Derek: The criteria is that you hit this bug on a certain package. ;-) I think most packages should be fixed, even if a small minority should keep using allow_active: it can only be useful when e.g. managing hardware, sound, mounted devices, etc. In these cases, only the current user should be allowed to run the action. But in most cases, it's too much of a restriction, and if you feel the need for the change, it's probably that it should happen.
One way to find these packages is to run grep -R "<allow_any>no" /usr/share/polkit-1/actions/ and then check each file and try to guess whether the use of allow_active only is legetimate or not. Then, file a bug uptsream and open a bug watch here. Ben: One reason why GDM devs haven't replied can be that upstream's 3.0 uses GSettings for gdmsetup, and doesn't suffer from the bug. Ubuntu would need to check that. Other maintainers might be more responsive. If you fear that people will make the same mistake in the future, then you can write a simple patch the the Polkit tutorial. Notably, the example config file could have <allow_any>auth_admin</allow_any> instead of "no", or a comment could explain what reasonable defaults are. You can find them at: http://cgit.freedesktop.org/PolicyKit/tree/docs -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to system-tools-backends in Ubuntu. https://bugs.launchpad.net/bugs/221363 Title: Policy Kit Unlock Buttons Greyed Out when using NX / VNC / LTSP Status in FreeNX open source NX Server: Fix Released Status in GDM: The Gnome Display Manager: New Status in PolicyKit: Invalid Status in system-tools-backends: Fix Released Status in “policykit” package in Ubuntu: Invalid Status in “policykit-1” package in Ubuntu: Invalid Status in “system-tools-backends” package in Ubuntu: Triaged Bug description: I installed 8.04 LTS server on a system. Then installed ubuntu- desktop using apt. Installed Nomachine's NX server and connected to it. The unlock buttons on Users and Groups or Network are greyed out and un-accessible. Tried running from a term 'sudo users-admin' with the same results. Works fine with VNC and NX "Shadow" session however this is not really acceptable as it means a session has to be running on console first. I have tried to enable every option in Authorizations to allow the remote session to have privileges to no avail. output of dpkg relevant packages: ii gnome-system-t 2.22.0-0ubuntu Cross-platform configuration utilities for G ii liboobs-1-4 2.22.0-0ubuntu GObject based interface to system-tools-back ii policykit 0.7-2ubuntu7 framework for managing administrative polici ii system-tools-b 2.6.0-0ubuntu7 System Tools to manage computer configuratio ================ == Workarounds == ================ 1) *Jaunty or older* From https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/238799/comments/16 (the packages from comment 24 are broken links now): I was able to get access via VNC tunneled through SSH by changing the following settings in policykit. You can do it locally via Authorizations, or you can do it remotely using "sudo ck-launch- session polkit-gnome-authorization" in a terminal window in your tunneled VNC session. This worked on Ubuntu 9.04 Server RC running xubuntu-desktop, so as always YMMV. For system configuration, change all implicit authorizations under org -> freedesktop -> systemtoolsbackends -> Manage System Configuration (org.freedesktop.systemtoolsbackends.set) to "Admin Authentication." For user management, change all implicit authorizations under org -> freedesktop -> systemtoolsbackends -> self -> Change User Configuration (org.freedesktop.systemtoolsbackends.self.set) to "Authentication." Reset gdm by rebooting or running "sudo /etc/init.d/gdm restart" from a terminal window, and you should be able to unlock the user settings control panel and other similarly useful things through your tunneled VNC session. 2) *Karmic or newer* Apply this patch: http://launchpadlibrarian.net/39471473/polkit-systemtools-remote-allow.patch # sudo cp -a /usr/share/polkit-1/actions/org.freedesktop.SystemToolsBackends.policy /usr/share/polkit-1/actions/org.freedesktop.SystemToolsBackends.policy.ori # sudo patch /usr/share/polkit-1/actions/org.freedesktop.SystemToolsBackends.policy polkit-systemtools-remote-allow.patch Then kill polkitd, it will be restarted automatically: # sudo pkill polkitd To manage notifications about this bug go to: https://bugs.launchpad.net/freenx-server/+bug/221363/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
