Trying to connect to tigervnc server running on Ubuntu 18.04 (using TigerVNC viewer windows client). After the initial authentication, I get an additional authentication prompt that reads "Authentication is required to create a color pr...". This happens only for the first login following a tigervnc server restart. Is there anyway I can bypass this?
Asked
Active
Viewed 1.3k times
6
-
glitches like this KILLS chances of Ubuntu going mainstream ... getting this on Ubuntu 24.04 for no reason the popup window just appears upon logging in ... for me this has nothing to do with any vnc server – John Scott Stensland Jun 20 '24 at 19:02
2 Answers
6
I fixed this by creating this file and setting perms to 644, and owner root:root:
Filename: /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
Contents:
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" ||
action.id == "org.freedesktop.color-manager.create-profile" ||
action.id == "org.freedesktop.color-manager.delete-device" ||
action.id == "org.freedesktop.color-manager.delete-profile" ||
action.id == "org.freedesktop.color-manager.modify-device" ||
action.id == "org.freedesktop.color-manager.modify-profile"
) && (
subject.isInGroup("{nogroup}")
)
)
{
return polkit.Result.YES;
}
});
wryan
- 189
-
2Can you explain how you came up with that, why it works, or where you got the info from? – Dogweather Sep 11 '18 at 22:01
-
A really good write-up on this can be found here: https://c-nergy.be/blog/?p=12073 – ulidtko Apr 23 '20 at 17:18
-
Besides:
... && subject.isInGroup("{nogroup}")makes no sense. Just delete or comment-out the check. This is JavaScript. – ulidtko Apr 23 '20 at 17:20
2
Let me just extract the concrete fix for 18.04 only from the sequel to this excellent blog post. The latter drills down to the root cause of this issue; the former fixes it properly — while avoiding a crash caused by the return polkit.Result.YES; solution already posted here and elsewhere.
cat << EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF
This is relevant only for PolKit < 0.106 (pkaction --version).
For PolKit 0.106+ (Ubuntu 18.10+) this authorization is granted differently, via the javascript .conf file:
cat << EOF | sudo tee /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" ||
action.id == "org.freedesktop.color-manager.create-profile" ||
action.id == "org.freedesktop.color-manager.delete-device" ||
action.id == "org.freedesktop.color-manager.delete-profile" ||
action.id == "org.freedesktop.color-manager.modify-device" ||
action.id == "org.freedesktop.color-manager.modify-profile"
//-- no group restriction; allow any user to manipulate color profiles!
//-- uncomment and substitude adm with the group you need, if needed.
// ) && (
// subject.isInGroup("{adm}")
))
{
return polkit.Result.YES;
}
});
EOF
ulidtko
- 6,026