Page 1 of 8 123 ... LastLast
Results 1 to 10 of 71

Thread: Using pkexec

  1. #1
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    8,454
    Distro
    Ubuntu Development Release

    Using pkexec

    I have opened this thread because gksu is depreciated and as some of us are finding out gksu sometimes gets broken for some of us. I am now thinking that it is sensible to switch to using pkexec. It is not a replacement for gksu but it can be used to give root privileges to certain applications but we need to create a policy file for those applications.

    Ubuntu comes with a set of policies and we find them in /usr/share/polkit-1/actions/. We can follow the pattern used in those policies to create policies ourselves. This is a policy for Gedit that someone in U+1 provided about a year ago. So, I am not claiming credit for this.

    1) create this file

    /usr/share/polkit-1/actions/com.ubuntu.gedit.policy

    2) put in the file this code

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE policyconfig PUBLIC
     "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
    <policyconfig>
      <vendor>gedit</vendor>
      <vendor_url>gedit</vendor_url>
      <icon_name>accessories-text-editor</icon_name>
      <action id="org.freedesktop.policykit.pkexec.gedit">
       <description>Run "gedit"</description>
       <message>Authentication is required to run Text Editor</message>
       <defaults>
         <allow_any>auth_admin</allow_any>
         <allow_inactive>auth_admin</allow_inactive>
         <allow_active>auth_admin</allow_active>
       </defaults>
         <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gedit</annotate>
         <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
       </action>  
    </policyconfig>
    Now we can launch Gedit with root privileges using
    Code:
    pkexec gedit
    By following that pattern I have come up with this for nautilus

    File name /usr/share/polkit-1/actions/com.ubuntu.nautilus.policy
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE policyconfig PUBLIC
     "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
    <policyconfig>
      <vendor>nautilus</vendor>
      <vendor_url>nautilus</vendor_url>
      <icon_name>system-file-manager</icon_name>
      <action id="org.freedesktop.policykit.pkexec.nautilus">
       <description>Run "nautilus"</description>
       <message>Authentication is required to run File Manager</message>
       <defaults>
         <allow_any>auth_admin</allow_any>
         <allow_inactive>auth_admin</allow_inactive>
         <allow_active>auth_admin</allow_active>
       </defaults>
         <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/nautilus/annotate>
         <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
       </action>  
    </policyconfig>
    Code:
    pkexec nautilus
    Make use of it if you will and add to the thread any policies that you come up with that would be useful to a Ubuntu development tester.

    Regards
    Last edited by grahammechanical; May 23rd, 2014 at 11:42 PM.
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


  2. #2
    Join Date
    May 2007
    Location
    The New Forest
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Using pkexec

    should
    <annotate key="org.freedesktop.policykit.exec.allow_gui">tru e</annotate>
    be
    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
    Just mentioning that.

    Playing with one for mousepad - got an issue, will look later when I've more time

    Code:
    pkexec mousepad
    
    (mousepad:4380): Mousepad-ERROR **: Cannot open display: 
    Trace/breakpoint trap
    Edit thunar gets the same Cannot open display error
    Thanks for thinking about a thread for this
    Last edited by Elfy; May 23rd, 2014 at 07:57 PM.

  3. #3
    Join Date
    Oct 2008
    Location
    ExodusHair<Čubura
    Beans
    4,310
    Distro
    Ubuntu Development Release

    Re: Using pkexec

    You've made me play with pkexec (Trusty is the onla version I have at hand here where i am) and:
    Code:
    pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gedit /etc/rc.local
    works where else I get
    Code:
    ~$ pkexec gedit /etc/rc.local
    error: XDG_RUNTIME_DIR not set in the environment.
    Unable to init server: Could not connect: Connection refused
    (gedit:30178): Gtk-WARNING **: cannot open display:
    ...
    Will investigate further, working line I derived from reading manual...
    Update₁:
    Alias:
    Code:
    alias pkx='pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $i'
    works nicely
    Code:
    pkx gedit /etc/rc.local
    without significant changes (better to say witout any) to any system files...
    This would be my contribution to: „Using pkexec“...
    Update₂:
    Code:
    ~$ pkx nautilus
    (nautilus:1236): Gtk-WARNING **: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
    Nautilus-Share-Message: Called "net usershare info" but it failed: 'net usershare' returned error 255: net usershare: cannot open usershare directory /var/lib/samba/usershares. Error No such file or directory
    Please ask your system administrator to enable user sharing.
    (No Samba installed on this machine with reason...)
    Code:
    ~$ gksu nautilus
    like knife through butter...
    Last edited by zika; May 23rd, 2014 at 08:16 PM.

  4. #4
    Join Date
    Jun 2007
    Beans
    14,208

    Re: Using pkexec

    @ grahammechanical -
    As mentioned before it's better practice if posting something for others to copy to use a code box instead of quote so you maintain formatting
    May not matter in this case, eventually will, - as ex. this is the policy I've included in nautilus's source for some time -

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE policyconfig PUBLIC
     "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
    <policyconfig>
    
      <action id="com.ubuntu.pkexec.nautilus">
        <message gettext-domain="nautilus">Authentication is required to run nautilus as root</message>
        <icon_name>system-file-manager</icon_name>
        <defaults>
          <allow_any>no</allow_any>
          <allow_inactive>no</allow_inactive>
          <allow_active>auth_admin</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/nautilus</annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
      </action>
    
    </policyconfig>
    As far as a failure "open display:", that sometimes happens on 1st use. A reboot should resolve.
    The "Nautilus-Share-Message" message is from having nautilus-share installed & sharing not set up. The package can be removed if not using.

    The 'The name org.gnome.SessionManager was not provided by any .service files' message is somewhat common & of no importance.
    Last edited by mc4man; May 23rd, 2014 at 08:38 PM. Reason: spell

  5. #5
    Join Date
    Sep 2010
    Location
    Beta Testing in Canada
    Beans
    6,691
    Distro
    Ubuntu Development Release

    Re: Using pkexec

    Quote Originally Posted by grahammechanical View Post
    I have opened this thread because gksu is depreciated and as some of us are finding out gksu sometimes gets broken for some of us. I am now thinking that it is sensible to switch to using pkexec. It is not a replacement for gksu but it can be used to give root privileges to certain applications but we need to create a policy file for those applications.

    Ubuntu comes with a set of policies and we find them in /usr/share/polkit-1/actions/. We can follow the pattern used in those policies to create policies ourselves. This is a policy for Gedit that someone in U+1 provided about a year ago. So, I am not claiming credit for this.

    1) create this file

    /usr/share/polkit-1/actions/com.ubuntu.gedit.policy

    2) put in the file this code

    Now we can launch Gedit with root privileges using

    No there..

    Code:
    ventrical@ventrical-desktop:~$ pkexec gedit
    error: XDG_RUNTIME_DIR not set in the environment.
    
    (gedit:4518): Gtk-WARNING **: cannot open display: 
    ventrical@ventrical-desktop:~$
    but I'll edit..and try again.
    This is Rolling Release
    Warnings for New Beta Testers& Helpful Terminal Commands:
    Running W. Werewolf /dev/@ 4.05GHz64bit/ onE8400 Core2Duo-Wolfdale+Howler

  6. #6
    Join Date
    Sep 2010
    Location
    Beta Testing in Canada
    Beans
    6,691
    Distro
    Ubuntu Development Release

    Re: Using pkexec

    Quote Originally Posted by mc4man View Post
    @ grahammechanical -
    As mentioned before it's better practice if posting something for others to copy to use a code box instead of quote so you maintain formatting
    May not matter in this case, eventually will, - as ex. this is the policy I've included in nautilus's source for some time -

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE policyconfig PUBLIC
     "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
    <policyconfig>
    
      <action id="com.ubuntu.pkexec.nautilus">
        <message gettext-domain="nautilus">Authentication is required to run nautilus as root</message>
        <icon_name>system-file-manager</icon_name>
        <defaults>
          <allow_any>no</allow_any>
          <allow_inactive>no</allow_inactive>
          <allow_active>auth_admin</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/nautilus</annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
      </action>
    
    </policyconfig>
    As far as a failure "open display:", that sometimes happens on 1st use. A reboot should resolve.
    The "Nautilus-Share-Message" message is from having nautilus-share installed & sharing not set up. The package can be removed if not using.

    The 'The name org.gnome.SessionManager was not provided by any .service files' message is somewhat common & of no importance.

    This works just as well as gksu.

    @graham,

    Thanks for researching this and making a thread of it.

    Regards.
    This is Rolling Release
    Warnings for New Beta Testers& Helpful Terminal Commands:
    Running W. Werewolf /dev/@ 4.05GHz64bit/ onE8400 Core2Duo-Wolfdale+Howler

  7. #7
    Join Date
    Oct 2008
    Location
    ExodusHair<Čubura
    Beans
    4,310
    Distro
    Ubuntu Development Release

    Re: Using pkexec

    Quote Originally Posted by ventrical View Post
    Code:
    ventrical@ventrical-desktop:~$ pkexec gedit
    error: XDG_RUNTIME_DIR not set in the environment.
    
    (gedit:4518): Gtk-WARNING **: cannot open display: 
    ventrical@ventrical-desktop:~$
    but I'll edit..and try again.
    Did You try before any editing
    Code:
    pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gedit
    ...?
    (As I've suggested above...)

  8. #8
    Join Date
    May 2007
    Location
    The New Forest
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Using pkexec

    Got thunar and mousepad now
    Mousepad
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE policyconfig PUBLIC
     "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
    <policyconfig>
    
      <action id="com.ubuntu.pkexec.mousepad">
        <message gettext-domain="mousepad">Authentication is required to run mousepad as root</message>
        <icon_name>Text Editor</icon_name>
        <defaults>
          <allow_any>no</allow_any>
          <allow_inactive>no</allow_inactive>
          <allow_active>auth_admin</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/mousepad</annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
      </action>
    
    </policyconfig>
    Thunar
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE policyconfig PUBLIC
     "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
    <policyconfig>
    
      <action id="com.ubuntu.pkexec.thunar">
        <message gettext-domain="thunar">Authentication is required to run thunar as root</message>
        <icon_name>system-file-manager</icon_name>
        <defaults>
          <allow_any>no</allow_any>
          <allow_inactive>no</allow_inactive>
          <allow_active>auth_admin</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/thunar</annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
      </action>
    
    </policyconfig>

  9. #9
    Join Date
    Sep 2010
    Location
    Beta Testing in Canada
    Beans
    6,691
    Distro
    Ubuntu Development Release

    Re: Using pkexec

    Quote Originally Posted by zika View Post
    Did You try before any editing
    Code:
    pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gedit
    ...?
    (As I've suggested above...)
    I didn't see that. That's perfect .. and no verbose msgs either after I closed open gedit. That's all I really need in most cases.

    Code:
    
    
    ventrical@ventrical-desktop:~$ pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gedit
    ventrical@ventrical-desktop:~$
    This is Rolling Release
    Warnings for New Beta Testers& Helpful Terminal Commands:
    Running W. Werewolf /dev/@ 4.05GHz64bit/ onE8400 Core2Duo-Wolfdale+Howler

  10. #10
    Join Date
    Sep 2010
    Location
    Beta Testing in Canada
    Beans
    6,691
    Distro
    Ubuntu Development Release

    Re: Using pkexec

    I made it executable and now all I have to do is enter ,

    Code:
    rootgedit
    in terminal . (That is what I named the file). But you have to do this first..

    Code:
    ventrical@ventrical-desktop:~$ sudo chmod +x /usr/local/bin/rootgedit
    ##makes the text file rootgedit executable
    
    [sudo] password for ventrical: 
    ventrical@ventrical-desktop:~$ sudo updatedb
    ##updates the datatbase
    
    ventrical@ventrical-desktop:~$ rootgedit
    ## executes  the terminal code 
    
    
    ventrical@ventrical-desktop:~$

    Simply , rootgedit executes,

    Code:
    pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gedit
    Last edited by ventrical; May 23rd, 2014 at 10:50 PM.
    This is Rolling Release
    Warnings for New Beta Testers& Helpful Terminal Commands:
    Running W. Werewolf /dev/@ 4.05GHz64bit/ onE8400 Core2Duo-Wolfdale+Howler

Page 1 of 8 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •