2
  • Providing access to everything was not a wise idea. You got to reconsider this. It may not be suitable for serious people. Update is totally different from new app installation. On this permission anybody can install any app snappy domain. – Shameerariff Nov 21 '20 at 16:42
2

Towards a more generic solution

Since the policies/actions can change from version to version (there are two other answers mentioning two other different files), the best way to handle this is:

  • Install some package for testing
  • Check /var/log/auth.log
  • Identify the file used and the action and make the changes according to this

After installing a package, the entries in /var/log/auth.log were these:

Apr 13 02:06:14 dragon PackageKit: uid 1000 is trying to obtain org.freedesktop.packagekit.package-install auth (only_trusted:1)
Apr 13 02:06:25 dragon polkitd(authority=local): Operator of unix-session:1 successfully authenticated as unix-user:jgr to gain TEMPORARY authorization for action org.freedesktop.packagekit.package-install for system-bus-name::1.79 [/usr/bin/python3 /usr/bin/software-properties-gtk] (owned by unix-user:jgr)
Apr 13 02:06:25 dragon PackageKit: uid 1000 obtained auth for org.freedesktop.packagekit.package-install

I've searched and found the file where the action is:

sudo grep -l -r "org.freedesktop.packagekit.package-install" /usr/share/polkit-1/
/usr/share/polkit-1/actions/org.freedesktop.packagekit.policy

Using this information, on my Ubuntu 20.04.2 LTS, I edit the following file: /usr/share/polkit-1/actions/org.freedesktop.packagekit.policy.

The I've changed the <defaults> on action: <action id="org.freedesktop.packagekit.package-install"> to:

    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
estibordo
  • 1,254
  • 13
  • 16
0

Just put in /etc/sudoers all this and it will work

# User privilege specification
root    ALL=(ALL) NOPASSWD: ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD: ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL) NOPASSWD: ALL
Danatela
  • 13,581
  • 11
  • 44
  • 70
cristian
  • 11
-1

These methods with NOPASSWD: ALL seem to result in no password being asked. this is not what I want. I want to be asked the ROOT password.

Seems the right hint was to add "Defaults rootpw" to sudoers. At least Synaptic now starts after receiving the root password. Nice. I can use Ubuntu the Debian way :)

TDC
  • 7
  • 1
-4

Note:- Disabling password prompts might be a security risk

Open the terminal window from Applications --> accessories --> terminal, run the command:

sudo visudo

Find the line that says

%admin ALL=(ALL) ALL

and change it to

%admin ALL=(ALL) NOPASSWD: ALL

Save and exit the file

Kyle Clarke
  • 479
  • 2
  • 10
  • It wont work for software center. – karthick87 Dec 20 '10 at 08:11
  • That method does remove the authentication/password prompts for many applications, but not for the Software Centre. – 8128 Dec 20 '10 at 08:25
  • It worked for the update-manager, I figured it would work on the software centre. My bad. I used this method on someone else's computer and not on my own, my bad. – Kyle Clarke Dec 20 '10 at 08:54
  • Do you just have to disable the keyring to get this to work? – NightwishFan Dec 20 '10 at 09:19
  • Setting "%admin ALL=(ALL) NOPASSWD: ALL" in /etc/sudoers is the first thing I do after I install linux to a PC. But this does not seem to affect GUI applications. – Ivan Dec 20 '10 at 13:14