{"id":13,"is_content":1,"post_type":"post","post_title":"After installing Chrome Remote Desktop polkit permissions are all skrewed up","slug":"after-installing-chrome-remote-desktop-polkit-permissions-are-all-skrewed-up","source_value":"https:\/\/askubuntu.com\/questions\/1390324\/after-installing-chrome-remote-desktop-polkit-permissions-are-all-skrewed-up","fake_user_id":48915,"published_at":"2021-07-02T12:10:38.000000Z","view_count":0,"deleted_at":null,"created_at":"2022-02-01T10:07:09.000000Z","updated_at":"2022-11-28T02:17:27.000000Z","content":[{"id":8538015,"post_id":13,"fake_user_id":72777,"content_dec":"<div class=\"s-prose js-post-body\" itemprop=\"text\">&#xD;\n                &#xD;\n<p>After installing chrome-remote-desktop on Ubuntu 21.10 it seems to mess up polkit permissions. It asks for my password 3 times after logging in (color profiles, remote repositories, color management?), and it asks for my password when modifying NetworkManager in any way. I know how to solve the NM issue, but why should I be doing any of this all of a sudden? This has happened many times in the past after installing chrome-remote-desktop, and I avoided it for years, but I need it now.<\/p>\n    <\/div>","created_at":"2022-11-28T02:17:27.000000Z","updated_at":"2022-11-28T02:17:27.000000Z"},{"id":8538016,"post_id":13,"fake_user_id":84632,"content_dec":"<div class=\"s-prose js-post-body\" itemprop=\"text\">&#xD;\n<p>I dont know why exactly this is necessary after installing chrome remote desktop, but if you want to get rid of it, you need to configure <strong>polkit<\/strong> to run certain actions with elevated privileges.\nFrom what I understand you are searching for polkit configuration files (.plka, put under <code>\/etc\/polkit-1\/localauthority\/*.d\/<\/code>, or .conf, put under <code>\/etc\/polkit-1\/localauthority.conf.d\/<\/code>) like these:<\/p>\n<del>\n- allows any user to manage color profiles on their own (`\/etc\/polkit-1\/localauthority.conf.d\/02-allow-colord.conf`):<\/del> \n<del>\n<pre><code>polkit.addRule(function(action, subject) {\n if ((action.id == \"org.freedesktop.color-manager.create-device\" ||\n action.id == \"org.freedesktop.color-manager.create-profile\" ||\n action.id == \"org.freedesktop.color-manager.delete-device\" ||\n action.id == \"org.freedesktop.color-manager.delete-profile\" ||\n action.id == \"org.freedesktop.color-manager.modify-device\" ||\n action.id == \"org.freedesktop.color-manager.modify-profile\") &amp;&amp;\n subject.isInGroup(\"{users}\")) {\n return polkit.Result.YES;\n }\n});\n<\/code><\/pre>\n<\/del>\n<p>EDIT: I deleted this, because it can cause a <strong>segfault error<\/strong> to appear, according to this post: <a href=\"http:\/\/c-nergy.be\/blog\/?p=12043\" rel=\"nofollow noreferrer\">http:\/\/c-nergy.be\/blog\/?p=12043<\/a>).<\/p>\n<p>Instead, a pkla-file can be created that does the same job:<\/p>\n<ul>\n<li>allows any user to manage color profiles on their own (<code>\/etc\/polkit-1\/localauthority\/50-local.d\/45-allow-colord.pkla<\/code>):<\/li>\n<\/ul>\n<pre><code>[Allow Colord all Users]\nIdentity=unix-user:*\nAction=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile\nResultAny=no\nResultInactive=no\nResultActive=yes\n<\/code><\/pre>\n<ul>\n<li>allows any user to refresh system sources (<code>\/etc\/polkit-1\/localauthority\/50-local.d\/46-allow-update-repo.pkla<\/code>):<\/li>\n<\/ul>\n<pre><code>[Allow Package Management all Users]\nIdentity=unix-user:*\nAction=org.freedesktop.packagekit.system-sources-refresh\nResultAny=yes\nResultInactive=yes\nResultActive=yes\n<\/code><\/pre>\n<ul>\n<li><em>(might need this aswell)<\/em> allows any users to do network changes on their own, like joining vpn and such (<code>\/etc\/polkit-1\/localauthority\/50-local.d\/org.freedesktop.NetworkManager.pkla<\/code>):<\/li>\n<\/ul>\n<pre><code>[nm-applet]\nIdentity=unix-user:* # alternatively, to allow users of group netdev only: Identity=unix-group:netdev\nAction=org.freedesktop.NetworkManager.*\nResultAny=yes\nResultInactive=no\nResultActive=yes \n<\/code><\/pre>\n<p>Hope it helps someone - cheers!<\/p>\n    <\/div>","created_at":"2022-11-28T02:17:27.000000Z","updated_at":"2022-11-28T02:17:27.000000Z"}],"tags":[{"id":39,"slug":"remote-desktop","name":"Remote-Desktop","suggest":0,"count":1039,"tag_group_id":null,"description":null},{"id":40,"slug":"policykit","name":"Policykit","suggest":0,"count":138,"tag_group_id":null,"description":null}],"tagged":[{"id":44,"taggable_id":13,"taggable_type":"App\\Models\\Post","tag_name":"Remote-Desktop","tag_slug":"remote-desktop","tag":{"id":39,"slug":"remote-desktop","name":"Remote-Desktop","suggest":0,"count":1039,"tag_group_id":null,"description":null}},{"id":45,"taggable_id":13,"taggable_type":"App\\Models\\Post","tag_name":"Policykit","tag_slug":"policykit","tag":{"id":40,"slug":"policykit","name":"Policykit","suggest":0,"count":138,"tag_group_id":null,"description":null}}]}