Comment 16 for bug 1512002

Jiří Hajda (chronoscz) wrote :

I have Xubuntu 15.10. Main question is how we can determine for which action authentication window popped out? I searched process tree using htop and saw that if window was visible then it was like this:
  PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command
 2584 jha 20 0 332M 22880 19076 S 0.0 0.3 0:00.62 │ │ │ │ ├─ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
22144 root 20 0 77024 4472 3920 S 0.0 0.1 0:00.00 │ │ │ │ │ ├─ /usr/lib/policykit-1/polkit-agent-helper-1 jha
 2595 jha 20 0 332M 22880 19076 S 0.0 0.3 0:00.00 │ │ │ │ │ ├─ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
 2594 jha 20 0 332M 22880 19076 S 0.0 0.3 0:00.00 │ │ │ │ │ └─ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1

After closing window it changed to:
  PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command
 2584 jha 20 0 331M 22980 19172 S 0.0 0.3 0:00.66 │ │ │ │ ├─ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
 2595 jha 20 0 331M 22980 19172 S 0.0 0.3 0:00.00 │ │ │ │ │ ├─ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
 2594 jha 20 0 331M 22980 19172 S 0.0 0.3 0:00.00 │ │ │ │ │ └─ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1

So this /usr/lib/policykit-1/polkit-agent-helper-1 was responsible for showing the window. Probably something wanted to be run under root as USER column indicates.
Interesting is that this auth window is displayed for me only when my computer is resumed from sleep state and not always just sometimes.

Polkit auth dialog can be invoked from command line manually for example: /usr/bin/pkexec uptime
But how to get source for visible dialog if text in dialog is just not enough descriptive? If polkit uses DBUS for message delivery than it is not easy to trace original source. dbus-monitor --system not provided useful data and I don't know how to run dbus-monitor --session and if it could help.

From /var/log/auth.log:
Jan 12 10:26:10 jha polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.freedesktop.accounts.change-own-user-data for system-bus
-name::1.58 [/usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service] (owned by unix-user:jha)
Jan 12 10:26:10 jha dbus[940]: [system] Rejected send message, 9 matched rules; type="error", sender=":1.6" (uid=0 pid=914 comm="/usr/lib/accountsservice/accounts-daemon ") interface="(unset
)" member="(unset)" error name="org.freedesktop.Accounts.Error.PermissionDenied" requested_reply="0" destination=":1.58" (uid=1000 pid=2763 comm="/usr/lib/x86_64-linux-gnu/indicator-messages
/indic")

This suggests that indicator services wanted to change user data? Interesting. How to repeat this event?

Also same auth window with org.freedesktop.accounts.change-own-user-data action appears everytime I login to xrdp remote desktop session with xubuntu installed on server. But in this case it could be slightly different cause.