Re: sudo in X-environment -- polkit solution
On Sun, May 4, 2014 at 11:08 AM, Osamu Aoki <osamu@debian.org> wrote:
> On Sat, May 03, 2014 at 12:43:17PM +0200, Ralf Mardorf wrote:
>> On Sat, 2014-05-03 at 06:29 -0400, Tom H wrote:
> I am wondering why you even need to use wrapper explicitly?
That's why I've said that I consider using a wrapper for gksu/gksudo a bug.
>>> Thanks. As I said earlier, I consider this a bug. What's the point of
>>> using gksu/gksudo if you have do use a wrapper that you could use
>>> around su/sudo?
>
> If I type "system-config-printer" to my user shell, I get GUI running
> with root privilege :-)
Sure. But that's because dbus and polkit are doing all the work for
you in the background. :)
>>> Maybe pkexec is the solution?
>
> Yes.
I was just trying to nudge Ralf in the right direction. :)
There are many people who doubt sudo and even more who doubt pkexec/polkit...
> Did you add yourself as a member of "sudo" group?
> https://www.debian.org/doc/manuals/debian-reference/ch04.en.html#_policykit
> 4.6.2. PolicyKit
>
> PolicyKit is an operating system component for controlling system-wide
> privileges in Unix-like operating systems.
>
> Newer GUI applications are not designed to run as privileged processes.
> They talk to privileged processes via PolicyKit to perform
> administrative operations.
>
> PolicyKit limits such operations to user accounts belonging to the sudo
> group on the Debian system.
>
> I think this is helping me :-)
It is in general, but not in the system-config-printer case. AIUI,
dbus and policykit allow anyone to launch the app. I don't have a
printer to test whether an unprivileged user can set up and use it.
> (The above text may be obsoleted soon by logind.)
AFAIK systemd's replaced consolekit but isn't encroaching on policykit
territory.
Reply to: