and write 2 times the password you want to use, then try again to control network.

on foresight root password its disabled... i think its a problem of polkit configuration

Now changing priority from Critical to Normal because temporal solution is here.

1. gksudo gedit /etc/polkit-1/localauthority.conf.d/60-desktop-admin-policy.conf
2. paste the following contents

[Configuration]
AdminIdentities=unix-group:wheel
ResultAny=no
ResultInactive=no
ResultActive=auth_self_keep

3. Save
4. Try editing Network/Time/etc.

EXPLANATION:

By default, we add the first user on the system to the wheel group upon installation.

The above configuration allows users in the wheel group to make changes in all the places where 'auth_admin' is needed, providing that they are the active user and provide their own password.

Please report back if this works for you so that we can get it integrated.

António, where would a fix like this belong?

Apparently, the framework is in place for using the desktop_user_r and desktop_admin_r groups to do passwordless authentication for a well defined subset of actions that require elevated privileges.

Unfortunately, the first user on the system is not added to those two groups by default, meaning these convenience policies do not take effect on a default install.

I have updated the polkit recipe to include the above fix, which will be installed to /etc/polkit-1 and not /var/lib/polkit-1/ – let's hope it doesn't cause too many issues.

ermo ping me on #foresight-devel when online plz

Please tell me if you want to report another thing. I will erase this system tonight for another testing.

Which parts can't you control? On my systems, the above change appears to give me access to edit all the things in "System->Administration".

Checked this issue with Admin menus.

System -> Administration
+ Add/Remove Software => (a)
+ Network => (b) *1
+ Printing => (a) (I have no printer)
+ Services => (b)
+ Shared Folders => (b)
+ Software Sources => (a) *2
+ Software Update => (a)
+ Time and Date => (b)
+ Users and Groups => (b)

(a)...No need to authenticate. (No dialog)
(b)...Need authenticate. But it's solved after the edited.

BTW:
*1 'black-box' status displayed little bit far from icon on panel.
(1280x1024)
*2 Software sources can not be disable with check box.
(not an impremented?)

Sometimes "auth-dialog" displayed behind another window.

Thanks for reporting back. I suspect that the reason you are seeing 'No need to authenticate' is because I've used 'auth_self_keep', which keeps credentials for a short interval (as opposed to 'auth_self'). This is a convenience feature.

Reproduce = 100%
(1) Install 2.3.0qa => user:yukimi => sudo conary updateall
(2) logon as yukimi. Can administrate with authentication in this time.
(3) make a new user has admin privilege "newadmin".
(4) Can't authenticate with password.
(5) Can't authenticate with password.
(6) Can't authenticate with password and Bug-buddy. (See attached log)
(7) Do not display authentication dialog in this session.
(8) Can't administrate forever.

https://wiki.ubuntu.com/DebuggingGnomeSystemTools describes a way to debug gnome-system-tools. Could you try that and report back?

When I tried to reproduce using the procedure described in the link, I could not reproduce the error.

Linux FL0303.local 2.6.30.10-2-fl.smp.gcc4.1.x86_64 #1 SMP Mon Dec 28 17:22:23 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux

1. Note that administration works for yukimis original user.
2. We need to make sure that liboobs displays messages of priority DEBUG so that we can see what is sent over the wire from g-s-t <-> s-t-b when doing the debug dance from the Ubuntu wiki.
3. s-t-b tries to create an admin user w/UID 6668 and GID 4294967295? That can't be right ...

thanxs.

try to lunch virt-manager (other app that deps on polkit-gnome) see if things work. (also you on x86or x86_64) ?
also - what 'died' exactly ? (anything in ~/.xsession-errors ?)

Thanxs!!!!!!!!!!!!!!

I discovered a subtle bug with users-admin that was related to differences in output between the Debian (the expected output format) and RH (which we use) versions of the /usr/bin/passwd program. System-tools-backends would consequently list users as not being enabled no matter their actual status.

This should be fixed in system-tools-backends=/foresight.rpath.org at fl:devel//2-devel/2.10.0-0.3-1
and I did some testing with adding a new user and doing various admin stuff without running into issues.

Do note that, due to design deficiencies in g-s-t / s-t-b (according to the maintainer, no less!), you should create a new user, close the users-admin applet and then restart it before you make changes to the new user, such as adding the user to additional groups.

Please report back if this solves your issues.

To be continued in another thread... (after the dairy work)

— Mon Apr 12 06:57:01 JST 2010 —

can you try updateall again plz ? (and thanxs)

By the way this issue has changed situation with 3-1. Please see attached screen-shot named 20100412.tar.gz.

[Operate] install 2.3.0qa -> conary updateall fl:2-qa -> reboot -> conary update system-tools-backends=/foresight.rpath.org at-mark fl:devel//2-devel/2.10.0-0.3-1

(1) Add 'newadmin' as administrator default. (It's not problem)
(2) 'User Privilleges' dialog is blank.
(3) Can not choice 'newadmin' or else. (It's is not problem for me)
And sometimes can not cancel with root-auth dialog.I could not found how to reproduce.

I can confirm that g-s-t is periodically slow to respond and that it's hard to understand why. Earlier on, I mentioned that [2] is a design deficiency according to the current Ubuntu maintainer. According to him, you should create a new user, close users-admin, open users-admin and only then assign extra permissions to your user.