No escalation to superuser

[kunaltyagi]

Launching as normal user just performs nothing (visually). On the command line,

$ gufw
==== AUTHENTICATING FOR com.ubuntu.pkexec.gufw ====
Authentication is required to run the Firewall Configuration
Authenticating as: Kunal (kunaltyagi)
Password:
polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ====
Error executing command as another user: Not authorized

This incident has been reported.

Why is there no escalation to superuser? Incidentally, my user has sudo privileges and an escalation to sudo (or gui fallback for sudo) would resolve this.

[costales]

Hi, Which version are you using? (Distro & Gufw). Best regards.

Costales.

[kunaltyagi]

GUFW version: 19.10.0-1 Distro: Arch Linux (KDE as Desktop Env)

[costales]

Hi, Could you run from shell? $ gufw Thanks in advance

[kunaltyagi]

@costales I did run from shell and post the log above

[costales]

Could you run this one?

cat /usr/bin/gufw

Thanks in advance.

[kunaltyagi]

$ cat /usr/bin/gufw
#!/bin/sh
if [ $(loginctl show-session $(loginctl|grep $(whoami)|sort -n|tail -n 1 |awk '{print $1}') -p Type) = "Type=wayland" ]; then
xhost +si:localuser:root
fi
c_user=$(whoami)
pkexec gufw-pkexec $c_user
if [ $(loginctl show-session $(loginctl|grep $(whoami)|sort -n|tail -n 1 |awk '{print $1}') -p Type) = "Type=wayland" ]; then
xhost -si:localuser:root
fi

[s2hsieh]

I had the same issue on Xubuntu 19.10

I found a solution where editing this line in /usr/bin/gufw did the trick change this line "pkexec gufw-pkexec $c_user" to "pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gufw-pkexec $c_user" Remember to remove the quotes

Also, make sure you start PolicyKit on startup if it isn't already.

[kunaltyagi]

Policykit on startup

$ systemctl status polkit.service 
● polkit.service - Authorization Manager
Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: disabled)
...
$ ps aux | grep polkit
polkitd    609  0.0  0.0 1939224 17900 ?       Ssl  Nov27   0:58 /usr/lib/polkit-1/polkitd --no-debug
$ cat /usr/lib/systemd/system/polkit.service
[Unit]
Description=Authorization Manager
Documentation=man:polkit(8)

[Service]
Type=dbus
BusName=org.freedesktop.PolicyKit1
ExecStart=/usr/lib/polkit-1/polkitd --no-debug

So, polkit is running. And your modifications for the env variable's didn't have any effect on my system (same errors)

BUT that provided a hint. I found this which works perfectly. Essentially, start and end a pkttyagent for authentication.

I made a minimal bash file which doesn't throw any error:

$ cat test.bash
#! /usr/bin/env bash

# start pkttyagent for this shell, so pkexec is able to ask for authentication
_SHPID=$BASHPID
pkttyagent -p "$_SHPID" &
_PKPID=$!

pkexec sudoedit /etc/hosts

# Kill pkttyagent process
kill "$_PKPID"

If it's ok, I can create the PR.

[costales]

@kunaltyagi Great it worked that propose for you! :) I will not merge this hack because I think this is from your current installation, no more users had this issue. A hug and thanks for your feedback!

[BlueCannonBall]

@kunaltyagi Great it worked that propose for you! :) I will not merge this hack because I think this is from your current installation, no more users had this issue. A hug and thanks for your feedback!

I'm having this issue on Ubuntu 20.04.3 LTS, with gufw from the official repos.

[jm355]

I'm also getting this issue on arch linux, gufw version 22.04-1. I tried the bash script (replacing the pkexec line with "gufw") and it didn't seem to work. Maybe it's related to using wayland? I'm using sway.

[s4mdf0o1]

same issue on Raspbian GNU/Linux 12 (bookworm), with openbox over wayland, launched in xterm