How to allow running notify-send as another user with pkexec?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
As continuation of this question (How can I send a notification with polkit 0.106?), I've discovered that I have to execute notify-send
as the user who I want to send notification.
But, with my current config, I can't do this, because polkit execute the script as polkitd
user, and I can't do su $user
without known user password.
By this reason, I need to create a new polkit action, to allow execute notify-send
as other user from polkitd.
My polkit rule is this:
polkit.addRule(function(action, subject)
if (action.id == "org.freedesktop.consolekit.system.stop" );
This polkit rule must lock shutdown option in shutdown menu, and shows a notification with notify-send
, with send_notify.sh
script, which execute this:
#!/bin/bash
export DISPLAY=":0"
user=$1
pkexec --user $user notify-send "Pendrive Reminder" "Shutdown lock enabled. Disconnect pendrive to enable shutdown" -u critical
exit 0
I tried to add this polkit policy file:
<policyconfig>
<action id="org.freedesktop.notify-send">
<description>Launch notify-send command</description>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/notify-send</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>
I put this file in /usr/share/polkit-1/actions/org.freedesktop.policykit.notify-send.policy
But, after put policy file in /usr/share/polkit-1/rules.d/
and press shutdown button, the shutdown menu took a long time to be showed, and notification didn't appeared. The shutdown option is locked correctly
How can I get that polkit can call notify-send from my script?
linux polkit notify-send
 |Â
show 8 more comments
up vote
2
down vote
favorite
As continuation of this question (How can I send a notification with polkit 0.106?), I've discovered that I have to execute notify-send
as the user who I want to send notification.
But, with my current config, I can't do this, because polkit execute the script as polkitd
user, and I can't do su $user
without known user password.
By this reason, I need to create a new polkit action, to allow execute notify-send
as other user from polkitd.
My polkit rule is this:
polkit.addRule(function(action, subject)
if (action.id == "org.freedesktop.consolekit.system.stop" );
This polkit rule must lock shutdown option in shutdown menu, and shows a notification with notify-send
, with send_notify.sh
script, which execute this:
#!/bin/bash
export DISPLAY=":0"
user=$1
pkexec --user $user notify-send "Pendrive Reminder" "Shutdown lock enabled. Disconnect pendrive to enable shutdown" -u critical
exit 0
I tried to add this polkit policy file:
<policyconfig>
<action id="org.freedesktop.notify-send">
<description>Launch notify-send command</description>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/notify-send</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>
I put this file in /usr/share/polkit-1/actions/org.freedesktop.policykit.notify-send.policy
But, after put policy file in /usr/share/polkit-1/rules.d/
and press shutdown button, the shutdown menu took a long time to be showed, and notification didn't appeared. The shutdown option is locked correctly
How can I get that polkit can call notify-send from my script?
linux polkit notify-send
Don't usesu $user -c
, try to allowpkexec --user $user notify-send
.
â mviereck
Feb 25 at 20:08
Ok, I'll try it
â AlmuHS
Feb 25 at 20:08
After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
â AlmuHS
Feb 25 at 20:15
Add this in your bash script:LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2)
. Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
â mviereck
Feb 25 at 20:56
@mviereck after add this in my script and press shutdown button, the log file is empty
â AlmuHS
Feb 25 at 21:04
 |Â
show 8 more comments
up vote
2
down vote
favorite
up vote
2
down vote
favorite
As continuation of this question (How can I send a notification with polkit 0.106?), I've discovered that I have to execute notify-send
as the user who I want to send notification.
But, with my current config, I can't do this, because polkit execute the script as polkitd
user, and I can't do su $user
without known user password.
By this reason, I need to create a new polkit action, to allow execute notify-send
as other user from polkitd.
My polkit rule is this:
polkit.addRule(function(action, subject)
if (action.id == "org.freedesktop.consolekit.system.stop" );
This polkit rule must lock shutdown option in shutdown menu, and shows a notification with notify-send
, with send_notify.sh
script, which execute this:
#!/bin/bash
export DISPLAY=":0"
user=$1
pkexec --user $user notify-send "Pendrive Reminder" "Shutdown lock enabled. Disconnect pendrive to enable shutdown" -u critical
exit 0
I tried to add this polkit policy file:
<policyconfig>
<action id="org.freedesktop.notify-send">
<description>Launch notify-send command</description>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/notify-send</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>
I put this file in /usr/share/polkit-1/actions/org.freedesktop.policykit.notify-send.policy
But, after put policy file in /usr/share/polkit-1/rules.d/
and press shutdown button, the shutdown menu took a long time to be showed, and notification didn't appeared. The shutdown option is locked correctly
How can I get that polkit can call notify-send from my script?
linux polkit notify-send
As continuation of this question (How can I send a notification with polkit 0.106?), I've discovered that I have to execute notify-send
as the user who I want to send notification.
But, with my current config, I can't do this, because polkit execute the script as polkitd
user, and I can't do su $user
without known user password.
By this reason, I need to create a new polkit action, to allow execute notify-send
as other user from polkitd.
