How to prevent system applications (like the Software Center) from asking for password?

security password xubuntu sudo policykit

I'd like Software Center, Update Manager and some other system management applications to work without asking for password (like sudo does if configured with NOPASSWD) but only asking for a confirmation instead, or even without any confirmation. At the same time I wouldn't like to use no user password at all. Is this reachable?


Ubuntu Software Center authorization uses policy kit. When requested for the authentication during the remove action you can expand the "Details" pointer to see the action that is being invoked. It's org.debian.apt.install-or-remove-packages . You can change the corresponding policy to not request for authentication:

Edit /usr/share/polkit-1/actions/org.debian.apt.policy, search for org.debian.apt.install-or-remove-packages, then find for the defaults section, replace auth_admin and auth_admin_keep with yes .


Adding to joão-pinto's answer, since software center now uses snapcraft's policies, the file to be modified should be this one:

/usr/share/polkit-1/actions/io.snapcraft.snapd.policy

look for the policy with id io.snapcraft.snapd.manage and change all entries under defaults to yes.

You should have this:

  <action id="io.snapcraft.snapd.manage">
    <description gettext-domain="snappy">Install, update, or remove packages</description>
    <message gettext-domain="snappy">Authentication is required to install, update, or remove packages</message>
    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

Tested on Ubuntu 20.04.1 LTS


Towards a more generic solution

Since the policies/actions can change from version to version (there are two other answers mentioning two other different files), the best way to handle this is:

  • Install some package for testing
  • Check /var/log/auth.log
  • Identify the file used and the action and make the changes according to this

After installing a package, the entries in /var/log/auth.log were these:

Apr 13 02:06:14 dragon PackageKit: uid 1000 is trying to obtain org.freedesktop.packagekit.package-install auth (only_trusted:1)
Apr 13 02:06:25 dragon polkitd(authority=local): Operator of unix-session:1 successfully authenticated as unix-user:jgr to gain TEMPORARY authorization for action org.freedesktop.packagekit.package-install for system-bus-name::1.79 [/usr/bin/python3 /usr/bin/software-properties-gtk] (owned by unix-user:jgr)
Apr 13 02:06:25 dragon PackageKit: uid 1000 obtained auth for org.freedesktop.packagekit.package-install

I've searched and found the file where the action is:

sudo grep -l -r "org.freedesktop.packagekit.package-install" /usr/share/polkit-1/
/usr/share/polkit-1/actions/org.freedesktop.packagekit.policy

Using this information, on my Ubuntu 20.04.2 LTS, I edit the following file: /usr/share/polkit-1/actions/org.freedesktop.packagekit.policy.

The I've changed the <defaults> on action: <action id="org.freedesktop.packagekit.package-install"> to:

    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>

Related

Best VNC / remote desktop software for assistance
How to resolve "Segmentation fault (core dumped)"
Installing the driver for TP-LINK TL-WN727N on Ubuntu 14.04
Which logs should I pay attention to?
Easy backup/restore of installed system?
What is the relationship between MIME types and File .extensions?
Qt5 installation and path configuration
Apt-Get Update: failure to fetch; can't connect to any sources
Ubuntu 20.04 black screen after installing, no booting
How to enable hibernation in 15.04?
How do you set the title of the active gnome-terminal from the command line? [duplicate]
How can I remove the Skype panel icon?