The approach I would take in this case, and as indicated here, is to boot into recovery mode (or "single user" mode), then fix the permissions on the /etc/sudoers file.
That answer is for Ubuntu, but the same approach should work regardless of distribution.
If you for some reason cannot boot into recovery mode, then I would suggest that you use a Live medium (CD, USB) and fix the permissions from there.
Answer from anon on Stack ExchangeThe approach I would take in this case, and as indicated here, is to boot into recovery mode (or "single user" mode), then fix the permissions on the /etc/sudoers file.
That answer is for Ubuntu, but the same approach should work regardless of distribution.
If you for some reason cannot boot into recovery mode, then I would suggest that you use a Live medium (CD, USB) and fix the permissions from there.
Fix it on Debian releases using
apt install policykit-1
cannot use pkexec - Support - Whonix Forum
GUI not starting due to missing `pkexec` (Debian 12 KDE)
v4l2 Virtual camera - Start Button logs: sh: 1: pkexec: not found
python - pkexec "no such file or directory found" when trying to execute a binary from a script - Stack Overflow
How to configure pkexec to avoid getting errors when run GUI applications?
I found two possible ways:
As you can see, using the following:
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY geditwill not get you any error. And this is normal because
man pkexecis very clear in this matter:[...] pkexec will not allow you to run X11 applications as another user since the $DISPLAY and $XAUTHORITY environment variables are not set.[...]As result you can create an (permanent) alias (this is the simpliest way):
alias pkexec='pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY'Or, (again) as
man pkexecsays:[...] These two variables will be retained if the org.freedesktop.policykit.exec.allow_gui annotation on an action is set to a nonempty value; this is discouraged, though, and should only be used for legacy programs.[...]you can create a new policy file in
/usr/share/polkit-1/actionsnamedcom.ubuntu.pkexec.gedit.policywith the following xml code inside where the most important thing is to setorg.freedesktop.policykit.exec.allow_guito a nonempty value:<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> <policyconfig> <action id="com.ubuntu.pkexec.gedit"> <message gettext-domain="gparted">Authentication is required to run gedit</message> <icon_name>gedit</icon_name> <defaults> <allow_any>auth_admin</allow_any> <allow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin</allow_active> </defaults> <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gedit</annotate> <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> </action> </policyconfig>
How to tell it to not ask for a password after the first time applying it to a command?
For these three setting tags: allow_any, allow_inactive and allow_active from the policy file, the following options are available:
- no: The user is not authorized to carry out the action. There is therefore no need for authentication.
- yes: The user is authorized to carry out the action without any authentication.
- auth_self: Authentication is required but the user need not be an administrative user.
- auth_admin: Authentication as an administrative user is require.
- auth_self_keep: The same as auth_self but, like
sudo, the authorization lasts a few minutes. - auth_admin_keep: The same as auth_admin but, like
sudo, the authorization lasts a few minutes.
Source: Polkit - Structure - Actions
So, if you use auth_admin_keep option (or, as applicable, auth_self_keep), pkexec will not ask for a password again for some time (by default this time is set to 5 minutes as I checked). The disadvantage here is that this thing is applicable only for one - the same - command / application and valid for all users (unless if it is overruled in later configuration).
Where to save the configuration file if not yet existing?
Configuration files or polkit definitions can be divided into two kinds:
Actions are defined in XML .policy files located in
/usr/share/polkit-1/actions. Each action has a set of default permissions attached to it (e.g. you need to identify as an administrator to use the GParted action). The defaults can be overruled but editing the actions files is NOT the correct way. The name of this policy file should have this format:com.ubuntu.pkexec.app_name.policyAuthorization rules are defined in JavaScript .rules files. They are found in two places: 3rd party packages can use
/usr/share/polkit-1/rules.d(though few if any do) and/etc/polkit-1/rules.dis for local configuration. The .rules files designate a subset of users, refer to one (or more) of the actions specified in the actions files and determine with what restrictions these actions can be taken by that/those user(s). As an example, a rules file could overrule the default requirement for all users to authenticate as an admin when using GParted, determining that some specific user doesn't need to. Or isn't allowed to use GParted at all.
Source: Polkit - Structure
Is there a GUI application to configure pkexec usage?
From what I know, until now (18.01.2014) doesn't exist something like this. If in the future I will find something, I will not forget to update this answer too.
In addition to Radu's answer: I would not use the alias pkexec, but gksudo.
Why? You don't need to rewrite your script.
I use the following configuration:
- open a terminal
cd /usr/local/binsudo gedit gksudo(create new file called "gksudo"write the following content:
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $@(don't forget the
$@at the end. This is for redirecting all parameters)
save and quit
- make the file executable:
chmod 755 gksudo - Now you should have a fully functional gksudo command available on your system - permanently.
For documentation reasons, I will write, what I tried and didn't work out:
- alias pkexec='pkexec env [...]'
- alias gksudo='pkexec [...]'
- Was not permanent and did only stay in one single terminal
- adding the alias to
~/.bash_aliases- Works if you first open a terminal. Does not work, if you doubleclick scripts
- Create a link to pkexec with parameters (
ln -s pkexec [...])- After a quick googleing, it seems like linux doesn't support parameters in links
Hello everyone, I have xfce DE and pkexec thunar just doesnt work. I was trying to add custom actions to thunar for opening the current folder in root.
❯ pkexec thunar . thunar: Failed to initialize Xfconf: Cannot autolaunch D-Bus without X11 $DISPLAY Unable to init server: Could not connect: Connection refused (thunar:11436): Gtk-WARNING **: 10:49:42.324: cannot open display:
this is the error I got
Really there is some kind of hack to use pkexec instead of sudo to launch application without specific PolicyKit .policy file. We need to specify missed environment variables as shown below:
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY kubuntu-driver-manager
Experimentally I discovered that it needs only one /usr/share/polkit-1/actions/org.freedesktop.policykit.policy file for operation.
To launch a program with pkexec a proper .policy file for that program needs to be present in the /usr/share/polkit-1/actions directory. It has nothing to do with which graphical toolkit (Gtk or Qt) is used.