Re: [DNG] pkexec in Chimaera
On 11/8/21 05:12, tempforever wrote: [snip]> Lars Noodén via Dng wrote: You could consider running sudoedit instead. That will allow you to edit a file as root (or any other designated account) while still running the editor itself under the unprivileged account. One should not run graphical programs as root, if it can be avoided. Thank you for the help also. sudoedit requires user "a" to be in sudo group, which I'd prefer not to do. A non-gui text editor invoked with su -c will work for now. Please take another look at /etc/sudoers because the system is allowed to have more than one group and users may be in more than one group at a time. Also, there can be more than one single line in /etc/sudoers or in any of the files beneath /etc/sudoers.d/ Thus you can have a group for account "a" which allows it to run sudoedit but nothing else, and it doesn't even have to be a new group: %a ALL=(ALL:ALL) sudoedit See "man sudoers" for that. sudo is certanly one of the most misunderstood and misused utilities around, in part because of the tragic default settings spread by the Ubuntu distros, an affliction it gets from Debian's default settings. /Lars PS. Thank you in advance for not top-posting. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] pkexec in Chimaera
Thanks for the (attempted) help. su -c - root mousepad returned the same error (Mousepad-CRITICAL... Failed to initialize xfconf: The connection is closed) su -c - root xterm and then mousepad (in that xterm) returned the same error again. I noticed on my Beowulf system I get a similar "error" except it says dconf-WARNING ... failed to commit changes to dconf: The connection is closed However, mousepad actually opens there, I guess because it is a warning instead of a critical error in Beowulf? I'm not terribly concerned about (not) being able to run GUI programs as root, it just seemed odd to me that pkexec would require a different user's password, especially when specifying --user root. Steve Litt wrote: > Try this: > su -c - root mousepad > > Remember to put the dash between -c and root. > > If you get the same results, perform the following: > > su -c - root xterm > > Now, within that xterm, run the mousepad command and see what goes > wrong. It's probably a wrong directory, or perhaps some missing > environment variable, either of which can be cured by a shellscript. > Thank you for the help also. sudoedit requires user "a" to be in sudo group, which I'd prefer not to do. A non-gui text editor invoked with su -c will work for now. Lars Noodén via Dng wrote: > You could consider running sudoedit instead. That will allow you to > edit a file as root (or any other designated account) while still > running the editor itself under the unprivileged account. One should > not run graphical programs as root, if it can be avoided. > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] pkexec in Chimaera
tempforever said on Sun, 7 Nov 2021 14:19:54 -0500 >I'm logged on user "a" (with very few permissions), on the same system >exists user "b" (in sudo group). >When I run pkexec --user root mousepad (for example), it prompts for >user "b" password, instead of root password. >If I remove user "b" from sudo group, the above example will prompt for >root password. >I would like to keep user "b" in sudo group, and enter root user's >password. I believe gksu used to do this. Is this possible to do any >more in devuan? > >In beowulf, I was allowed to run "su -c mousepad" but now that fails: >(mousepad:3105): Mousepad-CRITICAL **: 13:59:58.624: Failed to >initialize xfconf: The connection is closed >which is why I am now using pkexec Try this: su -c - root mousepad Remember to put the dash between -c and root. If you get the same results, perform the following: su -c - root xterm Now, within that xterm, run the mousepad command and see what goes wrong. It's probably a wrong directory, or perhaps some missing environment variable, either of which can be cured by a shellscript. The shellscript, call it my_shellscript.sh, might look something like the following: #!/bin/sh cd /my/special/directory export MY_ENV_VAR="my special environment variable" exec mousepad If you use the shellscript, your command will be : su -c - root my_shellscript.sh SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] pkexec in Chimaera
On 11/7/21 21:19, tempforever wrote: [snip]> Actually I'll probably switch to a text-based editor for this particular case, but in general, for GUI applications, how is this done now? [snip] You could consider running sudoedit instead. That will allow you to edit a file as root (or any other designated account) while still running the editor itself under the unprivileged account. One should not run graphical programs as root, if it can be avoided. From the manual page for sudo: When invoked as sudoedit, the -e option (described below), is implied. [...] -e, --edit Edit one or more files instead of running a command. In lieu of a path name, the string "sudoedit" is used when consultimg the security policy. If the user is authorized by the pol‐ icy, the following steps are taken: 1. Temporary copies are made of the files to be edited with the owner set to the invoking user. 2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used. 3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed. To help prevent the editing of unauthorized files, the following restrictions are enforced unless [...] There a lot more about that in the manual pages. See "man sudo" and "man sudoers" /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] pkexec in Chimaera
I'm logged on user "a" (with very few permissions), on the same system exists user "b" (in sudo group). When I run pkexec --user root mousepad (for example), it prompts for user "b" password, instead of root password. If I remove user "b" from sudo group, the above example will prompt for root password. I would like to keep user "b" in sudo group, and enter root user's password. I believe gksu used to do this. Is this possible to do any more in devuan? In beowulf, I was allowed to run "su -c mousepad" but now that fails: (mousepad:3105): Mousepad-CRITICAL **: 13:59:58.624: Failed to initialize xfconf: The connection is closed which is why I am now using pkexec Actually I'll probably switch to a text-based editor for this particular case, but in general, for GUI applications, how is this done now? (another example, same situation) running "gparted" from user "a" will prompt for sudo user "b" password, instead of root password. I seem to remember a gparted-pkexec, but don't see that in Chimaera or Beowulf. Also package gksu is not available. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
