How to allow running notify-send as another user with pkexec?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite
2












As continuation of this question (How can I send a notification with polkit 0.106?), I've discovered that I have to execute notify-send as the user who I want to send notification.



But, with my current config, I can't do this, because polkit execute the script as polkitd user, and I can't do su $user without known user password.



By this reason, I need to create a new polkit action, to allow execute notify-send as other user from polkitd.



My polkit rule is this:



polkit.addRule(function(action, subject) 
if (action.id == "org.freedesktop.consolekit.system.stop" );


This polkit rule must lock shutdown option in shutdown menu, and shows a notification with notify-send, with send_notify.sh script, which execute this:



#!/bin/bash

export DISPLAY=":0"

user=$1
pkexec --user $user notify-send "Pendrive Reminder" "Shutdown lock enabled. Disconnect pendrive to enable shutdown" -u critical

exit 0


I tried to add this polkit policy file:



<policyconfig>
<action id="org.freedesktop.notify-send">
<description>Launch notify-send command</description>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/notify-send</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>


I put this file in /usr/share/polkit-1/actions/org.freedesktop.policykit.notify-send.policy



But, after put policy file in /usr/share/polkit-1/rules.d/ and press shutdown button, the shutdown menu took a long time to be showed, and notification didn't appeared. The shutdown option is locked correctly



How can I get that polkit can call notify-send from my script?







share|improve this question






















  • Don't use su $user -c, try to allow pkexec --user $user notify-send.
    – mviereck
    Feb 25 at 20:08










  • Ok, I'll try it
    – AlmuHS
    Feb 25 at 20:08










  • After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
    – AlmuHS
    Feb 25 at 20:15










  • Add this in your bash script: LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2). Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
    – mviereck
    Feb 25 at 20:56











  • @mviereck after add this in my script and press shutdown button, the log file is empty
    – AlmuHS
    Feb 25 at 21:04















up vote
2
down vote

favorite
2












As continuation of this question (How can I send a notification with polkit 0.106?), I've discovered that I have to execute notify-send as the user who I want to send notification.



But, with my current config, I can't do this, because polkit execute the script as polkitd user, and I can't do su $user without known user password.



By this reason, I need to create a new polkit action, to allow execute notify-send as other user from polkitd.



My polkit rule is this:



polkit.addRule(function(action, subject) 
if (action.id == "org.freedesktop.consolekit.system.stop" );


This polkit rule must lock shutdown option in shutdown menu, and shows a notification with notify-send, with send_notify.sh script, which execute this:



#!/bin/bash

export DISPLAY=":0"

user=$1
pkexec --user $user notify-send "Pendrive Reminder" "Shutdown lock enabled. Disconnect pendrive to enable shutdown" -u critical

exit 0


I tried to add this polkit policy file:



<policyconfig>
<action id="org.freedesktop.notify-send">
<description>Launch notify-send command</description>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/notify-send</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>


I put this file in /usr/share/polkit-1/actions/org.freedesktop.policykit.notify-send.policy



But, after put policy file in /usr/share/polkit-1/rules.d/ and press shutdown button, the shutdown menu took a long time to be showed, and notification didn't appeared. The shutdown option is locked correctly



How can I get that polkit can call notify-send from my script?







share|improve this question






















  • Don't use su $user -c, try to allow pkexec --user $user notify-send.
    – mviereck
    Feb 25 at 20:08










  • Ok, I'll try it
    – AlmuHS
    Feb 25 at 20:08










  • After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
    – AlmuHS
    Feb 25 at 20:15










  • Add this in your bash script: LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2). Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
    – mviereck
    Feb 25 at 20:56











  • @mviereck after add this in my script and press shutdown button, the log file is empty
    – AlmuHS
    Feb 25 at 21:04













up vote
2
down vote

favorite
2









up vote
2
down vote

favorite
2






2





As continuation of this question (How can I send a notification with polkit 0.106?), I've discovered that I have to execute notify-send as the user who I want to send notification.



