36 hours ago
After installing chrome-remote-desktop on Ubuntu 21.10 it seems to mess up polkit permissions. It asks for my password 3 times after logging in (color profiles, remote repositories, color management?), and it asks for my password when modifying NetworkManager in any way. I know how to solve the NM issue, but why should I be doing any of this all of a sudden? This has happened many times in the past after installing chrome-remote-desktop, and I avoided it for years, but I need it now.
31 hours ago
I dont know why exactly this is necessary after installing chrome remote desktop, but if you want to get rid of it, you need to configure polkit to run certain actions with elevated privileges. From what I understand you are searching for polkit configuration files (.plka, put under /etc/polkit-1/localauthority/*.d/, or .conf, put under /etc/polkit-1/localauthority.conf.d/) like these:
/etc/polkit-1/localauthority/*.d/
/etc/polkit-1/localauthority.conf.d/
polkit.addRule(function(action, subject) { if ((action.id == "org.freedesktop.color-manager.create-device" || action.id == "org.freedesktop.color-manager.create-profile" || action.id == "org.freedesktop.color-manager.delete-device" || action.id == "org.freedesktop.color-manager.delete-profile" || action.id == "org.freedesktop.color-manager.modify-device" || action.id == "org.freedesktop.color-manager.modify-profile") && subject.isInGroup("{users}")) { return polkit.Result.YES; } });
EDIT: I deleted this, because it can cause a segfault error to appear, according to this post: http://c-nergy.be/blog/?p=12043).
Instead, a pkla-file can be created that does the same job:
/etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
[Allow Colord all Users] Identity=unix-user:* Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile ResultAny=no ResultInactive=no ResultActive=yes
/etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla
[Allow Package Management all Users] Identity=unix-user:* Action=org.freedesktop.packagekit.system-sources-refresh ResultAny=yes ResultInactive=yes ResultActive=yes
/etc/polkit-1/localauthority/50-local.d/org.freedesktop.NetworkManager.pkla
[nm-applet] Identity=unix-user:* # alternatively, to allow users of group netdev only: Identity=unix-group:netdev Action=org.freedesktop.NetworkManager.* ResultAny=yes ResultInactive=no ResultActive=yes
Hope it helps someone - cheers!