Bugzilla – Bug 1219981
Root authorisation required after TW update
Last modified: 2024-02-20 19:58:58 UTC
Created attachment 872783 [details] Authorisation prompt for NetworkManager After a Tumbleweed update a bit more than a week ago, I face the following issues: * Certain operations require authorisation as root such as control of network operations by NetworkManager or mounting devices (added screenshots) * After initiating a system shutdown, I end up with a blank screen (with mouse pointer), but the system does not shutdown. I need to login into a virtual console as root and shutdown the computer manually. I attached an extract of the system journal after the shutdown request, which does not show anything unusual, as far as I can tell. Conclusion: System is no longer usable without root access.
Created attachment 872784 [details] Authorisation prompt for mount
Created attachment 872785 [details] Journal extract after shutdown request
Hello and thanks for reporting this to us. Regarding the authorisation issues security team can help to investigate. It sounds like some kind of global setting is wrong. Regarding the system shutdown I suppose this is a separate issue and we should create a separate bug and find another group of people to investigate. From the log you shared it looks like this could be a KDE issue also, since it is a KDE specific shutdown action that is called. Otherwise the log shows no interesting info on first sight. I couldn't find any recent discussions on the Factory mailing list about bugs in this direction so it might something specific to your installation. For debugging the authorisation issues let's look into the udisks mounting. Please perform the following steps: 1) log into the graphical session, don't provide the password for mounting storage, if asked for. 2) open a root shell and run G_MESSAGES_DEBUG=all /usr/libexec/polkit-1/polkitd --replace |& tee /root/polkit.log and keep it running. 3) open another root shell and run journalctl -f >/root/journal.log and keep it running. 4) try to mount the storage device using udisks on the command line. This needs to be done in a regular user shell in the graphical session: # find out the block device you want to mount e.g. DEVICE sdb udisksctl status # now try to mount it udisksctl mount -b /dev/sdb1 Step 4) should show a password dialog if the bug persists. You can enter the password or cancel, it doesn't matter. After this please attach the logs from /root/polkit.log and /root/journal.log in this bug. Thanks!
Hi Matthias, thanks for your prompt reply. I didn't find anything on the Factory mailing list either, so it's reasonable to assume that the problem is installation specific. I did as requested and attached the two log files. Kind regards Axel
Created attachment 872809 [details] journal.log from comment #3
Created attachment 872810 [details] polkit.log from comment #3
Thank you for providing the logs. The good news is that in general Polkit stills seems to be sane and working. But it looks like your system has ended up using the 'restrictive' polkit-default-privs policy. This requires a lot of `auth_admin` compared to the 'standard' or 'easy' policy. You can find detailed information about the configuration of Polkit here: https://en.opensuse.org/openSUSE:Security_Documentation#Configuration_of_Polkit_Settings You should check your settings in /etc/sysconfig/security, particularly the setting for POLKIT_DEFAULT_PRIVS. See also the documentation found in there about what other factors might influence the policy selected there. Any change to the policy settings only becomes effective after running the `set_polkit_default_privs` utility as root.
Matthias, thank you very much for your analysis. In fact, I seem to have made an indirect change to the security settings that I was not aware of, so I confused it with the impact of an update. I am very sorry for filing this bug reasonless and wasting your time. The shutdown issue is solved as well. Best regards Axel