Drift/issues
17
1
Issues 181 Wiki Activity

Fix NixOS polkit rule for defaulting to current user upon password request #288

New Issue
Open
opened 2026-01-16 20:44:39 +01:00 by oysteikt · 5 comments
oysteikt commented 2026-01-16 20:44:39 +01:00
Owner
Copy Link

There is a polkit rule in place that is supposed to choose which user should write the password upon actions like sudo - without this, polkit will first ask who in the list of wheel users you want to enter the password for (which is slightly annoying, especially when the numbers change). But this rule does not work as intended. You can find it in the base directory in the pvv nixos config.

See also: https://superuser.com/questions/1312042/is-there-a-way-to-make-the-polkit-agent-default-to-the-currently-logged-in-user

There is a polkit rule in place that is supposed to choose which user should write the password upon actions like `sudo` - without this, polkit will first ask who in the list of `wheel` users you want to enter the password for (which is slightly annoying, especially when the numbers change). But this rule does not work as intended. You can find it in the `base` directory in the pvv nixos config. See also: https://superuser.com/questions/1312042/is-there-a-way-to-make-the-polkit-agent-default-to-the-currently-logged-in-user
oysteikt added the bugnixos labels 2026-01-16 20:44:39 +01:00
oysteikt added this to the Kanban project 2026-01-16 20:44:39 +01:00
oysteikt moved this to Low priority in Kanban on 2026-01-16 20:44:48 +01:00
danio commented 2026-01-17 22:10:02 +01:00
Owner
Copy Link

w-what?

w-what?
oysteikt commented 2026-01-17 22:47:13 +01:00
Author
Owner
Copy Link
[oysteikt@bekkalokk:~]$ systemctl restart nginx
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to restart 'nginx.service'.
Multiple identities can be used for authentication:
 1.  (0_0) (adriangl)
 2.  albertba
 3.  alfhj
 4.  amalieem
 5.  danio
 6.  eirikwit
 7.  felixalb
 8.  frero
 9.  jonmro
 10.  basement dweller (oysteikt)
 11.  kul kis (pederbs)
 12.  noe (vegardbm)
Choose identity to authenticate as (1-12):

why would it ask me this if it knows I'm oysteikt lmao

``` [oysteikt@bekkalokk:~]$ systemctl restart nginx ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ==== Authentication is required to restart 'nginx.service'. Multiple identities can be used for authentication: 1. (0_0) (adriangl) 2. albertba 3. alfhj 4. amalieem 5. danio 6. eirikwit 7. felixalb 8. frero 9. jonmro 10. basement dweller (oysteikt) 11. kul kis (pederbs) 12. noe (vegardbm) Choose identity to authenticate as (1-12): ``` why would it ask me this if it knows I'm `oysteikt` lmao
💀 1
oysteikt commented 2026-01-21 02:28:21 +01:00
Author
Owner
Copy Link

There's seemingly an option security.polkit.adminIdentities that might fix this

There's seemingly an option `security.polkit.adminIdentities` that might fix this
oysteikt commented 2026-01-28 11:59:54 +01:00
Author
Owner
Copy Link

There's seemingly an option security.polkit.adminIdentities that might fix this

Tried this, apparently it just doubles all the users...

> There's seemingly an option `security.polkit.adminIdentities` that might fix this Tried this, apparently it just doubles all the users...
danio commented 2026-01-29 14:09:46 +01:00
Owner
Copy Link

hahahaha

hahahaha
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
dns
Involves modifications to dvask
 exploration
See the galaxy!
 gitea
mail
epost nord
 new stuff
Adds a new service / new functionality
 openstack
NUTN OpenStack, more like closed stack
 services
Everything regarding selfhosted services
 software
Everything regarding homebrewn software
art
The issue needs someone to be creative
 backup
big
No, not bug, **big** - this is gonna take a while
 blocked
This issue/PR depends on one or more other issues/PRs
 bug
Something is not working, and it's not the shield hero
 crash report
Report an oopsie
 disputed
kranglefanter
 documentation
Documentation changes required
 duplicate
This issue or pull request already exists
 enhancement
New feature
 good first issue
Get your hands dirty with a new project here
 logging
networking
TTM4100
 nixos
Requires changes to our nixos setup
 question
More information is needed
 salt
Requires changes to our salt setup
 security
Skommel
 servers n' hardware
Regards hardware, servers or VMs
 wontfix
This won't be fixed
No Label bug nixos
Milestone
No items
No Milestone
Projects
Clear projects
No project Kanban
Assignees
Clear assignees
adriangl albertba alfhj bjornoka chrisfjo chrivi danio davidk dungby eirikwit felixalb frero jonmro jovre karolds knuta krisleri larshhan olived oysteikt pederbs root torsteno vegardbm yorinad
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Drift/issues#288
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?