How to run a Gtk application as a user with root privs?
 

From my research it isn't possible to use suid for Gtk applications. There seems to be possible to execute Gtk applications as a user with root privileges using "PAM". I'd like to know what you think is the best way to achieve it. This is to run gnome-ppp. Please let me know how you would do. Thanks.

"gksu" is probably the command you're looking for. "sudo" should also work.

But they both ask for my root password :(

If you set up sudo properly, it should be asking for your password, not roots.

Yes, sorry, this is what I meant. But I don't want to have to type any password... How could I do it?

You set up sudo to not ask for a password. If you look in the sudoers file, you should see examples of how to use the NOPASSWD directive. If that is set up properly, the user is allowed to use that command without supplying a password. For example, if you set up the shutdown command like this:

usename = NOPASSWD: /sbin/shutdown

It would allow the user to shut down the computer with sudo shutdown and not have to enter a password.

Have a look in the sudoers man page for more examples.

Thanks. Since that day, I've tried to add myself in the sudoers using this man page: http://www.gratisoft.us/sudo/man/sudoers.html but I don't understand very well, it's a little complicated to me!

I added this to /etc/sudoers:

But then when I type:
It asks for my password (which I don't want). And then I get an error message:
Any idea?
Thanks.

You're right, sudo syntax is a little bit on the thick side.

Part of the problem might be that first gnome-ppp. That is in the position of an alias, which means that you had to have defined it earlier in the sudoers file. You might be able to get by with:

werner NOPASSWD: /usr/sbin/gnome-ppp

Thanks, when I do this, I get this error message while saving the file:
Any idea?
Thanks.

That rhythmic banging sound you hear is me banging my head on the keyboard. Sudo syntax always drives me nuts. I think the problem is that I forgot to define a machine where the command was legit to use.

So this might work:

werner ALL = NOPASSWD: /usr/sbin/gnome-ppp


In this case, the ALL refers to all machines on your network, but that is probably OK for a personal machine. An alternative would be to define a specific machine and then use that name:

Host_Alias MYMACHINE = 127.0.0.1
werner MYMACHINE = NOPASSWD: /usr/sbin/gnome-ppp


In this case, you would only have the rights on this particular machine. Again, if this is a standalone machine, using this instead of ALL is probably a distinction without a difference. You might have to use the actual IP address of your machine (or a range if you're using DHCP) if the 127.0.0.1 doesn't work.

Thank you. I tried it and now when I do "sudo gnome-ppp" as a user, I get "Gtk-Wraning **: Cannot open display:"
Any idea? :(
Thanks.

Yeah, that is X security kicking in. Basically, X is telling you that root doesn't have the authority/privilege to put something on your X display. There are two ways to allow this, xhost and xauth.

Xhost is the cheap and sleazy way of doing it as it controls X access on a per-host basis. So if you first run xhost localhost on the command line before you run your sudo gnome-ppp, it should allow root to display it. Now the warning: xhost localhost allows anyone on localhost to use your X display. On a single user machine, this probably isn't a real big deal. In a multiuser environment, it is a big breach of security and you don't want to do it.

The alternative is xauth, which allows you to authorize specific users with a cookie. It is kind of complicated (which is why most people use xhost on single user machines) but there is a good explanation here.

That looks like X not wanting to let root open the display try something like below changing to your normal username in your /root/.bashrc file.

I didn't think it was that simple, but then again I'm no authority on xauth. Does sudo actually pick up roots .bashrc?

Looks like it must be if it was running as normal user you would not get the error that looks like the one you get when trying as root su'd from a user account therefore under the users X session.

Thank you. I tried the two methods and restarted my computer, I'm still getting this error message: "Gtk-Wraning **: Cannot open display:". Any other idea? :(

The xhost command I gave won't survive a reboot, you have to issue it new with every session. In theory, HappyTux's method should survive a reboot but you might want to check root's .bashrc to make sure.

Thanks. I issued 'xhost localhost && sudo gnome-ppp' but I still get the error message...

:(

Thats odd. Try just issuing xhost localhost on its own and post any output/errors you get back. Also, if you use su to become root in a console, can you then run gnome-ppp? I know that isn't the solution you're after, I'm just trying to get a better handle on where this is going off course.

Hello, "xhost localhost" on its own doesn't report any error message. If I become root using "su -" and then launch "gnome-ppp" it's working fine. But not sudo. Any idea? Thanks.

It should report something. At least on my rig when I run it I get a "localhost being added to access control list" to tell me that it is doing something.

Do you still have the xauth entry in your root's .bashrc the way HappyTux suggested? Since the - loads root's environment, that might explain why this works but sudo doesn't.

There are a couple of syntax differences for xhost that also might work. Try these and see if one works for sudo:

xhost +localhost
xhost +local:

Hello, I removed /root/.bashrc, I restarted and I tried again. When I run "xhost localhost" or one of your suggestions, I get: "localhost being added to access control list", but when I run "sudo gnome-ppp", I get the same error message :(

I found here: http://www.gnomefiles.org/comment.php?soft_id=41 that you can use "PAM" (6th comment). I tried it but it didn't work either :(

Removing .bashrc was certainly not needed. All you had to do was comment out the line you added. I also notice you do a lot of restarting. In general Linux doesn't need to do that and in this particular case it may be causing trouble. I know that restarting is the first thing to try in Windows when things don't work, but this isn't Windows.

Lets check on something. Try running (as your normal user) echo $DISPLAY. It should return :0.0, but if it doesn't it might be a clue.

Also have a read through this thread, particularly the last couple of posts. They seem to have solved the same problem you're having.

Thanks! Your link solved finally my problem, I just had to add to /etc/sudoers these 2 lines:

Damn, Linux is so difficult, there's so much stuff to learn and so little free time to dedicate to it :(

Great, I'm glad we finally figured it out.

To be honest, I don't know why this was so difficult. 99.9% of the time the first advice that HappyTux and I gave you works.