Languages

User login
Create new account

Navigation

Recent donations

Joel Bowman
donated $ 2.00

libretto
donated € 50.00

fabrizio bianchi
donated € 20.00

ouyang shiquan
donated MXN 0.01

knife
donated € 150.00

Donate now!

bc1q3t3vxjhd3dmvg3cfn24k4l7n4mf750utpp75hn

Submitted by Lappi on Wed, 01/07/2026 - 00:15

software update did not ask for authentication

Please read and follow the Community Guidelines.

5 replies [Last post]

Wed, 01/07/2026 - 00:15

Lappi

Offline

Joined: 05/29/2022

Checked for updates via System --> Administration --> Software Updater. There wasn't much to update, only something for the system. After pressing 'install now', however, it did not ask for authentication. Is this normal, or is there something wrong? Thanks in advance for answer!

Wed, 01/07/2026 - 13:22

Avron

I am a translator!

Offline

Joined: 08/18/2020

I am not an expert on this, but I understand that Trisquel uses a component called polkit that is designed to allow certain programs to perform actions that normally require special priviledge, without the need to be superuser.

On my system, I see the file /usr/share/polkit-1/rules.d/com.ubuntu.desktop.rules that includes rules about authorized actions. One of these rules is:

// Update already installed software
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.apt.upgrade-packages" &&
subject.active == true && subject.local == true &&
subject.isInGroup("sudo")) {
return polkit.Result.YES;
}
});

From the comment, it seems to allow updating already installed software without the need for extra authentication. So maybe that was the case?

From the details and the manual page, this is only possible if the user is in the "sudo" group (so a guest cannot do that) and when the user has an active session and the "seat" (no clue what this is) is local. Maybe that would be false for some kind of remote usage? (not sure).

Wed, 01/07/2026 - 22:10

prospero

Offline

Joined: 05/20/2022

> the "seat"

https://www.freedesktop.org/software/systemd/man/latest/sd-login.html#seat

Thu, 01/08/2026 - 22:47

Avron

I am a translator!

Offline

Joined: 08/18/2020

Thanks. Looking at https://www.freedesktop.org/wiki/Software/systemd/multiseat/ made me try the loginctl command.

I see that:
- my local session has a seat
- my ssh session has Remote=yes
- the session I started with machinectl from my ssh session has Remote=no
- both the ssh session and the session started with machinectl have no seat

That makes me wonder what a non-local seat is.

Fri, 01/09/2026 - 09:18

prospero

Offline

Joined: 05/20/2022

> both the ssh session and the session started with machinectl have no seat

My understanding is that they are in fact seated on a remote machine, so their seats do not exist from the point of view of the local machine. From the point of view of an admin or someone writing documentation, they are "non-local".

You could start a VNC session and see if Software Updater lets you remotely upgrade installed packages without asking for a password. It seems to be the default behavior from a local session.

Wed, 01/07/2026 - 21:24

Ark74

I am a member!

I am a translator!

Offline

Joined: 07/15/2009

If you have identified your sudo-capable-user within a span of 5 minutes before. Then the system validates it's you. After 5 minutes you need to pass the sudo user password.