LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   How to run a Gtk application as a user with root privs? (http://www.linuxquestions.org/questions/linux-software-2/how-to-run-a-gtk-application-as-a-user-with-root-privs-595350/)

werner1975 10-28-2007 08:55 PM

How to run a Gtk application as a user with root privs?
 
From my research it isn't possible to use suid for Gtk applications. There seems to be possible to execute Gtk applications as a user with root privileges using "PAM". I'd like to know what you think is the best way to achieve it. This is to run gnome-ppp. Please let me know how you would do. Thanks.

indienick 10-28-2007 09:24 PM

"gksu" is probably the command you're looking for. "sudo" should also work.

werner1975 10-29-2007 06:27 AM

But they both ask for my root password :(

Hangdog42 10-29-2007 07:27 AM

If you set up sudo properly, it should be asking for your password, not roots.

werner1975 10-30-2007 06:17 AM

Yes, sorry, this is what I meant. But I don't want to have to type any password... How could I do it?

Hangdog42 10-30-2007 07:23 AM

You set up sudo to not ask for a password. If you look in the sudoers file, you should see examples of how to use the NOPASSWD directive. If that is set up properly, the user is allowed to use that command without supplying a password. For example, if you set up the shutdown command like this:

usename = NOPASSWD: /sbin/shutdown

It would allow the user to shut down the computer with sudo shutdown and not have to enter a password.

Have a look in the sudoers man page for more examples.

werner1975 11-02-2007 09:40 AM

Thanks. Since that day, I've tried to add myself in the sudoers using this man page: http://www.gratisoft.us/sudo/man/sudoers.html but I don't understand very well, it's a little complicated to me!

I added this to /etc/sudoers:

Code:

werner                gnome-ppp = NOPASSWD: /usr/sbin/gnome-ppp
But then when I type:
Code:

sudo /usr/sbin/gnome-ppp
It asks for my password (which I don't want). And then I get an error message:
Code:

sudo /usr/sbin/gnome-ppp
(gnome-ppp:11258): Gtk-WARNING **: cannot open display:

Any idea?
Thanks.

Hangdog42 11-02-2007 01:34 PM

Quote:

werner gnome-ppp = NOPASSWD: /usr/sbin/gnome-ppp
You're right, sudo syntax is a little bit on the thick side.

Part of the problem might be that first gnome-ppp. That is in the position of an alias, which means that you had to have defined it earlier in the sudoers file. You might be able to get by with:

werner NOPASSWD: /usr/sbin/gnome-ppp

werner1975 11-02-2007 02:34 PM

Thanks, when I do this, I get this error message while saving the file:
Quote:

# visudo -f /etc/sudoers
>>> sudoers file: syntax error, line 49 <<<
What now?
Any idea?
Thanks.

Hangdog42 11-03-2007 06:39 AM

That rhythmic banging sound you hear is me banging my head on the keyboard. Sudo syntax always drives me nuts. I think the problem is that I forgot to define a machine where the command was legit to use.

So this might work:

werner ALL = NOPASSWD: /usr/sbin/gnome-ppp


In this case, the ALL refers to all machines on your network, but that is probably OK for a personal machine. An alternative would be to define a specific machine and then use that name:

Host_Alias MYMACHINE = 127.0.0.1
werner MYMACHINE = NOPASSWD: /usr/sbin/gnome-ppp


In this case, you would only have the rights on this particular machine. Again, if this is a standalone machine, using this instead of ALL is probably a distinction without a difference. You might have to use the actual IP address of your machine (or a range if you're using DHCP) if the 127.0.0.1 doesn't work.

werner1975 11-12-2007 01:49 PM

Thank you. I tried it and now when I do "sudo gnome-ppp" as a user, I get "Gtk-Wraning **: Cannot open display:"
Any idea? :(
Thanks.

Hangdog42 11-12-2007 02:44 PM

Yeah, that is X security kicking in. Basically, X is telling you that root doesn't have the authority/privilege to put something on your X display. There are two ways to allow this, xhost and xauth.

Xhost is the cheap and sleazy way of doing it as it controls X access on a per-host basis. So if you first run xhost localhost on the command line before you run your sudo gnome-ppp, it should allow root to display it. Now the warning: xhost localhost allows anyone on localhost to use your X display. On a single user machine, this probably isn't a real big deal. In a multiuser environment, it is a big breach of security and you don't want to do it.

The alternative is xauth, which allows you to authorize specific users with a cookie. It is kind of complicated (which is why most people use xhost on single user machines) but there is a good explanation here.

HappyTux 11-12-2007 02:44 PM

Quote:

Originally Posted by werner1975 (Post 2956541)
Thank you. I tried it and now when I do "sudo gnome-ppp" as a user, I get "Gtk-Wraning **: Cannot open display:"
Any idea? :(
Thanks.

That looks like X not wanting to let root open the display try something like below changing to your normal username in your /root/.bashrc file.

Code:

## allows me to run an X program as root

export XAUTHORITY=/home/stephen/.Xauthority


Hangdog42 11-12-2007 02:59 PM

Quote:

Originally Posted by HappyTux (Post 2956588)
That looks like X not wanting to let root open the display try something like below changing to your normal username in your /root/.bashrc file.

Code:

## allows me to run an X program as root

export XAUTHORITY=/home/stephen/.Xauthority


I didn't think it was that simple, but then again I'm no authority on xauth. Does sudo actually pick up roots .bashrc?

HappyTux 11-12-2007 03:14 PM

Quote:

Originally Posted by Hangdog42 (Post 2956610)
I didn't think it was that simple, but then again I'm no authority on xauth. Does sudo actually pick up roots .bashrc?

Looks like it must be if it was running as normal user you would not get the error that looks like the one you get when trying as root su'd from a user account therefore under the users X session.


All times are GMT -5. The time now is 07:33 PM.