Hey, I am using Kinoite and was pretty annoyed about needing to input the sudo password for regular seeming things, in my case using virt-manager and decrypting and mounting LUKS drives.
The solution is:
for virt-manager
printf """polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" && subject.local && subject.active && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});""" | sudo tee /etc/polkit-1/rules.d/80-libvirt-manage.rules
for LUKS (only needed commands)
printf """polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.udisks2.encrypted-unlock-system" && subject.local && subject.active && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
""" | sudo tee /etc/polkit-1/rules.d/80-udisks2-encrypted-unlock.rules
printf """polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" && subject.local && subject.active && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
""" | sudo tee /etc/polkit-1/rules.d/80-udisks2-mount.rules
These exact rules just skip the password prompt for wheel users, where in general it makes no real sense in my opinion. What security should this give, if it is just the sudoers password?
I think for these tasks (and we could discuss more) it would be really good for usability to allow these rules by default.
I know Linux mint decrypts and mounts LUKS drives automatically when saving the password in its Wallet, so its possible.