| by Arround The Web | No comments

Disable Password Authentication Popups in Ubuntu 24.04

When launching some apps (e.g., GParted, Synaptic, or Grub Customizer), install/uninstall packages with App Center or Software Updater, it always pops-up a dialog asking for admin password to authenticate.

This is great for security! But for lazy men who don’t want to type user password again and again after logged in (or unlocked screen), it may be OK to disable the authentication window when using their computers at home or other safe places.

Password Authentication Pop-up in Ubuntu

NOTE 1: For security, it’s NOT recommended to disable the authentication. You MUST know what you’re going to do, and do it at your own risk!

NOTE 2: This tutorial is tested and works on Ubuntu 24.04 and Debian 12. It should also work in Linux Mint 22, but NOT for Ubuntu 22.04 and earlier.

About Polkit:

Ubuntu and many other Linux use polkit for controlling system-wide privileges. It’s an authentication framework that provides a finer control of access rights for graphical desktop environments.

When a graphical application need to do a registered action that requires admin/root permission, polkit can control which user (or user in which group) that runs the app is authorized with or without password authentication.

Unlike sudo for command line, polkit does not grant root permission to an entire process, but allows specific privileges to a user or group on an as-needed basis.

And, here I’m going to show you how to configure polkit to disable password authentication for either global or specific actions, when running with certain user or group.

Option 1: Disable Password Authentication Globally for Certain Users

NOTE: Option 1 and option 2 do NOT stop your system from asking password when running sudo command in terminal. It only works for graphical authentication pop-ups! See option 3 if you need for sudo command.

1. First, press Ctrl+Alt+T on keyboard to open up a terminal window. When it opens, run command create & edit a config file under /etc/polkit-1/rules.d/ directory:

sudo gnome-text-editor /etc/polkit-1/rules.d/49-nopasswd_global.rules

For non-GNOME desktop, replace gnome-text-editor in command with your favorite text editor, or use nano that works in most desktops.

2. When file opens, add the lines below and replace user “ji” to yours:

/* Allow members in "ji" group to execute any actions
 * without password authentication.
 */
polkit.addRule(function(action, subject) {
    if (subject.isInGroup("ji")) {
        return polkit.Result.YES;
    }
});

In the code above, it adds a rule for all registered actions, while:

  • subject.isInGroup("ji"), means all users in group “ji” (user “ji” is of course in group “ji”). You can add more users into this group for the rule. Or, replace it with subject.user == "ji", so it only works for this user only.
  • return polkit.Result.YES;, means authorize without any authentication! You may replace YES with:
    • NO – never allowed.
    • AUTH_ADMIN – need to enter admin user password to authenticate.
    • AUTH_SELF – need to enter user’s own password to authenticate.
    • AUTH_ADMIN_KEEP – similar to AUTH_ADMIN, but no need to re-enter the password for a certain duration (usually 5 min) when running same action by same app.
    • AUTH_SELF_KEEP – see AUTH_ADMIN_KEEP, though it asks user’s own password.

After saved the file (for nano, press Ctrl+S to save, then Ctrl+X to exit), the rule should apply immediately!

Option 2: Disable Password Authentication for Specific Actions

For security reason, it’s not safe to disable the authentication pop-up globally. But it seems less dangerous to disable it for some actions, such as install updates through “Software Updater”.

1. Find out all registered actions.

In the case, you need to first find out all the registered actions. They differ depends on your desktop and installed apps.

Most of the polkit actions are defined by the .policy files under ‘/usr/share/polkit-1/actions’ directory. To list them, open terminal (Ctrl+Alt+T) and run command:

pkaction

Or run pkaction --verbose to list more info about the registered actions, thus it can be easier to find out which actions to use in next step.

2. Create/Edit polkit config file.

Like option 1, run command below to create a config file (also replace gnome-text-editor accordingly):

sudo gnome-text-editor /etc/polkit-1/rules.d/49-nopasswd_limit.rules

When file opens, add similar lines below:

/* Allow members in "ji" group to execute the defined actions
 * without password authentication.
 */
polkit.addRule(function(action, subject) {
    if ((action.id == "org.debian.apt.upgrade-packages" ||
         action.id == "org.debian.apt.install-or-remove-packages" ||
         action.id == "example.action.remove.if_no_need" ||
         action.id == "example.action.remove.if_no_need") &&
        subject.isInGroup("ji")) 
    
    {
        return polkit.Result.YES;
    }
});

Here in the “if” sentence, use action.id == "xxx.xxx.xxx.xxx" for the actions you want to configure. You can add as more actions as you want, just use || (logical OR) to separate them, and include all of them in a round brackets.

Finally, add && subject.isInGroup("ji") or && subject.user == "ji" to apply the rule for all the actions you added above running with user “ji” or users in group “ji”.

NOTE: You need to replace action.id values and user “ji” accordingly!

Also, save the file will apply the rule immediately!

Option 3: Disable password authentication for sudo command

This is an optional step has nothing to do with polkit. Also, it’s NOT safe, since it grants root permission to the entire command process. With it, even remote SSH login can run sudo command without password!

1. First, open terminal (Ctrl+Alt+T) and run the command below to make a backup of sudoers file, by copying it to user home directory:

sudo cp /etc/sudoers ~/sudoers.bak

2. Then, run command to edit the sudoers file:

sudo visudo

When file opens in terminal window, scroll down and add the line below:

ji ALL=(ALL) NOPASSWD:ALL

Here, replace ji to your username. Finally, press Ctrl+S to save, and Ctrl+X to exit.

Share Button

Source: UbuntuHandbook

Leave a Reply