Pamac-cli asks for password using GUI polkit

Pamac-cli, when invoked from the terminal, should prompt for password inside the terminal, no?

That used to be the case, but I didn’t use pamac for a while (tried yay and paru for some months but uninstalled both now) and now I want to use it again but this happens.

Any way to make it such that only pamac-gtk asks for polkit authentication, while pamac-cli asks for password inside the terminal (like yay and paru)?

System info:
OS: Manjaro Linux x86_64 
Kernel: 5.10.10-1-MANJARO
Shell: zsh 5.8 
DE: Xfce 
WM: Xfwm4 
Resolution: 1366x768
Host: Inspiron 3443 A11
CPU: Intel i5-5200U (4) @ 2.700GHz
GPU: NVIDIA GeForce 920M
GPU: Intel HD Graphics 5500
Memory: 7870MiB

polkit ask exists in text mode and was used before :thinking:

If you dont use aur, you can use sudo with pamac :wink:

I do use AUR rather often (that’s the point of using pamac-cli/yay/paru over pacman for me).
I’m mainly wanting to use these in my list of zsh aliases:


Yes the default behavior changed. Pamac uses now the graphical polkit agent if it exists.

1 Like

Ok, if there’s a “default” behaviour, there’s supposed to be a “custom” behaviour too, right? Can you (or someone else) please tell me how I can make it such that pamac-gtk uses GUI polkit and pamac-cli uses in-terminal authentication? What do I edit and in which config file?

No there’s no option to change this. Why would you like to force the password to be asked in the terminal?

I, too, would like what I understand @sage is wishing.

The password to be requested in the context of thee command. So if it was a GUI application, the password be requested in a GUI popup window. If it was requested for a terminal application, such as pamac the password be requested in the same terminal.

So, in other word, the same context. If I’ve got it right here. It just makes things easier.


Just as @Mirdarthos suggested, I’d like my terminal apps to stay in the terminal.

It is simply unnatural, absurd, unintuitive, counterproductive, inconvenient and intrusive that a command line application should cause a GUI to popup in my face when I’m working in the terminal. I believe there should be a way to set pamac-cli to auth inside the terminal, without disabling GUI auth for pamac-gtk. It just makes more sense.

If I want GUI, I will use pamac-gtk and if I want CLI, I will use pamac-cli.
GUI should stay GUI and CLI should stay CLI.


One such use-case could be a headless install or connections over SSH.


I think this would get around headless installs or accessing via SSH.

If the remote system has a polkit agent installed it will use that, if I understand it correctly.
Which means, that if I SSH into the remote system and run pamac-cli, it will present a polkit window on the remote machine, which I can’t see when using SSH.

Ofcourse, if this is not the case and it uses the SSH session to present the password, then this use-case is not valid. :slight_smile:

Whatever the use-case may be, I think a single line in some config file like PAMAC_CLI_USE_POLKIT_GUI = true/false would be really convenient. It is quite annoying that while I’m using a terminal app, it pops out a GUI in my face (flashing changes is bad for the eyes too). This shouldn’t be the case for any terminal app. It makes no sense as a default unless we think only about newbies (in which case it’s still absurd), but it’s worse that I don’t even have the choice to turn it off.

1 Like

Just for the record, I can confirm the behavior is not abnormal when using SSH. It asks for password in the SSH terminal as is natural. That’s Marvelous.

