:: Re: [DNG] pkexec in Chimaera
Góra strony
Delete this message
Reply to this message
Autor: tempforever
Data:  
Dla: dng
Temat: Re: [DNG] pkexec in Chimaera
Lars Noodén via Dng wrote:
> On 11/8/21 05:12, tempforever wrote:
> [snip]> Lars Noodén via Dng wrote:
>>> You could consider running sudoedit instead.  That will allow you to
>>> edit a file as root (or any other designated account) while still
>>> running the editor itself under the unprivileged account.  One should
>>> not run graphical programs as root, if it can be avoided.
>>>
>> Thank you for the help also.  sudoedit requires user "a" to be in sudo
>> group, which I'd prefer not to do.  A non-gui text editor invoked with
>> su -c will work for now.
>
> Please take another look at /etc/sudoers because the system is allowed
> to have more than one group and users may be in more than one group at a
> time.  Also, there can be more than one single line in /etc/sudoers or
> in any of the files beneath /etc/sudoers.d/
>
> Thus you can have a group for account "a" which allows it to run
> sudoedit but nothing else, and it doesn't even have to be a new group:
>
> %a ALL=(ALL:ALL) sudoedit
>
> See "man sudoers" for that.  sudo is certanly one of the most
> misunderstood and misused utilities around, in part because of the
> tragic default settings spread by the Ubuntu distros, an affliction it
> gets from Debian's default settings.
>

Thanks again for pointing me to sudoers.  I was (mistakenly) under the
impression that the user had to be in the sudo group.  And yes, I did
previously use mint/ubuntu.  I had played around with sudoers previously
for a different system (including once when I messed it up badly, not
using visudo; had to boot from a live disk to fix it).
You say that sudoedit will run the editor itself under the unprivileged
account; however, it appears it does run as root:
tempo@dev1:~$ ps aux|grep sudoedit
root      3167  0.0  0.1  11176  5332 pts/0    S+   13:42   0:00
sudoedit /etc/hosts
tempo     3177  0.0  0.0   6180   664 pts/1    S+   13:42   0:00 grep
sudoedit


Le 08/11/2021 à 14:16, Didier Kryn a écrit :

>     There is a hand-made replacement for pkexec and the good old gksu
> and gksudo:
>
> In your sudoers file (edited with visudo), put the following line
>
> Defaults env_keep = "XAUTHORITY DISPLAY"
>
> Note there can be other variables in the list, like EDITOR, but the
> above are the ones which will allow you to run GUIs under root priviledge.
>
> Then allow yourself to run foo with sudo (also by editing your sudoers
> file vith visudo) and then
>
> sudo foo


Nice to know this also; I can now verify that it does indeed work as you describe.