Polkit-1 and the original account name

Aug 23 08:54:44 rpi polkit-agent-helper-1[19494]: pam_sss(polkit-1:auth): authentication failure; logname= uid=558 euid=0 tty= ruser=support rhost= user=support
Aug 23 08:54:44 rpi polkit-agent-helper-1[19494]: pam_sss(polkit-1:auth): received for user support: 10 (User not known to the underlying authentication module)

It would seem pamac uses polkit-1 to authenticate, but it passes the account name of support which is the account originally created during the install. I would think it should pass the current userid.

Is this considered a bug?

A username is for us humans to tell them apart.

Linux uses numeric UID and GID internally.

Apart from that username should be considered at time of creation as they are difficult to change later on.

How does this first account differ from other accounts? How is it special?
I am unable to authenticate authorize against polikit-1, as my current user id. I would think any account that is a member of the wheel group should be able to authenticate authorize to run pamac.

id {uname}

uid=558(uname) ... 998(wheel) ...

grep ID_MIN /etc/login.defs

UID_MIN                   500
SYS_UID_MIN               500
GID_MIN                   500
SYS_GID_MIN               500

Add a line in /etc/sudoers

Copy the line for root but make it your user id name instead of root?

Should work?

Save exit reboot

I have no issue running the sudo command, the issue is pamac-manager will only authorize when the password for userid 1000 is entered when prompted, my user account should work, at least in my opinion.

Twisted, sorry.

I would simply disable polkit but I fear the system is put together with the expectation that it exists, and is operational.

The Arch wiki has this to say:
Your user needs to be listed as a member of the group in /etc/group . Merely having it as your primary group does not work with polkit.

This may be where the issue resides… network authentication does not use local files.

I edited the local group file with vigr, and yes, this is exactly the issue. Polkit accesses the local /etc/group file, not by checking groups via pam.d.

I do not believe this issue is properly resolvable in a network authentication environment without a code change to polkit.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.