[SOLVED] Linux Debian 9 GUI don't accept sudo and asks for root password
Linux - DesktopThis forum is for the discussion of all Linux Software used in a desktop context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux Debian 9 GUI don't accept sudo and asks for root password
Hello. I've just installed Debian 9.
Code:
Linux Qhari06 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06) x86_64 GNU/Linux
When I use applications like Synaptic or when I try to mount a partition I need to give a password. With prior versions of Debian I used to enter my password as sudo and it was enough. But now I need to enter the root password. From terminal I can launch Synaptic with gksudo without problems. I've used gksu-properties both with sudo and from root and I've changed the authentication mode to "sudo" but the problem remains. Both in Gnome and KDE occurs this behavior.
I'm the only user and I've sudo privileges.
Code:
sudo -l -U jmea
[sudo] password for jmea:
Matching Defaults entries for jmea on Qhari06:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User jmea may run the following commands on Qhari06:
(ALL : ALL) ALL
I would prefer not to use the root password. There are some way to solve this problem?.
I wonder if this is a polkit issue. On my Debian 9, there's a polkit file for synaptic called /usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy. So that is what synaptic is going to use for authentication if it is run via pkexec (which it probably will be if run from a menu). What counts as an administrator is listed in /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf. It says you must be a member of the sudo group to use your own password as an administrative password. If you have given yourself sudo rights in any other way (by name, or via the wheel group) it probably doesn't count.
You could check on this quickly by opening a terminal and running pkexec synaptic. If you get the same results as for the graphical launch, then polkit is to blame.
In my case, the installation process included SUDO on my system but my username (the only one by now) was not included as sudoer. I used visudo from root and I've sudo privileges (you can see the first post).
You could check on this quickly by opening a terminal and running pkexec synaptic. If you get the same results as for the graphical launch, then polkit is to blame.
I can run pkexec only as sudo
Code:
$ pkexec synaptic
Cannot run program synaptic: No such file or directory
$ sudo pkexec synaptic
[the program launches OK]
Quote:
On my Debian 9, there's a polkit file for synaptic called /usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy. So that is what synaptic is going to use for authentication if it is run via pkexec (which it probably will be if run from a menu).
Code:
$ cat /usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<action id="com.ubuntu.pkexec.synaptic">
<message>Authentication is required to run the Synaptic Package Manager</message>
[... the same message in various languages ...]
<icon_name>synaptic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/synaptic</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
Quote:
What counts as an administrator is listed in /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf.
I don't understand well but it looks like all is OK. I want also to clarify that the problem is not only with Synaptic but with other authentication messages e.g. for mounting a partition.
Also I note that sudo group exists on my system but admin group not exists.
and Synaptic runs without administrative privileges. If I use
Code:
$ sudo /usr/sbin/synaptic
the program runs OK.
On the other hand, the problem is solved although I'm not sure why because I did not change any configuration file. The only changes on my system since yesterday are:
1) Yesterday I executed
Code:
$ sudo pkexec synaptic
while I was testing the suggestions of hazel
2) Although I already had sudo privileges by having used visudo, yesterday I executed from root
Code:
# adduser jmea sudo
3) Today I've executed
Code:
$ sudo apt-get update
4) I've executed a few minutes ago
Code:
$ sudo /usr/sbin/synaptic
Now when I open Synaptic from Gnome the program asks for my password and not the root password. The same occurs when I mount a partition. Thanks all.
2) Although I already had sudo privileges by having used visudo, yesterday I executed from root
Code:
# adduser jmea sudo
Now when I open Synaptic from Gnome the program asks for my password and not the root password. The same occurs when I mount a partition. Thanks all.
That confirms my theory. By adding a user who belongs to the sudo group, you made it possible for programs that use polkit to recognise this user as an administrator. I am in the sudo group on my Debian Stretch system and I can use synaptic with my own password too.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.