Popular Posts

Run programs and actions without entering password

9:28 AM 2 Comments A+ a-

Here we will explain how to run your common desktop programs and actions without entering password. There are several ways to do that.
After hours of searching simple solution I found it in Synaptic Package Manager, it is so simple taht simpler cannot be :). Just open Synaptic Package Manger , type policykit-desktop-privileges in search field, and when it appears select to install, then Apply... that is all!
You can also install it by command line: sudo apt-get install policykit-desktop-privileges
Also you can download it from this link.

This package provides a set of PolicyKit privileges which allow Administrators to run common actions without being asked for their password.
Those actions are:
  • mounting and checking internal disk drives (through udisks)
  • setting the time and timezone (through the GNOME clock applet or through KDE)
  • Ading and changing system-wide NetworkManager connections including ethernet, vpn, dsl, wirelles...
  • setting the CPU speed and policy (through the GNOME CPU frequency applet)
  • Update already installed software (Not install, everyone must enter password on install, very good for companies and organizations)
  • Configure printers
 All this applies only for Administrators (Users who are in "sudo" or "admin" groups).

























If you need more control you can edit policykit by yourself, or you can edit sudoers.

How to  edit sudoers configuration


Editing sudoers will help you to configure which programs (not actions) you can open with/without password.
I will explain you simplest way to edit sudoers, you can read details on  link1 , link2 and link3.

Fisrt select editor in command line: sudo select-editor
I recommend to choose nano editor because it os simplest.

Then lunch editor, you MUST use this command because it will take care that you don't make mistake and avoid system crash.Run command: sudo visudo

In the editor, if you want for example to access k3b and amarok without entering password add this lines:
%admin ALL=NOPASSWD:/usr/bin/k3b
%admin ALL=NOPASSWD:/usr/bin/amarok

'%' sign means that it applies on group named admin, if you want to apply on user delete sign '%'
username ALL=NOPASSWD:/usr/bin/amarok

If you want to have access to all programs without password add this line:
 %admin ALL = NOPASSWD: ALL

Save it , and that's it.

How to  edit policykit configuration


Editing policykit will help you to determine which action  you can open with/without password.
I will explain you simplest way to edit sudoers, you can read details on link1 and  link2.


You can change the settings by manually editing the configuration files in the /usr/share/polkit-1/actions directory, but this is risky. To make changes you first have to know the action to change and the permission to set. The man page for polkit will list possible authorizations. The default authorizations can be allow_any for anyone, allow_inactive for a console, and allow_active for an active console only (user logged in). These authorizations can be set to specific values, which are listed here.
auth_admin : Administrative user only, authorization required always
auth_admin_keep
 : Administrative user only, authorization kept for brief period.
auth_self
 : User authorization required
auth_self_keep
 : User authorization required, authorization kept for brief period.
yes 
: Always allow access
no
 : Never allow access
On this window, action name is com.ubuntu.pkexec.synaptic
You will need to know the PolicyKit action to modify and the file to edit. The action is listed in the PolicyKit dialog that prompts you to enter the password (expand the Details arrow) when you try to use an application. The File will be the first segments of the action with the suffix policy attached. For example, the action for mounting internal drives is:
org.freedesktop.udisks.filesystem-mount-system-internal
Its file is: org.freedesktop.udisks.policy
The file is located in the /usr/share/polkit-1/actions folder. Its full path  is:
/usr/share/polkit-1/actions/org.freedesktop.udisks.policy
Users with administrative access, like your primary user, can mount internal partitions on your hard drives automatically. However, users without administrative access require authorization using an administrative password before they can mount a partition. Should you want to allow non-administrative users to mount partitions without an authorization request, the org.freedesktop.udisks.policy file in the /usr/share/polkit-1 directory has to be modified to change the allow_active default for filesystem-mount-system-internal action from auth_admin_keep to yes. The auth_admin_keep option requires administrative authorization.
Enter the following to edit the org.freedesktop.udisks.policy file in the /usr/share/polkit-1/actionsdirectory:
sudo gedit /usr/share/polkit-1/actions/org.freedesktop.udisks.policy
Locate the action id labeled as:
<action id =”org.feedesktop.udisks.filesystem-mount-system-internal”>
<description>Mount a system-internal device</description>
This is usually the second action id. At the end of that action section, you will find the following entry. It will be located within a defaults subsection, <defaults>.
<allow_active>auth_admin_keep</allow_active>
Replace auth_admin_keep with yes.
<allow_active>yes</allow_active>
Save the file. Non-administrative users will no longer have to enter a password to mount disks.

2 komentari

Write komentari
Anonymous
AUTHOR
February 17, 2014 at 9:44 PM delete This comment has been removed by a blog administrator.
avatar
Retrovit ID
AUTHOR
May 12, 2014 at 9:27 AM delete

Thanks for review, it was excellent and very informative.
thank you :)

Reply
avatar