My polkit rule is this:
polkit.addRule(function(action, subject)
if (action.id == "org.freedesktop.consolekit.system.stop" );
This polkit rule must lock shutdown option in shutdown menu, and shows a notification with notify-send
, with send_notify.sh
script, which execute this:
#!/bin/bash
export DISPLAY=":0"
user=$1
pkexec --user $user notify-send "Pendrive Reminder" "Shutdown lock enabled. Disconnect pendrive to enable shutdown" -u critical
exit 0
I tried to add this polkit policy file:
<policyconfig>
<action id="org.freedesktop.notify-send">
<description>Launch notify-send command</description>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/notify-send</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>
I put this file in /usr/share/polkit-1/actions/org.freedesktop.policykit.notify-send.policy
But, after put policy file in /usr/share/polkit-1/rules.d/
and press shutdown button, the shutdown menu took a long time to be showed, and notification didn't appeared. The shutdown option is locked correctly
How can I get that polkit can call notify-send from my script?
linux polkit notify-send
edited Feb 25 at 20:14
asked Feb 25 at 19:59
AlmuHS
1346
1346
Don't usesu $user -c
, try to allowpkexec --user $user notify-send
.
â mviereck
Feb 25 at 20:08
Ok, I'll try it
â AlmuHS
Feb 25 at 20:08
After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
â AlmuHS
Feb 25 at 20:15
Add this in your bash script:LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2)
. Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
â mviereck
Feb 25 at 20:56
@mviereck after add this in my script and press shutdown button, the log file is empty
â AlmuHS
Feb 25 at 21:04
 |Â
show 8 more comments
Don't usesu $user -c
, try to allowpkexec --user $user notify-send
.
â mviereck
Feb 25 at 20:08
Ok, I'll try it
â AlmuHS
Feb 25 at 20:08
After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
â AlmuHS
Feb 25 at 20:15
Add this in your bash script:LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2)
. Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
â mviereck
Feb 25 at 20:56
@mviereck after add this in my script and press shutdown button, the log file is empty
â AlmuHS
Feb 25 at 21:04
Don't use
su $user -c
, try to allow pkexec --user $user notify-send
.â mviereck
Feb 25 at 20:08
Don't use
su $user -c
, try to allow pkexec --user $user notify-send
.â mviereck
Feb 25 at 20:08
Ok, I'll try it
â AlmuHS
Feb 25 at 20:08
Ok, I'll try it
â AlmuHS
Feb 25 at 20:08
After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
â AlmuHS
Feb 25 at 20:15
After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
â AlmuHS
Feb 25 at 20:15
Add this in your bash script:
LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2)
. Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.â mviereck
Feb 25 at 20:56
Add this in your bash script:
LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2)
. Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.â mviereck
Feb 25 at 20:56
@mviereck after add this in my script and press shutdown button, the log file is empty
â AlmuHS
Feb 25 at 21:04
@mviereck after add this in my script and press shutdown button, the log file is empty
â AlmuHS
Feb 25 at 21:04
 |Â
show 8 more comments
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
After doing a few test, I got this results:
- polkitd is a nologin user
If I execute this command, to execute my script with polkitd user, shows an error:
sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu
Error executing command as another user: Not authorized
This incident has been reported.
So, I think that polkitd user is a limited account, who it can't execute commands as other user
As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
After doing a few test, I got this results:
- polkitd is a nologin user
If I execute this command, to execute my script with polkitd user, shows an error:
sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu
Error executing command as another user: Not authorized
This incident has been reported.
So, I think that polkitd user is a limited account, who it can't execute commands as other user
As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit
add a comment |Â
up vote
0
down vote
accepted
After doing a few test, I got this results:
- polkitd is a nologin user
If I execute this command, to execute my script with polkitd user, shows an error:
sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu
Error executing command as another user: Not authorized
This incident has been reported.
So, I think that polkitd user is a limited account, who it can't execute commands as other user
As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
After doing a few test, I got this results:
- polkitd is a nologin user
If I execute this command, to execute my script with polkitd user, shows an error:
sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu
Error executing command as another user: Not authorized
This incident has been reported.
So, I think that polkitd user is a limited account, who it can't execute commands as other user
As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit
After doing a few test, I got this results:
- polkitd is a nologin user
If I execute this command, to execute my script with polkitd user, shows an error:
sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu
Error executing command as another user: Not authorized
This incident has been reported.
So, I think that polkitd user is a limited account, who it can't execute commands as other user
As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit
edited Mar 24 at 15:50
answered Feb 27 at 7:12
AlmuHS
1346
1346
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f426525%2fhow-to-allow-running-notify-send-as-another-user-with-pkexec%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Don't use
su $user -c
, try to allowpkexec --user $user notify-send
.â mviereck
Feb 25 at 20:08
Ok, I'll try it
â AlmuHS
Feb 25 at 20:08
After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
â AlmuHS
Feb 25 at 20:15
Add this in your bash script:
LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2)
. Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.â mviereck
Feb 25 at 20:56
@mviereck after add this in my script and press shutdown button, the log file is empty
â AlmuHS
Feb 25 at 21:04