When launching some apps (e.g., GParted, Synaptic, or Grub Customizer), install/uninstall packages with App Center or Software Updater, it always pops-up a dialog asking for admin password to authenticate.
This is great for security! But for lazy men who don’t want to type user password again and again after logged in (or unlocked screen), it may be OK to disable the authentication window when using their computers at home or other safe places.
NOTE 1: For security, it’s NOT recommended to disable the authentication. You MUST know what you’re going to do, and do it at your own risk!
NOTE 2: This tutorial is tested and works on Ubuntu 24.04 and Debian 12. It should also work in Linux Mint 22, but NOT for Ubuntu 22.04 and earlier.
About Polkit:
Ubuntu and many other Linux use polkit for controlling system-wide privileges. It’s an authentication framework that provides a finer control of access rights for graphical desktop environments.
When a graphical application need to do a registered action that requires admin/root permission, polkit can control which user (or user in which group) that runs the app is authorized with or without password authentication.
Unlike sudo
for command line, polkit does not grant root permission to an entire process, but allows specific privileges to a user or group on an as-needed basis.
And, here I’m going to show you how to configure polkit to disable password authentication for either global or specific actions, when running with certain user or group.
Option 1: Disable Password Authentication Globally for Certain Users
NOTE: Option 1 and option 2 do NOT stop your system from asking password when running sudo
command in terminal. It only works for graphical authentication pop-ups! See option 3 if you need for sudo command.
1. First, press Ctrl+Alt+T
on keyboard to open up a terminal window. When it opens, run command create & edit a config file under /etc/polkit-1/rules.d/
directory:
sudo gnome-text-editor /etc/polkit-1/rules.d/49-nopasswd_global.rules
For non-GNOME desktop, replace gnome-text-editor
in command with your favorite text editor, or use nano
that works in most desktops.
2. When file opens, add the lines below and replace user “ji” to yours:
/* Allow members in "ji" group to execute any actions * without password authentication. */ polkit.addRule(function(action, subject) { if (subject.isInGroup("ji")) { return polkit.Result.YES; } });
In the code above, it adds a rule for all registered actions, while:
subject.isInGroup("ji")
, means all users in group “ji” (user “ji” is of course in group “ji”). You can add more users into this group for the rule. Or, replace it withsubject.user == "ji"
, so it only works for this user only.return polkit.Result.YES;
, means authorize without any authentication! You may replace YES with:NO
– never allowed.AUTH_ADMIN
– need to enter admin user password to authenticate.AUTH_SELF
– need to enter user’s own password to authenticate.AUTH_ADMIN_KEEP
– similar toAUTH_ADMIN
, but no need to re-enter the password for a certain duration (usually 5 min) when running same action by same app.AUTH_SELF_KEEP
– seeAUTH_ADMIN_KEEP
, though it asks user’s own password.
After saved the file (for nano
, press Ctrl+S to save, then Ctrl+X to exit), the rule should apply immediately!
Option 2: Disable Password Authentication for Specific Actions
For security reason, it’s not safe to disable the authentication pop-up globally. But it seems less dangerous to disable it for some actions, such as install updates through “Software Updater”.
1. Find out all registered actions.
In the case, you need to first find out all the registered actions. They differ depends on your desktop and installed apps.
Most of the polkit actions are defined by the .policy
files under ‘/usr/share/polkit-1/actions’ directory. To list them, open terminal (Ctrl+Alt+T) and run command:
pkaction
Or run pkaction --verbose
to list more info about the registered actions, thus it can be easier to find out which actions to use in next step.
2. Create/Edit polkit config file.
Like option 1, run command below to create a config file (also replace gnome-text-editor
accordingly):
sudo gnome-text-editor /etc/polkit-1/rules.d/49-nopasswd_limit.rules
When file opens, add similar lines below:
/* Allow members in "ji" group to execute the defined actions * without password authentication. */ polkit.addRule(function(action, subject) { if ((action.id == "org.debian.apt.upgrade-packages" || action.id == "org.debian.apt.install-or-remove-packages" || action.id == "example.action.remove.if_no_need" || action.id == "example.action.remove.if_no_need") && subject.isInGroup("ji")) { return polkit.Result.YES; } });
Here in the “if” sentence, use action.id == "xxx.xxx.xxx.xxx"
for the actions you want to configure. You can add as more actions as you want, just use ||
(logical OR) to separate them, and include all of them in a round brackets.
Finally, add && subject.isInGroup("ji")
or && subject.user == "ji"
to apply the rule for all the actions you added above running with user “ji” or users in group “ji”.
NOTE: You need to replace action.id values and user “ji” accordingly!
Also, save the file will apply the rule immediately!
Option 3: Disable password authentication for sudo command
This is an optional step has nothing to do with polkit
. Also, it’s NOT safe, since it grants root permission to the entire command process. With it, even remote SSH login can run sudo command without password!
1. First, open terminal (Ctrl+Alt+T) and run the command below to make a backup of sudoers file, by copying it to user home directory:
sudo cp /etc/sudoers ~/sudoers.bak
2. Then, run command to edit the sudoers file:
sudo visudo
When file opens in terminal window, scroll down and add the line below:
ji ALL=(ALL) NOPASSWD:ALL
Here, replace ji to your username. Finally, press Ctrl+S to save, and Ctrl+X to exit.