Still, forcing such an inconvenient and inconsistent UX on the users is just sad…
At least please give us a config toggle :worried:

I’m not sure if something in my installation is messed up or what but since the change to use the graphical polkit agent for authentication when using pamac it asks me every time via the popup to enter my password but since I’m mostly using Yakuake for quick cli stuff like pamac install xyz after I enter my password the popup is closed but the window focus is not automatically returned to Yakuake.
Obviously this wouldn’t happen if I did not have to use the graphical polkit agent from inside a Terminal.
It would be great to have an option to disable the graphical polkit agent usage for pamac.

inxi -Fazy
  Kernel: 5.4.89-1-MANJARO x86_64 bits: 64 compiler: gcc v: 10.2.1 
  parameters: BOOT_IMAGE=/boot/vmlinuz-5.4-x86_64 
  root=UUID=fc6568cf-b45e-450b-8d23-3ff40170d117 rw quiet 
  Desktop: Xfce 4.16.0 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm4 
  dm: LightDM 1.30.0 Distro: Manjaro Linux 
  Type: Desktop Mobo: ASRock model: X570 Phantom Gaming 4 serial: <filter> 
  UEFI [Legacy]: American Megatrends v: P1.70 date: 09/10/2019 
  Device-1: hidpp_battery_0 model: Logitech MX Keys Wireless Keyboard 
  serial: <filter> charge: 55% (should be ignored) rechargeable: yes 
  status: Discharging 
  Device-2: hidpp_battery_1 model: Logitech Wireless Mouse MX Master 3 
  serial: <filter> charge: 100% (should be ignored) rechargeable: yes 
  status: Discharging 
  Info: 6-Core model: AMD Ryzen 5 3600 bits: 64 type: MT MCP arch: Zen 2 
  family: 17 (23) model-id: 71 (113) stepping: N/A microcode: 8701013 
  L2 cache: 3 MiB 
  flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm 
  bogomips: 86425 
  Speed: 2370 MHz min/max: 2200/3600 MHz boost: enabled Core speeds (MHz): 
  1: 2370 2: 2052 3: 2200 4: 2200 5: 3599 6: 2199 7: 2199 8: 2201 9: 2271 
  10: 2056 11: 3599 12: 2196 
  Vulnerabilities: Type: itlb_multihit status: Not affected 
  Type: l1tf status: Not affected 
  Type: mds status: Not affected 
  Type: meltdown status: Not affected 
  Type: spec_store_bypass 
  mitigation: Speculative Store Bypass disabled via prctl and seccomp 
  Type: spectre_v1 
  mitigation: usercopy/swapgs barriers and __user pointer sanitization 
  Type: spectre_v2 mitigation: Full AMD retpoline, IBPB: conditional, STIBP: 
  always-on, RSB filling 
  Type: srbds status: Not affected 
  Type: tsx_async_abort status: Not affected 
  Device-1: AMD Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] 
  vendor: XFX Pine driver: amdgpu v: kernel bus ID: 08:00.0 chip ID: 1002:67df 
  Display: x11 server: X.Org 1.20.10 driver: loaded: ati,modesetting 
  unloaded: radeon alternate: fbdev,vesa display ID: :0.0 screens: 1 
  Screen-1: 0 s-res: 6400x1440 s-dpi: 96 s-size: 1693x381mm (66.7x15.0") 
  s-diag: 1735mm (68.3") 
  Monitor-1: DP-1 res: 1920x1080 hz: 60 dpi: 92 size: 531x299mm (20.9x11.8") 
  diag: 609mm (24") 
  Monitor-2: DP-3 res: 1920x1080 hz: 60 dpi: 92 size: 531x299mm (20.9x11.8") 
  diag: 609mm (24") 
  Monitor-3: DP-4 res: 2560x1440 hz: 60 dpi: 109 size: 597x336mm (23.5x13.2") 
  diag: 685mm (27") 
  OpenGL: renderer: Radeon RX 570 Series (POLARIS10 DRM 3.35.0 
  5.4.89-1-MANJARO LLVM 11.0.1) 
  v: 4.6 Mesa 20.3.3 direct render: Yes 
