When launching some apps (e.g., GParted, Synaptic, or Grub Customizer), install/uninstall packages with App Center or Software Updater, it always pops-up a dialog asking for admin password to authenticate.
This is great for security! But for lazy men those who don’t want to type user password again and again after logged in (or unlocked screen), it may be OK to disable the authentication window when using their computers at home or other safe places.
Password Authentication Pop-up in Ubuntu
NOTE 1: For security, it’s NOT recommended to disable the authentication. You MUST know what you’re going to do, and do it at your own risk!
NOTE 2: This tutorial is tested and works on Ubuntu 24.04 and Debian 12. It should also work in Linux Mint 22, but NOT for Ubuntu 22.04 and earlier.
About Polkit:
Ubuntu and many other Linux use polkit for controlling system-wide privileges. It’s an authentication framework that provides a finer control of access rights for graphical desktop environments.
When a graphical application need to do a registered action that requires admin/root permission, polkit can control which user (or user in which group) that runs the app is authorized with or without password authentication.
Unlike sudo for command line, polkit does not grant root permission to an entire process, but allows specific privileges to a user or group on an as-needed basis.
And, here I’m going to show you how to configure polkit to disable password authentication for either global or specific actions, when running with certain user or group.
Option 1: Disable Password Authentication Globally for Certain Users
NOTE: Option 1 and option 2 do NOT stop your system from asking password when running sudo command in terminal. It only works for graphical authentication pop-ups! See option 3 if you need for sudo command.
1. First, press Ctrl+Alt+T on keyboard to open up a terminal window. When it opens, run command create & edit a config file under /etc/polkit-1/rules.d/ directory:
sudo gnome-text-editor /etc/polkit-1/rules.d/49-nopasswd_global.rules
For non-GNOME desktop, replace gnome-text-editor in command with your favorite text editor, or use nano that works in most desktops.
2. When file opens, add the lines below and replace user “ji” to yours:
/* Allow members in "ji" group to execute any actions
* without password authentication.
*/
polkit.addRule(function(action, subject) {
if (subject.isInGroup("ji")) {
return polkit.Result.YES;
}
});
In the code above, it adds a rule for all registered actions, while:
subject.isInGroup("ji"), means all users in group “ji” (user “ji” is of course in group “ji”). You can add more users into this group for the rule. Or, replace it withsubject.user == "ji", so it only works for this user only.return polkit.Result.YES;, means authorize without any authentication! You may replace YES with:NO– never allowed.AUTH_ADMIN– need to enter admin user password to authenticate.AUTH_SELF– need to enter user’s own password to authenticate.AUTH_ADMIN_KEEP– similar toAUTH_ADMIN, but no need to re-enter the password for a certain duration (usually 5 min) when running same action by same app.AUTH_SELF_KEEP– seeAUTH_ADMIN_KEEP, though it asks user’s own password.
After saved the file (for nano, press Ctrl+S to save, then Ctrl+X to exit), the rule should apply immediately!
Option 2: Disable Password Authentication for Specific Actions
For security reason, it’s not safe to disable the authentication pop-up globally. But it seems less dangerous to disable it for some actions, such as install updates through “Software Updater”.
1. Find out all registered actions.
In the case, you need to first find out all the registered actions. They differ depends on your desktop and installed apps.
Most of the polkit actions are defined by the .policy files under ‘/usr/share/polkit-1/actions’ directory. To list them, open terminal (Ctrl+Alt+T) and run command:
pkaction
Or run pkaction --verbose to list more info about the registered actions, thus it can be easier to find out which actions to use in next step.
2. Create/Edit polkit config file.
Like option 1, run command below to create a config file (also replace gnome-text-editor accordingly):
sudo gnome-text-editor /etc/polkit-1/rules.d/49-nopasswd_limit.rules
When file opens, add similar lines below:
/* Allow members in "ji" group to execute the defined actions
* without password authentication.
*/
polkit.addRule(function(action, subject) {
if ((action.id == "org.debian.apt.upgrade-packages" ||
action.id == "org.debian.apt.install-or-remove-packages" ||
action.id == "example.action.remove.if_no_need" ||
action.id == "example.action.remove.if_no_need") &&
subject.isInGroup("ji"))
{
return polkit.Result.YES;
}
});
Here in the “if” sentence, use action.id == "xxx.xxx.xxx.xxx" for the actions you want to configure. You can add as more actions as you want, just use || (logical OR) to separate them, and include all of them in a round brackets.
