User rights in Ubuntu are not reflected in GUI

Asked 3 months ago, Updated 3 months ago, 9 views

I created an environment where Ubuntu is connected by XRDP in GCE.Ubuntu is 17.10.

I created a new user with SSH and added it to the sudo group.
But when I logged in to Ubuntu, I found myself a regular user.

Administrator privileges such as usermod-aG, but the desktop user information remains general.

I found a group specific to GCE, so I added it, but it didn't work.

Users of Google accounts have administrator privileges in Ubuntu.
I checked and added the group that the user is participating in.

I installed Ubuntu 17.10 on google cloud platform and connected with xrdp as a remote desktop.

To this end, we created a new general user and joined sudo's group.

However, when I tried to access the desktop and install the software, I got an error saying, "You don't have permission."

Therefore, we have made it possible to use the user with administrator privileges.
I found a group equivalent to admin in GCE, so I joined them.
I have successfully re-logged in, but the user's permissions can be changed in SSH, but not on the desktop.
I'm also logging out of my desktop and getting back in.

After changing user permissions, I couldn't connect to GNOME3 on my desktop, so I installed LXDE after doing a lot of research (because I wanted to connect to VNC).
XRDP and LXDE are able to connect.However, the user's permissions remain normal.
The command confirms that you have successfully changed to administrator privileges.

For example, vino-preferences, you know that you can open a window with the command and configure it, but the GCE cannot use the port, so it is rejected.
I can't even open a window with the command and set it up, so I'm in trouble.

If xrdp allows two users to access it, then Ubuntu can access it by switching to have administrator privileges on its desktop.

If you have any solution, please let me know.

  • I have confirmed that the command has changed to administrator privileges as follows.
    Toggled with su-name.
    Verified by running sudo reboot.
    Also, on the command line, I checked the changed username to the left of @.

  • The desktop user information remains general, as shown in the image below.
    https://gyazo.com/02e0e33d4c943dfd9af506d44bb22ca3

I have confirmed that the command has changed to administrator privileges as follows:
Toggled with su-name.
Verified by running sudo reboot.
Also, on the command line, I checked the changed username to the left of @.

The desktop user information remains general, as shown in the image below.
https://gyazo.com/02e0e33d4c943dfd9af506d44bb22ca3

ubuntu google-cloud

2022-09-30 11:54

2 Answers

When you add a group to a user on Linux, the user's own permissions do not change directly to as more groups belong to that user.
(You can check your group by running id or groups in the command.)

Each file, directory, and command is configured with permissions, and each group you belong to determines how you can access it.

The group sudo that you added in usermod-aG sudo is probably a "allow sudo to run" group (is sudo reboot actually running, right?

As you may be having trouble adding applications, try booting your package manager from the command line via sudo or deploying sudo's GUI front-end gksudo.

$sudo apt install gksudo

add
When I checked the sudo command configuration file /etc/sudoers, I found that the admin, sudo group was configured to allow sudo.In my environment, I was able to execute the sudo command because the general users I created by default also belong to the admin, sudo group.

Also, if you run a command from the GUI that requires root privileges, the GUI front end of sudo should prompt you for password entry.For Ubuntu (GNOME) environments, gksudo above, and for Kubuntu (KDE) environments I tried, kdesudo is the equivalent.

Some people say it doesn't install by default (Reference), so please check and install here.


2022-09-30 11:54

I don't understand the situation as a whole, but I recommend using sudo in cubick's answer.

Polkit

However, Polkit is currently used to manage permissions in major distributions (especially in desktop environments), so if you would like to look into that, please refer to the following:
(If you are a beginner, you don't need to read it.Anyway, if you make sudo available and sudo, there is nothing you can't do.)

Logs

I think Systemd is taking the log, so you can check the installation disapproval by using journalctl-uporkit.service.

# Excerpt
polkitd(authority=local)[868]: Operator of unix-session:3 FAILED to authenticate to gain authorization for action org.freedesktop.packagekit.package-install for system-bus-name:::1.258 [gnome-software] (owned by unix-user)***

Verifying Actions

I understand that the action done on the is org.freedesktop.packagekit.package-install, so I will check this.

$pkaction-v --action-idorg.freedesktop.packagekit.package-install
org.freedesktop.packagekit.package-install:
  description —Install signed package
  message —Authentication is required to install software
  vendor:The PackageKit Project
  vendor_url —http://www.packagekit.org/
  icon —package-x-generic
  implicit any —auth_admin
  implicit inactive —auth_admin
  implicit active —auth_admin_keep

Please refer to the following files:

/var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.packagekit.pkla
/usr/share/polkit-1/rules.d/org.freedesktop.packagekit.rules
/usr/share/polkit-1/actions/org.freedesktop.packagekit.policy

It's around.

Who is the administrator

Who is considered admin depends on the distribution, and the placement of the configuration files may vary, but you can do so by using find/etc/polkit-1/-type f|xargs grep-i admin.


2022-09-30 11:54

If you have any answers or tips


© 2023 OneMinuteCode. All rights reserved.