[SOLVED] polkit rule from archwiki does not work?

Frontear · 2023-10-03 01:28:39

Trying to use the following polkit rule from the archwiki, https://wiki.archlinux.org/title/Polkit#Globally

(Re)starting polkit.service has an error, i dont use polkit in the slightest besides the fact that I have to for certain programs, so I dont know whats going on here, copied 100% from the wiki:

● polkit.service - Authorization Manager
     Loaded: loaded (/usr/lib/systemd/system/polkit.service; static)
     Active: active (running) since Mon 2023-10-02 21:20:57 EDT; 7min ago
       Docs: man:polkit(8)
   Main PID: 7058 (polkitd)
      Tasks: 4 (limit: 14009)
     Memory: 2.2M
        CPU: 93ms
     CGroup: /system.slice/polkit.service
             └─7058 /usr/lib/polkit-1/polkitd --no-debug

Oct 02 21:20:57 frontear-net systemd[1]: Starting Authorization Manager...
Oct 02 21:20:57 frontear-net polkitd[7058]: Started polkitd version 123
Oct 02 21:20:57 frontear-net polkitd[7058]: Loading rules from directory /etc/polkit-1/rules.d
Oct 02 21:20:57 frontear-net polkitd[7058]: Loading rules from directory /usr/share/polkit-1/rules.d
Oct 02 21:20:57 frontear-net polkitd[7058]: Error loading script /etc/polkit-1/rules.d/49-nopasswd_global.rules
Oct 02 21:20:57 frontear-net polkitd[7058]: Finished loading, compiling and executing 3 rules
Oct 02 21:20:57 frontear-net polkitd[7058]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Oct 02 21:20:57 frontear-net systemd[1]: Started Authorization Manager.

Last edited by Frontear (2023-10-03 06:50:55)

Awebb · 2023-10-03 05:05:54

journalctl -b -u polkit.service

Frontear · 2023-10-03 06:15:18

Awebb wrote:

journalctl -b -u polkit.service

$ journalctl -b -u polkit.service
Oct 03 02:11:12 frontear-net systemd[1]: Starting Authorization Manager...
Oct 03 02:11:12 frontear-net polkitd[524]: Started polkitd version 123
Oct 03 02:11:12 frontear-net polkitd[524]: Loading rules from directory /etc/polkit-1/rules.d
Oct 03 02:11:12 frontear-net polkitd[524]: Loading rules from directory /usr/share/polkit-1/rules.d
Oct 03 02:11:12 frontear-net polkitd[524]: Error loading script /etc/polkit-1/rules.d/49-nopasswd_global.rules
Oct 03 02:11:12 frontear-net polkitd[524]: Finished loading, compiling and executing 3 rules
Oct 03 02:11:12 frontear-net systemd[1]: Started Authorization Manager.
Oct 03 02:11:12 frontear-net polkitd[524]: Acquired the name org.freedesktop.PolicyKit1 on the system bus

Unfortunately no extra information besides "Error loading", like what we saw in systemctl status.

For clarity, let me also attach my actual rules file, who knows maybe I typed something wrong somehow:

# cat /etc/polkit-1/rules.d/49-nopasswd_global.rules
polkit.addRule(function(action, subject) {
    if (subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});

Perhaps its a permissions thing?

# ls -lah /etc/polkit-1/rules.d
total 12K
drwxr-x--- 2 root polkitd 4.0K Oct  2 21:30 .
drwxr-xr-x 3 root root    4.0K Sep 23 18:33 ..
-rw------- 1 root root     125 Oct  2 21:30 49-nopasswd_global.rules

Frontear · 2023-10-03 06:31:55

Follow up: It turns out it was indeed the permissions, I ran chmod 644 /etc/polkit-1/rules.d/49-nopasswd_global.rules and systemctl restart polkit and suddenly it can read it fine. Could someone elaborate on why systemd can't read the file? I mean yeah, I can see its designated that only root can read it, but afaik systemd runs at root level no? Does systemd run it in own user or something?

seth · 2023-10-03 06:40:51

This has nothing to do w/ systemd.

ps aux | grep polkitd

Use root:polkitd / 640

Edit: signal error between brain and fingers

Last edited by seth (2023-10-03 06:52:26)

Frontear · 2023-10-03 06:50:43

seth wrote:

This has nothing to do w/ systemd.
ps aux polkitd
Use root:polkitd / 640

Done, I've been very stupid about permissions without realizing (set umask 077 in my standard user which followed when i sudo escalate), causing a lot of files to have root-only perms (0600), which is, well, not ideal, especially now that I'm seeing this.

Arch Linux

#1 2023-10-03 01:28:39

[SOLVED] polkit rule from archwiki does not work?

#2 2023-10-03 05:05:54

Re: [SOLVED] polkit rule from archwiki does not work?

#3 2023-10-03 06:15:18

Re: [SOLVED] polkit rule from archwiki does not work?

#4 2023-10-03 06:31:55

Re: [SOLVED] polkit rule from archwiki does not work?

#5 2023-10-03 06:40:51

Re: [SOLVED] polkit rule from archwiki does not work?

#6 2023-10-03 06:50:43

Re: [SOLVED] polkit rule from archwiki does not work?

Board footer