3

For starting gdm I am using this command sudo systemctl start gdm.service
When I am executing this command directly on the shell, then I am presented with the

[sudo] password for username:

Thats completely understandable as I am using sudo command for the privillages, but when I omit the sudo command then I get this

==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to start 'gdm.service'.
Authenticating as: username
Password:

Actually I have created a script file with permission rwsr-xr-x and the owner of the file is root, and the script's content is:

sudo systemctl start gdm

And when I am executing this, then it should run as root, without asking for password, but it asks this.

[sudo] password for username:

I just want to be able to start gdm without entering the password

Improve this question
3
  • The prompt is normal for non-root systemctl, but is indeed unusual when systemctl is being run by root (via sudo); can you get relevant log messages from journalctl -u polkit -n 50?
    – grawity_u1686
    Commented Sep 7, 2021 at 9:05
  • Are you sure the script is being run as root? Setuid shell scripts are normally disabled.
    – Barmar
    Commented Sep 10, 2021 at 21:51
  • Yes, I am able to run other commands as root from the file @Barmar
    – Afroz Alam
    Commented Sep 11, 2021 at 16:27

1 Answer 1

Reset to default
3

Where is this comming from? Is it the gdm service asking for password or the systemd binary?

It's the systemctl binary. (Or, more precisely, the "start" request goes from systemctl to systemd to the PolicyKit service and then the authentication prompt loops back to "polkit-tty-agent" binary that systemctl spawns.)

If you've ever gotten a full-screen "admin password" prompt in GNOME (such as when you try to change network configuration or run pkexec), this is the exact same thing.

Either way, it's not gdm, as gdm hasn't been started yet.

I am giving sudo permissions then why once again?

That's unclear. This prompt indeed should never be shown when systemctl is run by root, as the systemd code actually skips these checks for uid 0. (At least I think it does. I'll have to re-check.)

In general, PolicyKit is an alternative system whose purpose is to allow things like systemctl to be used without explicitly using sudo and becoming root. It's quite unusual for root to receive an authentication prompt from polkit.

Suggestions:

  • Run journalctl -u polkit -n 100 and look for any messages that mention "gdm" or "manage-units". Do they say "owned by unix-user:root" or "unix-user:You"?

  • Try to run sudo pkexec. This should immediately give a shell without any prompts (whereas running just pkexec should still prompt for admin auth). The pkexec tool is like "su but with more polkit".

  • Reinstall the "polkit" package, to make sure that the default policies in /usr/share/polkit-1 are reset (in case they have been corrupted). I'm not sure if this will work, as systemd itself is supposed to completely skip polkit checks for root (i.e. polkit policies should be irrelevant), but worth a try.

  • Check whether the /run/systemd/private socket exists. When systemctl is running as root, it will use this socket to make a direct connection to systemd (instead of going through D-Bus), and it should likewise completely bypass all polkit checks. sudo strace -e connect systemctl status foo might be useful to check.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .