Discussion:
Running GUI applications as root?
(too old to reply)
Yrrah
2018-07-29 14:54:44 UTC
Permalink
(Mint 19 Cinnamon)
"pkexec /opt/FreeFileSync/FreeFileSync" from the main menu doesn't
work.
A quick test showed that it doesn't work with other programs either,
except Nemo. There is no gksudo anymore because gksu was dropped in
Ubuntu and consequently in Mint also. That's a pity, but there's a
good reasons for it (apparently). There has been and still is a lot of
debate going on about this subject, but there isn't a simple solution
afaik. Running GUI applications as root from the terminal (sudo...)
isn't recommended, so I read.
Any expert advice here?

Yrrah
Wildman
2018-07-29 15:56:23 UTC
Permalink
Post by Yrrah
(Mint 19 Cinnamon)
"pkexec /opt/FreeFileSync/FreeFileSync" from the main menu doesn't
work.
A quick test showed that it doesn't work with other programs either,
except Nemo. There is no gksudo anymore because gksu was dropped in
Ubuntu and consequently in Mint also. That's a pity, but there's a
good reasons for it (apparently). There has been and still is a lot of
debate going on about this subject, but there isn't a simple solution
afaik. Running GUI applications as root from the terminal (sudo...)
isn't recommended, so I read.
Any expert advice here?
Yrrah
Pkexec will not allow an X11 program to be run without
$DISPLAY and $XAUTHORITY being set. That can be handled
in the command like this...

pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gedit

However the best way is to place a .policy file in
/usr/share/polkit-1/actions/.

man polkit
--
<Wildman> GNU/Linux user #557453
The cow died so I don't need your bull!
Kirk_Von_Rockstein
2018-07-29 16:22:48 UTC
Permalink
Post by Yrrah
(Mint 19 Cinnamon)
"pkexec /opt/FreeFileSync/FreeFileSync" from the main menu doesn't
work.
A quick test showed that it doesn't work with other programs either,
except Nemo. There is no gksudo anymore because gksu was dropped in
Ubuntu and consequently in Mint also. That's a pity, but there's a
good reasons for it (apparently). There has been and still is a lot of
debate going on about this subject, but there isn't a simple solution
afaik. Running GUI applications as root from the terminal (sudo...)
isn't recommended, so I read.
Any expert advice here?
Yrrah
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY application-name

https://forums.linuxmint.com/viewtopic.php?t=270721
Yrrah
2018-07-29 17:18:15 UTC
Permalink
Thanks, Wildman and Kirk.
Unfortunately "env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY" only works
in the terminal, not in the main menu.
I'll look into the polkit option later.

Yrrah
Wildman
2018-07-30 15:44:09 UTC
Permalink
Post by Yrrah
Thanks, Wildman and Kirk.
Unfortunately "env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY" only works
in the terminal, not in the main menu.
I'll look into the polkit option later.
Yrrah
I am working on a gui version of linfo called linfo-tk that
has the feature of restarting with elevated privileges. It
uses pkexec to do it. As I said in another post, it requires
a .policy file be placed in /usr/share/polkit-1/actions/. If
'actions' does not exist, create it.

The .policy file follows a naming convention like this...
com.ubuntu.pkexec.PROGRAM-NAME.policy

In my case, the program is named 'linfo-tk.py so the .policy
file is... com.ubuntu.pkexec.linfo-tk.py.policy

The actual .policy I am using is pasted at the bottom. You
can use it as a template. The following lines will need to
changed...

8 vendor - change to whatever you want
10 id - change linfo-tk.py to your program name
11 message - This is the message that will be displayed by
pkexec when asking for authentication
17 execute path - the complete path to your program

Leave everything else as is. That should do it for the
.Policy file..

The command in the menu entry should be this...

pkexec /complete/path/to/program $USER

Instead of $USER you could use root but that might be a
bad idea since some distros don't create a root account.
Your call...

Let me know how it goes.



<?xml version="1.0" encoding="UTF-8"?>
!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">

<policyconfig>

<vendor>Wildman Productions</vendor>

<action id="org.freedesktop.policykit.pkexec.linfo-tk.py">
<message>Authentication is required to run Linfo-tk with elevated privileges</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/opt/linfo-tk/linfo-tk.py</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
</action>

</policyconfig>
--
<Wildman> GNU/Linux user #557453
The cow died so I don't need your bull!
Yrrah
2018-07-30 17:33:40 UTC
Permalink
Post by Wildman
Let me know how it goes.
Thanks you very much for the info. I was going to create a .policy
file for DoubleCommander. However, to my surprise there is one
already:

/usr/share/polkit-1/actions/org.doublecmd.root.policy

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">

<policyconfig>

<vendor>Double Commander</vendor>
<vendor_url>https://doublecmd.sourceforge.io</vendor_url>

<action id="org.doublecmd.root">
<description>Run Double Commander with elevated
privileges</description>
<message>Please enter your password to run Double Commander as
root</message>
<icon_name>doublecmd</icon_name>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate
key="org.freedesktop.policykit.exec.path">/usr/bin/doublecmd</annotate>
<annotate
key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>

</policyconfig>

'pkexec doublecmd' in the Cinnamon main menu works.


Yrrah
Wildman
2018-07-30 18:18:23 UTC
Permalink
Post by Yrrah
Post by Wildman
Let me know how it goes.
Thanks you very much for the info. I was going to create a .policy
file for DoubleCommander. However, to my surprise there is one
/usr/share/polkit-1/actions/org.doublecmd.root.policy
That is a surprise and it saved you some work. I think
it is odd that the install would include the policy file
without making a menu entry to use it.
--
<Wildman> GNU/Linux user #557453
The cow died so I don't need your bull!
Yrrah
2018-07-31 13:26:13 UTC
Permalink
Post by Yrrah
I was going to create a .policy
Post by Yrrah
file for DoubleCommander. However, to my surprise there is one
That is a surprise and it saved you some work. I think
it is odd that the install would include the policy file
without making a menu entry to use it.
There is a .policy file for the Cinnamon file manager Nemo too. No
Cinnamon menu entry (pkexec nemo) though, unless you make one
manually. Perhaps developers don't want "ignorant newbies" to use
these applications with root permissions.


Yrrah

Continue reading on narkive:
Loading...