Understanding How Flatpak Install Without Password?

stratus · March 29, 2023, 8:54pm

I’m sorry if this is in the wrong section but I was looking to understand how the Software Center allows users to install flatpaks without a password. I attempted to search the web but I am not even sure how phrase it.

I note that you can have a user login with no password and you can just install whatever flatpaks you like. If I do an install of #randomDistro and put flatpak and gnome-software, it prompts for the password.

I’m just looking to understand how Endless is achieving this. I have 3 machines with Endless deployed for my kids and I have handed out a few Endless laptops in my community so I am just looking to understand better how it works

Thanks!

wjt · April 3, 2023, 12:37pm

Flatpak uses Polkit (née PolicyKit) to manage systemwide permissions.

The Flatpak upstream rules allow admin users who are signed in locally (rather than over ssh) to perform the org.freedesktop.Flatpak.app-install action (and a bunch of other actions).

In Endless OS we patch the rules to allow app installation to non-admin users as well (unless later prevented by parental controls).

stratus · April 3, 2023, 12:38pm

Thanks for the detailed answer and the direct link to the patch this is exactly what i was looking for!

wjt · April 3, 2023, 12:51pm

By the way, you don’t have to patch the installed rule. You can add your own rule at higher precedence in /etc/polkit-1/rules.d. See man 8 polkit for more details.