Finally, add && subject.isInGroup("ji") or && subject.user == "ji" to apply the rule for all the actions you added above running with user “ji” or users in group “ji”.
NOTE: You need to replace action.id values and user “ji” accordingly!
Also, save the file will apply the rule immediately!
Option 3: Disable password authentication for sudo command
This is an optional step has nothing to do with polkit. Also, it’s NOT safe, since it grants root permission to the entire command process. With it, even remote SSH login can run sudo command without password!
1. First, open terminal (Ctrl+Alt+T) and run the command below to make a backup of sudoers file, by copying it to user home directory:
sudo cp /etc/sudoers ~/sudoers.bak
2. Then, run command to edit the sudoers file:
sudo visudo
When file opens in terminal window, scroll down and add the line below:
ji ALL=(ALL) NOPASSWD:ALL
Here, replace ji to your username. Finally, press Ctrl+S to save, and Ctrl+X to exit.
Lazy *men*?
Do you believe only men use Linux, men are the only lazy gender, or this only applies to one gender (men)?
Sorry, but I didn’t mean that.
As non-native English speaker, I keep learning new words and unique sentences from the web. I saw someone say “lazy man” to make fun of himself. I like the sentence and want to use it somewhere. So I wrote it in the post above. Sorry for the confusion!
Option 2 is a great tip. Thanks a lot.
I tried your option one (this is on a tablet dedicated for a person with disability, so they can’t type much) but when I tried to install something from App Center it popped an error.
Personally, the one thing I HATE about all Linux in global, is the insistence of the users to tell other users what they should or shouldn’t do with their own system. It’s the one thing that makes Windows much friendlier, is that we DON’T need to type password for every bloody thing at every damn second.
The user already logged into their own account, they don’t want to type passwords!
Dear Ji M.
I’ve creates the following file:
______________________________________
polkit.addRule(function(action, subject) {
if (subject.user==”My_User_Name”) {
return polkit.Result.YES;
}
});
_______________________________________
ans save it as 49-nopasswd_global.rules in polkit-1 directory.
After it I reload ubuntu 24.04 and try to start chrome. It require Password Authentication as before.
What is wrong?
I”ll greatly appreciate you help
Regards. Kuma
The rule you added looks OK! but you should use double quotation marks in English keyboard input. Your user-name should turn green if it set correctly.
For chrome (if you meant Google Chrome), it usually does not ask for password at launch.
If you enabled Automatic login, or login via other methods (e.g., fingerprint), then it asks for unlock the keyring, which can be skipped by this tutorial:
https://ubuntuhandbook.org/index.php/2013/07/disable-unlock-login-keyring-ubuntu-13-04/
Thank you for quick response. I indeed type “My_User_Name” using double quotation marks in English keyboard input. But till it is not working.
What do you mean when you write about green color? Do you meaning some specific editor like nano?
Regarding your question about chrome: I meant Google Chrome.
Your mention about unlock the keyring indeed helpful but I don’t like to do it. I only want to prevent from Google Chrome to require authentication.
Regards, Kuma.
1. Did you try launching an app (e.g., Grub Customizer) that requires authentication or install an app via App center, and see if it works?
2. The authentication from Google Chrome is NOT asking for user password but the password of login keyring. It’s usually set to same to user password, and get unlock automatically when you login by typing password.
If you log into your desktop with auto-login, fingerprint, etc without typing password, then it does not auto-unlock the login keyring. So, first time launching Google Chrome will ask for the authentication.
To prevent Google chrome to require authentication, either login your desktop with password, set login-keyring password to empty, or delete the Google Chrome keyring (doing this will erase all passwords/passkeys stored in it).
Thank you. Your explanation really help me. Till I have some question about password of login keyring. Why Firefox, for example, did not ask it? I have a number of other applications that not ask the password of login keyring. What special in Google Chrome?
Chrome stores your passwords in system keyring, while Firefox has a built-in password manager. It’s design issue.
Hi Ji – I bought a laptop with Ubuntu installed but don’t know the authentification password and nor does the person who I bought it from. What would you suggest I try? At this point, I cannot even install a new App. I don’t have coding experience unf. You can email me privately if you prefer. Thanks in advance
If the Ubuntu system partition and boot-loader are not encrypted, then you may try resetting password from the recovery mode. See:
https://ubuntuhandbook.org/index.php/2014/11/reset-user-password-ubuntu-14-04/