[blfs-dev] gparted, polkit and sudo

Fernando de Oliveira famobr at yahoo.com.br
Sat Dec 14 05:16:37 PST 2013


Have been following the discussion, at -support, where Armin solved a
problem with gparted: essentially, care must be taken when using
consolekit and polkit, to include support for Linux-PAM, if it is wanted
to run gparted from a menu (WM or DE).

Current instructions for gparted in the book seem incomplete and
modifications seem necessary. It is well-known that there are several
different approaches to get the job done. I introduced some comments in
last update to gparted-0.17.0, in this way, but by then, already felt
those had to be expanded.

What is the best thing to do?

I like to use

sudo -A /usr/sbin/gparted %f

Armin likes

pkexec /usr/sbin/gparted %f

There is gksu, kdesu and xdg-su, also.

Each solution will introduce dependency on other packages. The one I
like depends on openssl and sudo. Armin's prefence will include probably
Linux-PAM, consolekit, polkit, and alternatives polkit-gnome or
lxpolkit, cannot remember the respective ones for XFCE and KDE. Some
dependencies I listed could be dropped, because other already would pull
them, but at this stage, I don't care about this, only in the final stage.

BLFS is proud of leaving to the user the choices, so I am leaning to the
possibility of including at least Armin's approach and mine. Reasons I
want mine are many: simplicity, conceptually and in practice, and also,
it would be only available here, so it is kind a original and also
helpful, because it was difficult to find that in the web, bits here and
there.

However, for some reasons, Armin's approach probably needs to be
modified, to run in LXDE, I do not understand why. Ubuntu and Arch do
some modifications, and it could be they do it due to that difficulty. I
made it work along the lines of Arch (because it was easier to find the
instructions), but for the page, if somebody wants, we could try to use
Ubuntu's (probably Debian's) approach.

This job seems simple, but it is not for me, so I would like to be helped.

Below, some text from a message I sent to -support (did some corrections).

{{{
I like to use

sudo -A /usr/sbin/gparted %f

Have this in the desktop file, also. But it needs some configuration of sudo

cat > /etc/sudo.conf << "EOF"
# Path to askpass helper program
/usr/share/applications/gparted.desktop
EOF

and the ask-pass program from openssl for the x-dialog, as I included a
quick suggestion in gparted page.

Can use sudo -A for any graphical program, from an "execute" dialog
(present in lxde menu) or .desktop file. Just that sudo.conf
configuration will work for all. This is particularly more simple than
haven a polkit file for each package that needs rot privilege.

But wanted to understand the polkit way.

Can run from terminal

pkexec gparted

and get the x-dialog, all is fine.

But from a menu, nothing happens, no message in any log, including the
~/.x-errors.

Then, compared with

Ubuntu: /usr/bin/gparted-pkexec
ArchLinux: /usr/bin/gparted_polkit

Created as in Arch:

gparted.desktop: (many lines, with, below, the important one)
Exec=/usr/sbin/gparted_polkit %f

$ cat /usr/sbin/gparted_polkit
#!/bin/bash
if [ $(which pkexec) ]; then
    pkexec --disable-internal-agent "/usr/sbin/gparted" "$@"
else
    /usr/sbin/gparted "$@"
fi

# chmod -v 0755 /usr/sbin/gparted_polkit

This works. The polkit fle, of course, gives root privilege to gparted,
not to gparted_polkit.

Why is that, I do not know.

Another for pkexec to work is to change the .desktop installed by
gparted, if I change:

s/Terminal=false/Terminal=true/

But then, first, a x-terminal appears and then the x-dialog is launched.
}}}

-- 
[]s,
Fernando



More information about the blfs-dev mailing list