After installing Chrome Remote Desktop polkit permissions are all skrewed up

Tags:

Answer: 1

36 hours ago

After installing chrome-remote-desktop on Ubuntu 21.10 it seems to mess up polkit permissions. It asks for my password 3 times after logging in (color profiles, remote repositories, color management?), and it asks for my password when modifying NetworkManager in any way. I know how to solve the NM issue, but why should I be doing any of this all of a sudden? This has happened many times in the past after installing chrome-remote-desktop, and I avoided it for years, but I need it now.

Added by: Caleigh Hoeger

Answer: 2

31 hours ago

I dont know why exactly this is necessary after installing chrome remote desktop, but if you want to get rid of it, you need to configure polkit to run certain actions with elevated privileges. From what I understand you are searching for polkit configuration files (.plka, put under /etc/polkit-1/localauthority/*.d/, or .conf, put under /etc/polkit-1/localauthority.conf.d/) like these:

- allows any user to manage color profiles on their own (`/etc/polkit-1/localauthority.conf.d/02-allow-colord.conf`):
polkit.addRule(function(action, subject) {
 if ((action.id == "org.freedesktop.color-manager.create-device" ||
 action.id == "org.freedesktop.color-manager.create-profile" ||
 action.id == "org.freedesktop.color-manager.delete-device" ||
 action.id == "org.freedesktop.color-manager.delete-profile" ||
 action.id == "org.freedesktop.color-manager.modify-device" ||
 action.id == "org.freedesktop.color-manager.modify-profile") &&
 subject.isInGroup("{users}")) {
 return polkit.Result.YES;
 }
});

EDIT: I deleted this, because it can cause a segfault error to appear, according to this post: http://c-nergy.be/blog/?p=12043).

Instead, a pkla-file can be created that does the same job:

  • allows any user to manage color profiles on their own (/etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla):
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
  • allows any user to refresh system sources (/etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla):
[Allow Package Management all Users]
Identity=unix-user:*
Action=org.freedesktop.packagekit.system-sources-refresh
ResultAny=yes
ResultInactive=yes
ResultActive=yes
  • (might need this aswell) allows any users to do network changes on their own, like joining vpn and such (/etc/polkit-1/localauthority/50-local.d/org.freedesktop.NetworkManager.pkla):
[nm-applet]
Identity=unix-user:* # alternatively, to allow users of group netdev only: Identity=unix-group:netdev
Action=org.freedesktop.NetworkManager.*
ResultAny=yes
ResultInactive=no
ResultActive=yes 

Hope it helps someone - cheers!

Added by: Mariane Bernhard

Popular Search

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9