Polkit? WTF is this again? Actually...

Official docs https://www.freedesktop.org/software/polkit/docs/latest/ (yeah – desktop!) Errors probably in vim /var/log/auth.log grep -r olkit /var/log/*

server polkitd(authority=local): Operator of unix-process:21081:38154187 FAILED to authenticate to gain authorization for action org.freedesktop.systemd1.manage-units for system-bus-name::1.137 [] (owned by unix-user:

root@server:/etc/polkit-1# pkaction com.ubuntu.apport.apport-gtk-root com.ubuntu.apport.root-info com.ubuntu.languageselector.setsystemdefaultlanguage com.ubuntu.release-upgrader.partial-upgrade com.ubuntu.release-upgrader.release-upgrade com.ubuntu.softwareproperties.applychanges com.ubuntu.update-notifier.pkexec.cddistupgrader com.ubuntu.update-notifier.pkexec.package-system-locked org.freedesktop.accounts.change-own-user-data org.freedesktop.accounts.set-login-option org.freedesktop.accounts.user-administration org.freedesktop.hostname1.set-hostname org.freedesktop.hostname1.set-machine-info org.freedesktop.hostname1.set-static-hostname org.freedesktop.locale1.set-keyboard org.freedesktop.locale1.set-locale org.freedesktop.login1.attach-device org.freedesktop.login1.flush-devices org.freedesktop.login1.hibernate org.freedesktop.login1.hibernate-ignore-inhibit org.freedesktop.login1.hibernate-multiple-sessions org.freedesktop.login1.inhibit-block-idle org.freedesktop.login1.inhibit-block-shutdown org.freedesktop.login1.inhibit-block-sleep org.freedesktop.login1.inhibit-delay-shutdown org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch org.freedesktop.login1.inhibit-handle-power-key org.freedesktop.login1.inhibit-handle-suspend-key org.freedesktop.login1.lock-sessions org.freedesktop.login1.manage org.freedesktop.login1.power-off org.freedesktop.login1.power-off-ignore-inhibit org.freedesktop.login1.power-off-multiple-sessions org.freedesktop.login1.reboot org.freedesktop.login1.reboot-ignore-inhibit org.freedesktop.login1.reboot-multiple-sessions org.freedesktop.login1.set-reboot-to-firmware-setup org.freedesktop.login1.set-user-linger org.freedesktop.login1.set-wall-message org.freedesktop.login1.suspend org.freedesktop.login1.suspend-ignore-inhibit org.freedesktop.login1.suspend-multiple-sessions org.freedesktop.policykit.exec org.freedesktop.policykit.lockdown org.freedesktop.systemd1.manage-unit-files org.freedesktop.systemd1.manage-units -> org.freedesktop.systemd1.reload-daemon org.freedesktop.systemd1.reply-password org.freedesktop.systemd1.set-environment org.freedesktop.timedate1.set-local-rtc org.freedesktop.timedate1.set-ntp org.freedesktop.timedate1.set-time org.freedesktop.timedate1.set-timezone root@server:/etc/polkit-1# pka

description

A human readable description of the action, e.g. Install unsigned software.

message

A human readable message displayed to the user when asking for credentials when authentication is needed, e.g. Installing unsigned software requires authentication.

defaults

This element is used to specify implicit authorizations for clients. Elements that can be used inside defaults include:

allow_any

Implicit authorizations that apply to any client. Optional.

allow_inactive

Implicit authorizations that apply to clients in inactive sessions on local consoles. Optional.

allow_active

Implicit authorizations that apply to clients in active sessions on local consoles. Optional.

Each of the allow_any, allow_inactive and allow_active elements can contain the following values:

no

Not authorized.

yes

Authorized.

auth_self

Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended.

auth_admin

Authentication by an administrative user is required.

auth_self_keep

Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise.

auth_admin_keep

Like auth_admin but the authorization is kept for a brief period (e.g. five minutes).

annotate

Used for annotating an action with a key/value pair. The key is specified using the the key attribute and the value is specified using the value attribute. This element may appear zero or more times. See below for known annotations.

vendor

Used for overriding the vendor on a per-action basis. Optional.

vendor_url

Used for overriding the vendor URL on a per-action basis. Optional.

But: XML? No, bever, never!

Ubuntu uses text How do I know? Well there is exactly one non-empty file /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin