Hi all,
Is there a way to make UI apps prompt for sudo password, instead of root password? I'm talking about the same thing as ubuntu does.
Thanks!
2009/7/2 Konstantin Svist fry.kun@gmail.com:
Is there a way to make UI apps prompt for sudo password, instead of root password? I'm talking about the same thing as ubuntu does.
Fedora uses polkit for that. At first I wasn't convinced how that was better than gksu or gksudo, but after learning to use policy kit this seems a lot more powerful and efficient.
suvayu ali wrote:
2009/7/2 Konstantin Svist fry.kun@gmail.com:
Is there a way to make UI apps prompt for sudo password, instead of root password? I'm talking about the same thing as ubuntu does.
Fedora uses polkit for that. At first I wasn't convinced how that was better than gksu or gksudo, but after learning to use policy kit this seems a lot more powerful and efficient.
Thanks! What's a good howto/quickstart for polkit in Fedora?
2009/7/2 Konstantin Svist fry.kun@gmail.com:
What's a good howto/quickstart for polkit in Fedora?
I didn't follow any howtos or guides, what I used to do was look at the "details" drop down thing on the dialogue that comes up when polkit asks for the root password. That should have the key that sets the permissions in that particular context. Now run polkit and look for that key and play around with it. Kinda lame I know, but fun and instructive "through experience". :)
For example I used to think the permissions for auto-mounts for external or internal disks will be under devices. But it is actually controlled by a key under HAL (can't confirm right now. @ work). If you think about it thats the more reasonable place for the key, after all auto-mounting is done by HAL. :P
I don't know how helpful this will be, but I enjoyed it. Good Luck and have fun tweaking. :)
suvayu ali wrote:
2009/7/2 Konstantin Svist fry.kun@gmail.com:
What's a good howto/quickstart for polkit in Fedora?
I didn't follow any howtos or guides, what I used to do was look at the "details" drop down thing on the dialogue that comes up when polkit asks for the root password. That should have the key that sets the permissions in that particular context. Now run polkit and look for that key and play around with it. Kinda lame I know, but fun and instructive "through experience". :)
For example I used to think the permissions for auto-mounts for external or internal disks will be under devices. But it is actually controlled by a key under HAL (can't confirm right now. @ work). If you think about it thats the more reasonable place for the key, after all auto-mounting is done by HAL. :P
I don't know how helpful this will be, but I enjoyed it. Good Luck and have fun tweaking. :)
So I've followed your advice and played around with it.
From what I can tell so far, polkit allows me to give permissions to a
user -- but it doesn't make them re-enter their password, a la sudo. Or am I missing something?
My thinking is that the user should be given access to the system settings, but implicitly warned about potential problems by the password prompt. More to the point, if the user were to download some [possibly malicious] program, it shouldn't have the user's permissions. With polkit permissions, the malicious program will have direct access to the system; in ubuntu/sudo, user will be asked for password, alerting them to the fact that system-wide changes are happening. sudo is a good example of what I want -- but I want it in GUI land
Am Donnerstag, den 02.07.2009, 13:31 -0700 schrieb Konstantin Svist:
Hi all,
Is there a way to make UI apps prompt for sudo password, instead of root password?
As already mentioned by Suvayu, we use PolicyKit nowadays. PolicyKit is way more secure, but it requires changes inside the application. In the past we used the usermode package which ships a program called consolehelper. It is legacy now, but still works nicely for your case.
Example: You want to run /usr/bin/foo with root privileges. The new command will be called foo-root, which only is a symbolic link to consolehelper:
$ cd /usr/bin $ ln -s consolehelper foo-root
consolehelper needs to know what to do when called as foo-root, so you need to create a file called foo-root in /etc/security/console.apps which could look like this:
USER=root PROGRAM=/usr/bin/foo SESSION=true FALLBACK=true
FALLBACK means that the program is executed as normal user if you do not enter the root pw. SESSION is needed for graphical stuff that connects to the X server.
Now we need to define the permissions to execute foo-root. This is handled by pam. Create /etc/pam.d/foo-root with the following content:
#%PAM-1.0 auth include config-util account include config-util session include config-util
This simply inherits the permissions from the system-config-* apps, take a look /etc/pam.d/config-util for details. You could extent the privileges by adding some more lines to the pam configuration file:
auth sufficient pam_wheel.so trust use_uid
This will allow all users in the group "wheel" to execute foo-root without entering password. You can specify the group with "group" parameter, e. g.
auth sufficient pam_wheel.so trust use_uid group=users
You can also limit this to a certain user only:
auth sufficient pam_wheel.so trust use_uid user=konstantin
If you decide to allow users to execute programs without entering the password, you should not inherit the permissions from config-util, because it contains
session optional pam_timestamp.so
pam_timestamp caches the root password for a certain time and puts a lock inside the systray to indicate you have root privileges. So everbody who is allowed to execute foo-root without password has root privileges afterwards. In this case do not inherit the config-util file but copy the lines you need to your pam configuration.
As you can see pam is very powerfull, you can authenticate against all pam modules there are. For example, you could even authenticate against an Windows active directory with the pam_smb module. There are no limits, extend the configuration for your needs. Who needs gksu or gnome-sudo?
Last but not least: Executing graphical programs as root always is a security risk. You can accidentally damage your system or somebody could abuse a programming error in the application to gain root privileges. So be warned!
Regards, Christoph
Hi Konstantin,
On Saturday 04 July 2009 01:48 AM, Konstantin Svist wrote:
So I've followed your advice and played around with it. From what I can tell so far, polkit allows me to give permissions to a user -- but it doesn't make them re-enter their password, a la sudo. Or am I missing something?
My thinking is that the user should be given access to the system settings, but implicitly warned about potential problems by the password prompt. More to the point, if the user were to download some [possibly malicious] program, it shouldn't have the user's permissions. With polkit permissions, the malicious program will have direct access to the system; in ubuntu/sudo, user will be asked for password, alerting them to the fact that system-wide changes are happening. sudo is a good example of what I want -- but I want it in GUI land
When you allow a user for some task, the constraints you specify like, must be in active session or local console or both should help you create stricter rules. However I am not sure if either of those prompts for the user's password. As for sudo being safer, I am not sure that is a valid argument, polkit shouldn't allow a downloaded program system-wide access. I am no expert, so can someone who understands this better please pitch in?
As for your point about the prompt warning the user, that might be a useful feature request. :)
Konstantin Svist wrote:
From what I can tell so far, polkit allows me to give permissions to a user -- but it doesn't make them re-enter their password, a la sudo. Or am I missing something?
Well, you can set one-shot authentication for the implicit ones, but somehow that feature is missing in the UI for per-user permissions.
Kevin Kofler