Unable to access the graphical utility through system-config-* for Red Hat Online Learning

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux
  • Red Hat Online Learning 1.0
  • Course: Red Hat System Administration 1

Issue

  • Why does authentication dialog getting prompted repeatedly for root password even after entering it correctly for multiple times whenever accessing System > Administration > Services as local user or by system-config-services

  • Not able to access the services using the graphical utility (System > Administration > Services) when logged in as local user.

Resolution

The resolution is not currently available for this issue, whereas following workaround can be used.

Workaround

  • The workaround is to open a terminal, su to root, and run the command system-config-services
    Login as local user for example student
# su - root
# system-config-services
  • Instead of using above workaround, update the PolicyKit configuration by adding the following configuration to: /etc/polkit-1/localauthority/50-local/61-gls-ec2-remote.pkla in order to deal with this issue.
[fix s-c-services]
Identity=unix-group:student;unix-group:visitor
Action=org.fedoraproject.config.services.*
ResultAny=AuthAdminKeep

[fix s-c-services Redux]
Identity=unix-group:student;unix-group:visitor
Action=org.fedoraproject.config.services.info
ResultAny=yes

Note: This change will be lost the next time they do a system reset, which reverts the machine to it's initial image.

Root Cause

  • This not a bug/issue with underlying OS, however, the problem is with ROL(Red Hat Online Learning) image that is being used currently.

  • ROL uses VNC server session for console. But according to PolicyKit, a component of the Graphical Desktop, VNC session is a remote desktop, and therefore is cut off from a lot of the normal things a GUI desktop running on the console of the machine could do. One of the big things is that PolicyKit is configured to not permit any of the system-config-* utilities to be run from a desktop tagged as remote.

  • Bunch of rules need to the PolicyKit config for ROL, but apparently system-config-services needed more specific rules to permit it to be run from a remote desktop, and which is not currently available with the ROL image that is being used currently in this RHEL6 RHCE course.

  • The modifications those need to be done into the PolicyKit configuration will go into the next image update. At this point, there is no plan to update the RHEL6 RHCE class images, which means the problem will likely persist until the end-of-life of RHEL6 RHCE courses.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments