[Solved] How to make root-launcher for a non-sudo user?

johnywhy · 2018-07-30 00:53:42

Mint 19 xfce

i think the key is need a command to launch an program in a separate thread. How?

I want to enable a user who's not a member of sudo group to launch software with root privileges. When they run the launcher, they'll have to enter the root password . i know they can su at CLI, and run the software from there. But how to do it in a launcher?

This works at command-line, but terminal stays open until thunar is closed:

su - -c "thunar"

https://www.cyberciti.biz/open-source/c … rent-user/

To make it work for launcher, you have to enable "run in terminal", but then the terminal window stays open after you enter password. What's needed is:

- either a way to close the terminal immediately after pw entered. Ie, run program (thunar) out of process (ie asynchronous).
- or, a way to enter password without opening a terminal.

This doesn't run thunar out-of-process:

su - -c "thunar" ; exit

nor does this:

su - -c "thunar" &

this hangs:

nohup su - -c "thunar" &

this doesn't give me enough time to enter pw:

setsid su - -c "thunar"

this doesn't ask for pw:

su - -c "thunar" &disown

terminal closes after closing thunar, instead of immediately as desired:

exec su - -c "thunar"

Last edited by johnywhy (2018-07-30 19:16:09)

Misko_2083 · 2018-07-30 10:36:00

You should not run graphical applications with sudo or su.
There was gksu an gksudo for that.

Since gksu is deprecated people should switch to PolicyKit for access control.
pkexec is a standard way of runing programs as a different user and is part of polkit.

This will run thunar as root:

pkexec thunar

If does not run, you should create a file /usr/share/polkit-1/actions/com.mint.pkexec.thunar.policy
(but I think there should be something similar already in mint 19, check if there is thunar in the filename) with content

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
  <vendor>thunar</vendor>
  <vendor_url>thunar</vendor_url>
  <icon_name>thunar</icon_name>
  <action id="org.freedesktop.policykit.pkexec.thunar">
   <description>Run "thunar"</description>
   <message>Authentication is required to run Thunar</message>
   <defaults>
     <allow_any>auth_admin</allow_any>
     <allow_inactive>auth_admin</allow_inactive>
     <allow_active>auth_admin</allow_active>
   </defaults>
     <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/thunar</annotate>
     <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
   </action>  
</policyconfig>

This will work without the policy file, but will not write 'Authentication is required to run Thunar' in the password dialog message:

pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY thunar

johnywhy · 2018-07-30 19:10:01

great!

your simpler, first syntax works without a policy file.

pkexec thunar

Does that mean this syntax will work with ANY program, without a policy file?

thx

Last edited by johnywhy (2018-07-30 19:16:50)

Xfce Forum

Sub domains

#1 2018-07-30 00:53:42

[Solved] How to make root-launcher for a non-sudo user?

#2 2018-07-30 10:36:00

Re: [Solved] How to make root-launcher for a non-sudo user?

#3 2018-07-30 19:10:01

Re: [Solved] How to make root-launcher for a non-sudo user?

Board footer