How to run a Gtk application as a user with root privs?
From my research it isn't possible to use suid for Gtk applications. There seems to be possible to execute Gtk applications as a user with root privileges using "PAM". I'd like to know what you think is the best way to achieve it. This is to run gnome-ppp. Please let me know how you would do. Thanks.
|
"gksu" is probably the command you're looking for. "sudo" should also work.
|
But they both ask for my root password :(
|
If you set up sudo properly, it should be asking for your password, not roots.
|
Yes, sorry, this is what I meant. But I don't want to have to type any password... How could I do it?
|
You set up sudo to not ask for a password. If you look in the sudoers file, you should see examples of how to use the NOPASSWD directive. If that is set up properly, the user is allowed to use that command without supplying a password. For example, if you set up the shutdown command like this:
usename = NOPASSWD: /sbin/shutdown It would allow the user to shut down the computer with sudo shutdown and not have to enter a password. Have a look in the sudoers man page for more examples. |
Thanks. Since that day, I've tried to add myself in the sudoers using this man page: http://www.gratisoft.us/sudo/man/sudoers.html but I don't understand very well, it's a little complicated to me!
I added this to /etc/sudoers: Code:
werner gnome-ppp = NOPASSWD: /usr/sbin/gnome-ppp Code:
sudo /usr/sbin/gnome-ppp Code:
sudo /usr/sbin/gnome-ppp Thanks. |
Quote:
Part of the problem might be that first gnome-ppp. That is in the position of an alias, which means that you had to have defined it earlier in the sudoers file. You might be able to get by with: werner NOPASSWD: /usr/sbin/gnome-ppp |
Thanks, when I do this, I get this error message while saving the file:
Quote:
Thanks. |
That rhythmic banging sound you hear is me banging my head on the keyboard. Sudo syntax always drives me nuts. I think the problem is that I forgot to define a machine where the command was legit to use.
So this might work: werner ALL = NOPASSWD: /usr/sbin/gnome-ppp In this case, the ALL refers to all machines on your network, but that is probably OK for a personal machine. An alternative would be to define a specific machine and then use that name: Host_Alias MYMACHINE = 127.0.0.1 werner MYMACHINE = NOPASSWD: /usr/sbin/gnome-ppp In this case, you would only have the rights on this particular machine. Again, if this is a standalone machine, using this instead of ALL is probably a distinction without a difference. You might have to use the actual IP address of your machine (or a range if you're using DHCP) if the 127.0.0.1 doesn't work. |
Thank you. I tried it and now when I do "sudo gnome-ppp" as a user, I get "Gtk-Wraning **: Cannot open display:"
Any idea? :( Thanks. |
Yeah, that is X security kicking in. Basically, X is telling you that root doesn't have the authority/privilege to put something on your X display. There are two ways to allow this, xhost and xauth.
Xhost is the cheap and sleazy way of doing it as it controls X access on a per-host basis. So if you first run xhost localhost on the command line before you run your sudo gnome-ppp, it should allow root to display it. Now the warning: xhost localhost allows anyone on localhost to use your X display. On a single user machine, this probably isn't a real big deal. In a multiuser environment, it is a big breach of security and you don't want to do it. The alternative is xauth, which allows you to authorize specific users with a cookie. It is kind of complicated (which is why most people use xhost on single user machines) but there is a good explanation here. |
Quote:
Code:
## allows me to run an X program as root |
Quote:
|
Quote:
|
Thank you. I tried the two methods and restarted my computer, I'm still getting this error message: "Gtk-Wraning **: Cannot open display:". Any other idea? :(
|
Quote:
|
Thanks. I issued 'xhost localhost && sudo gnome-ppp' but I still get the error message...
:( |
Thats odd. Try just issuing xhost localhost on its own and post any output/errors you get back. Also, if you use su to become root in a console, can you then run gnome-ppp? I know that isn't the solution you're after, I'm just trying to get a better handle on where this is going off course.
|
Hello, "xhost localhost" on its own doesn't report any error message. If I become root using "su -" and then launch "gnome-ppp" it's working fine. But not sudo. Any idea? Thanks.
|
Quote:
Quote:
There are a couple of syntax differences for xhost that also might work. Try these and see if one works for sudo: xhost +localhost xhost +local: |
Hello, I removed /root/.bashrc, I restarted and I tried again. When I run "xhost localhost" or one of your suggestions, I get: "localhost being added to access control list", but when I run "sudo gnome-ppp", I get the same error message :(
I found here: http://www.gnomefiles.org/comment.php?soft_id=41 that you can use "PAM" (6th comment). I tried it but it didn't work either :( |
Quote:
Quote:
Also have a read through this thread, particularly the last couple of posts. They seem to have solved the same problem you're having. |
Thanks! Your link solved finally my problem, I just had to add to /etc/sudoers these 2 lines:
Code:
werner ALL = NOPASSWD: /usr/sbin/gnome-ppp |
Great, I'm glad we finally figured it out.
To be honest, I don't know why this was so difficult. 99.9% of the time the first advice that HappyTux and I gave you works. |
All times are GMT -5. The time now is 06:08 PM. |