← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #15196

[Bug 221363] Re: Policy Kit Unlock Buttons Greyed Out when using NX / VNC / LTSP

  Thread PreviousDate PreviousThread Next 
Derek:
The criteria is that you hit this bug on a certain package. ;-)
I think most packages should be fixed, even if a small minority should keep using allow_active: it can only be useful when e.g. managing hardware, sound, mounted devices, etc. In these cases, only the current user should be allowed to run the action. But in most cases, it's too much of a restriction, and if you feel the need for the change, it's probably that it should happen.

One way to find these packages is to run
grep -R "<allow_any>no" /usr/share/polkit-1/actions/
and then check each file and try to guess whether the use of allow_active only is legetimate or not. Then, file a bug uptsream and open a bug watch here.


Ben:
One reason why GDM devs haven't replied can be that upstream's 3.0 uses GSettings for gdmsetup, and doesn't suffer from the bug. Ubuntu would need to check that. Other maintainers might be more responsive.
If you fear that people will make the same mistake in the future, then you can write a simple patch the the Polkit tutorial. Notably, the example config file could have <allow_any>auth_admin</allow_any> instead of "no", or a comment could explain what reasonable defaults are. You can find them at:
http://cgit.freedesktop.org/PolicyKit/tree/docs

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to system-tools-backends in Ubuntu.
https://bugs.launchpad.net/bugs/221363

Title:
  Policy Kit Unlock Buttons Greyed Out when using NX / VNC / LTSP

Status in FreeNX open source NX Server:
  Fix Released
Status in GDM: The Gnome Display Manager:
  New
Status in PolicyKit:
  Invalid
Status in system-tools-backends:
  Fix Released
Status in “policykit” package in Ubuntu:
  Invalid
Status in “policykit-1” package in Ubuntu:
  Invalid
Status in “system-tools-backends” package in Ubuntu:
  Triaged

Bug description:
  I installed 8.04 LTS server on a system.  Then installed ubuntu-
  desktop using apt.  Installed Nomachine's NX server and connected to
  it.

  The unlock buttons on Users and Groups or Network are greyed out and
  un-accessible.  Tried running from a term 'sudo users-admin' with the
  same results.

  Works fine with VNC and NX "Shadow" session however this is not really
  acceptable as it means a session has to be running on console first.

  I have tried to enable every option in Authorizations to allow the
  remote session to have privileges to no avail.

  output of dpkg relevant packages:

  ii  gnome-system-t 2.22.0-0ubuntu Cross-platform configuration utilities for G
  ii  liboobs-1-4    2.22.0-0ubuntu GObject based interface to system-tools-back
  ii  policykit      0.7-2ubuntu7   framework for managing administrative polici
  ii  system-tools-b 2.6.0-0ubuntu7 System Tools to manage computer configuratio

  ================
  == Workarounds  ==
  ================

  1) *Jaunty or older*

  From
  https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/238799/comments/16
  (the packages from comment 24 are broken links now):

  I was able to get access via VNC tunneled through SSH by changing the
  following settings in policykit. You can do it locally via
  Authorizations, or you can do it remotely using "sudo ck-launch-
  session polkit-gnome-authorization" in a terminal window in your
  tunneled VNC session. This worked on Ubuntu 9.04 Server RC running
  xubuntu-desktop, so as always YMMV.

  For system configuration, change all implicit authorizations under org
  -> freedesktop -> systemtoolsbackends -> Manage System Configuration
  (org.freedesktop.systemtoolsbackends.set) to "Admin Authentication."

  For user management, change all implicit authorizations under org ->
  freedesktop -> systemtoolsbackends -> self -> Change User
  Configuration (org.freedesktop.systemtoolsbackends.self.set) to
  "Authentication."

  Reset gdm by rebooting or running "sudo /etc/init.d/gdm restart" from
  a terminal window, and you should be able to unlock the user settings
  control panel and other similarly useful things through your tunneled
  VNC session.

  2) *Karmic or newer*

  Apply this patch: http://launchpadlibrarian.net/39471473/polkit-systemtools-remote-allow.patch
  # sudo cp -a /usr/share/polkit-1/actions/org.freedesktop.SystemToolsBackends.policy /usr/share/polkit-1/actions/org.freedesktop.SystemToolsBackends.policy.ori
  # sudo patch /usr/share/polkit-1/actions/org.freedesktop.SystemToolsBackends.policy polkit-systemtools-remote-allow.patch

  Then kill polkitd, it will be restarted automatically:
  # sudo pkill polkitd

To manage notifications about this bug go to:
https://bugs.launchpad.net/freenx-server/+bug/221363/+subscriptions
  Thread PreviousDate PreviousThread Next