Understanding How Flatpak Install Without Password?

stratus · 29 March 2023 20:54

I’m sorry if this is in the wrong section but I was looking to understand how the Software Center allows users to install flatpaks without a password. I attempted to search the web but I am not even sure how phrase it.

I note that you can have a user login with no password and you can just install whatever flatpaks you like. If I do an install of #randomDistro and put flatpak and gnome-software, it prompts for the password.

I’m just looking to understand how Endless is achieving this. I have 3 machines with Endless deployed for my kids and I have handed out a few Endless laptops in my community so I am just looking to understand better how it works

Thanks!

wjt · 3 April 2023 12:37

Flatpak uses Polkit (née PolicyKit) to manage systemwide permissions.

The Flatpak upstream rules allow admin users who are signed in locally (rather than over ssh) to perform the org.freedesktop.Flatpak.app-install action (and a bunch of other actions).

In Endless OS we patch the rules to allow app installation to non-admin users as well (unless later prevented by parental controls).

stratus · 3 April 2023 12:38

Thanks for the detailed answer and the direct link to the patch this is exactly what i was looking for!

wjt · 3 April 2023 12:51

By the way, you don’t have to patch the installed rule. You can add your own rule at higher precedence in /etc/polkit-1/rules.d. See man 8 polkit for more details.

system · 7 November 2023 18:18

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.