Bug 31003

Summary: Launching drakx11 as user fails to get authorization
Product: Mageia Reporter: papoteur <yvesbrungard>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, lewyssmith
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description papoteur 2022-10-22 07:22:17 CEST 
Launching drakx11 as user open a dialog to get superuser credentials. However it always fails to get authorization.
The same for XFdrake.

The application is OK when launched from console in root.
Comment 1 Dave Hodgins 2022-10-22 08:11:24 CEST 
It's working on my system, a fully up-to-date cauldron plasma install.

Try "urpmi --replacefiles --replacepkgs polkit".

CC: (none) => davidwhodgins

Comment 2 papoteur 2022-10-22 08:33:07 CEST 
(In reply to Dave Hodgins from comment #1)
> Try "urpmi --replacefiles --replacepkgs polkit".
Same problem.
drakx11
Error executing command as another user: Not authorized

This incident has been reported.

I get also the problem in Mageia 8.
Comment 3 papoteur 2022-10-22 08:35:47 CEST 
When the dialog is displayed, I had a look to processes:
ps -aux |grep pol
root          42  0.0  0.0      0     0 ?        I<   06:47   0:00 [edac-poller]
yves       27351  0.0  2.3 715160 48720 ?        Sl   07:09   0:02 /usr/bin/lxqt-policykit-agent
polkitd    34233  0.1  1.0 2752336 22232 ?       Ssl  08:30   0:00 /usr/lib/polkit-1/polkitd --no-debug
root       34564  0.1  0.2  13132  5156 ?        S    08:33   0:00 /usr/lib/polkit-1/polkit-agent-helper-1 yves
root       34579  0.0  0.1 183280  2132 pts/1    S+   08:33   0:00 grep --color pol
Comment 4 papoteur 2022-10-22 08:50:50 CEST 
I just see that the password is asked for user, not for superuser.

Resolution: (none) => INVALID
Status: NEW => RESOLVED

Comment 5 Dave Hodgins 2022-10-22 19:29:04 CEST 
Note that you can use draksec to control which password (if any) is required for
the drak tools. For example you can set it so that regular users can install
updates using mgaapplet without a password.
Comment 6 Lewis Smith 2022-10-26 12:35:24 CEST 
Thanks for this info. It was a revelation to me. I hunted and found it in MCC under 'Security-Configure authority for Mageia tools'.
Everything was set to default [user].

One of my permanent Mageia grouches is the default use (like Debian based systems) of the *user* password to do everything which really should have *root* privilege. Even if you are the sole user of the system, this offers no advantage because you have to type a password anyway - ignoring that you can change this.

CC: (none) => lewyssmith

Comment 7 Dave Hodgins 2022-10-26 16:53:15 CEST 
Keep in mind that with mageia the default changes depending on the msec security
level. I believe that if you choose secure level for msec, that it requires
the root password for pretty much everything in mcc. It's been a while since
I've tested that, so don't remember for sure.

The security level is selected during install or can be changed using msecgui.
mcc/Security/Configure system security, permissions and audit/Security settings/
Basic security.
Comment 8 Lewis Smith 2022-10-27 12:20:25 CEST 
Again, thanks for this info.