GNOME Bugzilla – Bug 649042
gdm.policy settings silently disallow gdmsetup Unlock on remote sessions
Last modified: 2018-05-24 10:34:38 UTC
I run a completely headless Ubuntu Linux box, which I routinely log into via x2go and/or SSH. When I run gdmsetup, the Unlock button does nothing and I get no message on the console. There's a bug on launchpad.net against policykit ( https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/221363 ), in which people have mentioned that this is a bug in various .policy files in /usr/share/polkit-1/actions. I was able to fix this for gdmsetup by changing "allow_active" to "allow_any" on the following line in gdm.policy: <allow_active>auth_admin_keep</allow_active> I'm filing this against gdm because Ubuntu's package management lists gdm as the package that installs /usr/share/polkit-1/actions/gdm.policy. I should also mention that this does not fix the separate issue of gdmsetup being unresponsive when launched with root privileges via sudo/gksudo/gksu.
Forgot to mention that this was encountered in both Ubuntu 10.10 (Maverick) x64 and 11.04 (Natty) x64, and I didn't figure out how to fix it until I had already upgraded to the latter.
To be clear, the problem is that PolicyKit doesn't consider remote sessions as active. So services that don't really need the active/inactive distinction should use allow_any. I think this is the case for most auth_admin services, since admins should be allowed to do anything they want, disregarding the kind of session they're using.
Update: This also affects x2go remote sessions of GNOME 3 running in Ubuntu 11.04 (Natty) x64 (installed from ppa:gnome3-team/gnome3, running in fallback mode because it's a remote session). The fix/workaround for GNOME 3 is the same.
I was able to get around this by setting my NX client to launch gnome via "gnome-session --session=classic-gnome" . No sure if this helps or not.
I'm using CentOS and haven't dug into it in the past, but this problem has plagued Gnome when trying to access adminstrative programs (like yumex or user configuration). I would like to do a lot of my work from a remote X display via XDMCP -- and in the past it didn't (and still does not) work. Until I found this thread and tried it out on YUMEX's /usr/share/polkit-1/actions//org.yum-extender.backend.policy by changing: <allow_any>no</allow_any> to <allow_any>auth_admin_keep</allow_any> and sure enough -- it works. (by prompting me for a password instead of just blowing up) I'm using Cygwin/X X server v1.11.2 on WinXP Pro 32b/SP3 as one platform currently.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gdm/issues/63.