Linux permissions go beyond chmod. Learn how groups, sudo, and modern policy systems control services, reboot, and system-level authority.
More details here: https://ostechnix.com/linux-permissions-privileges-groups-sudo/
#LinuxPermissions #LinuxPrivileges #LinuxSecurity #Linuxadmin #Linuxcommands #Linuxhowto #sudo #Polkit #Systemd
This is how to make the “Install pending software updates” checkbox go away in GNOME
If you’re using GNOME, and when you tell it you want to shut down or reboot your system it pops up a confirmation dialog with an “Install pending software update” checkbox in it, and the checkbox is checked by default, and you want to make that checkbox go away or at least be unchecked by default, then you’ve come to the right place.
There’s no perfect way to do this. Below I talk about two imperfect solutions that are available. If you think there should be an easier way, feel free to weigh in here. The GNOME developers are skeptical that anyone wants or needs this, but maybe if enough people ask for it they will reconsider.
Imperfect solution one: Open the preferences for the GNOME Software app and change “Software Updates” there from “Automatic” to “Manual”. Caveats:
Imperfect solution two: Create the file /etc/polkit-1/rules.d/99-disable-offline-update.rules, owned by user “root” and group “polkitd”, with the following contents:
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.packagekit.trigger-offline-update")) {
return polkit.Result.NO;
}
});Caveat: This will disable all attempts to trigger offline updates, not just the checkbox that shows up when you try to shutdown or restart your system. This means, for example, that you won’t be able to trigger “Restart and install…” updates from inside the GNOME Software app either.
#GNOME #PackageKit #PolkitI hate debugging issues related to #polkit and #systemd. Neither of them generates logmessages when shit fails and for neither of them you get useful error messages.
And you also can't just strace systemd without first setting up a minimalisting test system as otherwise you'll obviously never find what you're looking for in all of the output spam...
It could be so easy if either of these would log more than just "Access denied" (when executed as root at least...)
🚀 quickshell-polkit-agent v2.0.0 is out!
Major architectural overhaul: switched from proactive FIDO detection to a PAM-reactive model. The agent now responds to PAM prompts instead of trying to control auth flow.
✨ What's new:
• GDM-inspired authentication state machine
• 22 integration tests with 100% pass rate
• Podman-based E2E testing infrastructure
• Rich error handling & state tracking APIs
• Performance optimizations (<2ms state transitions)
🔧 Breaking changes:
• Removed auto-FIDO logic (now handled by PAM/pam_u2f)
• Simplified state machine (no more TRYING_FIDO states)
• Cleaner authentication flow: IDLE → INITIATED → WAITING_FOR_PASSWORD → AUTHENTICATING → COMPLETED
🐛 Fixed use-after-free bugs, race conditions, and timeout issues
github.com/bennypowers/quickshell-polkit-agent/releases/tag/v2.0.0
#Linux #Polkit #Qt6 #Authentication #FIDO2 #Quickshell #Gentoo
Today’s side quest involved allowing polkit policy files to be validated at build time using `xmllint`: https://github.com/polkit-org/polkit/pull/601
Linux Security EXPOSED! The Truth About polkit on openSUSE Tumbleweed
https://www.youtube.com/watch?v=cFSVEdrCWwM
#opensuse #opensuseleap #opensusetumbleweed #leap #tumbleweed #microos #slowroll #aeon #leapmicro #suse #sysadmin #linux #LinuxSecurity #Polkit #LinuxTutorial #SystemAdministration #PolicyKit #SysAdmin #JavaScript #LinuxTips #DesktopLinux
A couple notable related writeups
A great primer on #dbus and #polkit that clearly shows how brittle they are
https://u1f383.github.io/linux/2025/05/25/dbus-and-polkit-introduction.html
An amazing #linux #kernel #vulnerability research and #exploit development writeup
https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/
I'm still puzzled by the fact that the distribution chose to do this
#InfoSec #Linux #distribution #OpenSource #POSIX #POLKIT #DBUS
Nutzt hier jemand einen kartenleser unter unbuntu linux?
Und das funkzjoniert nach dist-upgrade nicht mehr? Das hier hilft vielleicht.
Am I missing some #environmentVariable when running #dnf with #run0, it throws at me 203 #exitcode
I checked the run0 and dnf #manpage, but found nothing specific :/
Anyway, run0 still is better than #sudo, as i like having #gnome show me #polkit password dialog, and I know then at least I will enter that password into correct application.
sighs
The other day #PolKit updated or something related to it did on our #Gentoo installation and now our backlight asks for the root password whenever we want to lower or increase the brightness with the keyboard keys when it didn't before.
To be clear we can find nothing of use on the wiki etc, we have looked.
Can any of y'all help please?
2/3
* También depende del entorno gráfico: #gvfs (#gnome, #xfce) o el equivalente en #kde (creo que es #kio), que suelen montar en /run/media.
* Configuraciones personalizadas de #polkit pueden hacer que los usuarios puedan montar discos en diferentes ubicaciones.
* El mismo udisks2 permite cambiar configuraciones para montar automáticamente en otros directorios.
* Y por supuesto, el montaje manual y uso de /etc/fstab puede permitirnos montar directorios no estándar.
👇
I've daily-driven #OpenSuSE #Tumbleweed in the past. A coupe times, actually.
No real major complaints. Some issues were that the YaST-based installer was kind of obtuse (e.g., very easy to miss the option to set the hostname). I'm not one to hate on YaST. I don't need my configuration tool / systems-management tool to be all pretty or written in Flutter or whatever. But the installer was kind of obtuse, if featureful.
My biggest complaint is that they don't set up #PolKit out of the box, and you're expected to use the root password for things like setting up printers in the GUI. Not to be too snippy, but that was unacceptable in 2005, and it's crazy wrong-headed in 2025. But I know there's a way to set that up, so I need to look into it.
I'm very interested in OpenSuSE #SlowRoll. If that comes out in the next few months, that could be an awesome contender.
So, yeah, actually, thanks for reminding me to look into OpenSuSE some more. :neocat_floof_happy:
I want to try #OpenSuSE #Tumbleweed again. My only turn-off from it was that zypper is a little slow as a cli package manager goes (not a huge deal), and that they didn't have #PolKit enabled by default, so setting up things like your printer required using the root password, which is brain dead.
I really hope they have that last one fixed, because it's just arguably the wrong approach, and should be treated as a bug.
💡 Perfctl: una minaccia silenziosa ai server Linux
https://gomoot.com/perfctl-una-minaccia-silenziosa-ai-server-linux
#aqua #aquasecteam #blog #cve #linux #malware #news #picks #polkit #rocketmq #server #sicurezza #stealth #tech #tecnologia
TIL that #polkit rules are JavaScript and wtf?
Herunterfahren und Neustart unter Ubuntu 22.04 deaktivieren:
Mit nur zwei Befehlen verhinderst du effektiv, dass Remote-Benutzer:innen einen virtuellen PC mit Ubuntu 22.04.4 LTS neu starten oder herunterfahren können.
https://andersgood.de/kurz-notiert/herunterfahren-und-neustart-unter-ubuntu-22-04-deaktivieren
lxpolkit is one program which will allow you to run something which requires polkit. (such as #synaptic) Necessary for window managers / compositors which don't use a desktop environment, such as sway.
For synaptic using X Windows, you will also need to give root access to your server. Do this with xhost.
xhost SI:localuser:root
should do the trick. You may need this on Wayland as well, as synaptic interfaces with X.
