Understanding How Flatpak Install Without Password?

I’m sorry if this is in the wrong section but I was looking to understand how the Software Center allows users to install flatpaks without a password. I attempted to search the web but I am not even sure how phrase it.

I note that you can have a user login with no password and you can just install whatever flatpaks you like. If I do an install of #randomDistro and put flatpak and gnome-software, it prompts for the password.

I’m just looking to understand how Endless is achieving this. I have 3 machines with Endless deployed for my kids and I have handed out a few Endless laptops in my community so I am just looking to understand better how it works


Flatpak uses Polkit (née PolicyKit) to manage systemwide permissions.

The Flatpak upstream rules allow admin users who are signed in locally (rather than over ssh) to perform the org.freedesktop.Flatpak.app-install action (and a bunch of other actions).

In Endless OS we patch the rules to allow app installation to non-admin users as well (unless later prevented by parental controls).

1 Like

Thanks for the detailed answer and the direct link to the patch this is exactly what i was looking for!

By the way, you don’t have to patch the installed rule. You can add your own rule at higher precedence in /etc/polkit-1/rules.d. See man 8 polkit for more details.

1 Like