Certain settings in the desktop environment require additional authorization like the users section in the settings app. Working locally, it asks for a password and that's it. But in an Xrdp remote desktop session, when I click Unlock..., nothing happens.
Historically, I used to work around this by creating a file like so, and this would remove the checks.
/etc/polkit-1/localauthority/50-local.d/remote-admin.pkla
[Allow full access for administration]Identity=unix-user:myusernameAction=*ResultActive=yesResultInactive=yesResultAny=yesThis does not work anymore in Ubuntu 24.04, apparently because everything is new now in Polkit. I was able to find a new solution by creating a file like this:
/etc/polkit-1/rules.d/49-nopasswd_global.rules
polkit.addRule(function(action, subject) { if (subject.isInGroup("sudo")) { return polkit.Result.YES; }});The problem is that this is basically a hack that disables the additional security checks. How can this be done properly? It should ask for a password in the Xrdp session when I click on Unlock... just like it does in a local session.
I have done a bit of reading and it may be that Xrdp does not work with Gnome's Polkit authentication agent and/or needs a different authentication agent.
My .xsessionrc file looks like this by the way and I am on Ubuntu Server 24.04.1 LTS with ubuntu-desktop-minimal and xrdp installed.
export GNOME_SHELL_SESSION_MODE=ubuntuexport XDG_CURRENT_DESKTOP=ubuntu:GNOME