  Device-1: AMD Ellesmere HDMI Audio [Radeon RX 470/480 / 570/580/590] 
  vendor: XFX Pine driver: snd_hda_intel v: kernel bus ID: 08:00.1 
  chip ID: 1002:aaf0 
  Device-2: AMD Starship/Matisse HD Audio vendor: ASRock driver: snd_hda_intel 
  v: kernel bus ID: 0a:00.4 chip ID: 1022:1487 
  Device-3: Thomann SC450USB type: USB driver: snd-usb-audio bus ID: 7-3:5 
  chip ID: 1346:0002 
  Sound Server: ALSA v: k5.4.89-1-MANJARO 
  Device-1: Intel I211 Gigabit Network vendor: ASRock driver: igb v: 5.6.0-k 
  port: f000 bus ID: 04:00.0 chip ID: 8086:1539 
  IF: enp4s0 state: up speed: 1000 Mbps duplex: full mac: <filter> 
  IF-ID-1: br-c140d5a2719d state: down mac: <filter> 
  IF-ID-2: docker0 state: up speed: N/A duplex: N/A mac: <filter> 
  IF-ID-3: veth436a780 state: up speed: 10000 Mbps duplex: full mac: <filter> 
  Local Storage: total: 1.14 TiB used: 344.29 GiB (29.4%) 
  SMART Message: Unable to run smartctl. Root privileges required. 
  ID-1: /dev/sda maj-min: 8:0 vendor: Western Digital model: WD1002FAEX-00Z3A0 
  size: 931.51 GiB block size: physical: 512 B logical: 512 B speed: 6.0 Gb/s 
  serial: <filter> rev: 1D05 
  ID-2: /dev/sdb maj-min: 8:16 vendor: Samsung model: SSD 850 PRO 256GB 
  size: 238.47 GiB block size: physical: 512 B logical: 512 B speed: 6.0 Gb/s 
  serial: <filter> rev: 4B6Q 
  ID-1: / raw size: 221.25 GiB size: 216.78 GiB (97.98%) 
  used: 63.24 GiB (29.2%) fs: ext4 dev: /dev/sdb1 maj-min: 8:17 
  ID-2: /home raw size: 931.51 GiB size: 915.89 GiB (98.32%) 
  used: 281.04 GiB (30.7%) fs: ext4 dev: /dev/sda1 maj-min: 8:1 
  Kernel: swappiness: 60 (default) cache pressure: 100 (default) 
  ID-1: swap-1 type: partition size: 17.21 GiB used: 0 KiB (0.0%) priority: -2 
  dev: /dev/sdb2 maj-min: 8:18 
  System Temperatures: cpu: 57.5 C mobo: 38.0 C gpu: amdgpu temp: 45.0 C 
  Fan Speeds (RPM): fan-1: 0 fan-2: 1616 fan-3: 0 fan-4: 0 fan-5: 533 
  fan-6: 3237 fan-7: 0 gpu: amdgpu fan: 1095 
  Processes: 344 Uptime: 33m wakeups: 5 Memory: 62.75 GiB 
  used: 5.15 GiB (8.2%) Init: systemd v: 247 Compilers: gcc: 10.2.0 
  clang: 11.0.1 Packages: pacman: 1862 lib: 472 flatpak: 0 Shell: Zsh v: 5.8 
  running in: yakuake inxi: 3.2.02 


I found a partial solution to that - using i3 instead of xfwm4 as the window manager. Now I still have mouse focus but the drop-down terminal doesn’t disappear when pamac acts over-smart.

It’s not a “solution” but rather a hacky workaround that isn’t suitable for inexperienced users.

This is why.


As far as I’m aware this is still the default behaviour and it is still a nuisance. I’ve started killing the polkit-kde-authentication-agent processes when working in order to get a sensible password prompt for the duration and I don’t think that’s exactly the smartest way to handle this.

Either I can disable focus stealing, mouse over to the password GUI, type it in, hope the terminal regains focus when it closes and if not then alt-tab back to it.
Or i can allow focus stealing, type blindly into the password box because it takes focus but appears hidden behind yakuake, hit enter and hope that I didn’t just send my user pass to a chat window or other program that stole focus while i was typing instead by accident.

It’s made even worse because polkit doesn’t even have an authentication grace period like sudo does, it pops open every single flipping time.