But, with my current config, I can't do this, because polkit execute the script as polkitd user, and I can't do su $user without known user password.



By this reason, I need to create a new polkit action, to allow execute notify-send as other user from polkitd.



My polkit rule is this:



polkit.addRule(function(action, subject) 
if (action.id == "org.freedesktop.consolekit.system.stop" );


This polkit rule must lock shutdown option in shutdown menu, and shows a notification with notify-send, with send_notify.sh script, which execute this:



#!/bin/bash

export DISPLAY=":0"

user=$1
pkexec --user $user notify-send "Pendrive Reminder" "Shutdown lock enabled. Disconnect pendrive to enable shutdown" -u critical

exit 0


I tried to add this polkit policy file:



<policyconfig>
<action id="org.freedesktop.notify-send">
<description>Launch notify-send command</description>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/notify-send</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>


I put this file in /usr/share/polkit-1/actions/org.freedesktop.policykit.notify-send.policy



But, after put policy file in /usr/share/polkit-1/rules.d/ and press shutdown button, the shutdown menu took a long time to be showed, and notification didn't appeared. The shutdown option is locked correctly



How can I get that polkit can call notify-send from my script?







share|improve this question














As continuation of this question (How can I send a notification with polkit 0.106?), I've discovered that I have to execute notify-send as the user who I want to send notification.



But, with my current config, I can't do this, because polkit execute the script as polkitd user, and I can't do su $user without known user password.



By this reason, I need to create a new polkit action, to allow execute notify-send as other user from polkitd.



My polkit rule is this:



polkit.addRule(function(action, subject) 
if (action.id == "org.freedesktop.consolekit.system.stop" );


This polkit rule must lock shutdown option in shutdown menu, and shows a notification with notify-send, with send_notify.sh script, which execute this:



#!/bin/bash

export DISPLAY=":0"

user=$1
pkexec --user $user notify-send "Pendrive Reminder" "Shutdown lock enabled. Disconnect pendrive to enable shutdown" -u critical

exit 0


I tried to add this polkit policy file:



<policyconfig>
<action id="org.freedesktop.notify-send">
<description>Launch notify-send command</description>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/notify-send</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>


I put this file in /usr/share/polkit-1/actions/org.freedesktop.policykit.notify-send.policy



But, after put policy file in /usr/share/polkit-1/rules.d/ and press shutdown button, the shutdown menu took a long time to be showed, and notification didn't appeared. The shutdown option is locked correctly



How can I get that polkit can call notify-send from my script?









share|improve this question













share|improve this question




share|improve this question








edited Feb 25 at 20:14

























asked Feb 25 at 19:59









AlmuHS

1346




1346











  • Don't use su $user -c, try to allow pkexec --user $user notify-send.
    – mviereck
    Feb 25 at 20:08










  • Ok, I'll try it
    – AlmuHS
    Feb 25 at 20:08










  • After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
    – AlmuHS
    Feb 25 at 20:15










  • Add this in your bash script: LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2). Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
    – mviereck
    Feb 25 at 20:56











  • @mviereck after add this in my script and press shutdown button, the log file is empty
    – AlmuHS
    Feb 25 at 21:04

















  • Don't use su $user -c, try to allow pkexec --user $user notify-send.
    – mviereck
    Feb 25 at 20:08










  • Ok, I'll try it
    – AlmuHS
    Feb 25 at 20:08










  • After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
    – AlmuHS
    Feb 25 at 20:15










  • Add this in your bash script: LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2). Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
    – mviereck
    Feb 25 at 20:56











  • @mviereck after add this in my script and press shutdown button, the log file is empty
    – AlmuHS
    Feb 25 at 21:04
















Don't use su $user -c, try to allow pkexec --user $user notify-send.
– mviereck
Feb 25 at 20:08




Don't use su $user -c, try to allow pkexec --user $user notify-send.
– mviereck
Feb 25 at 20:08












Ok, I'll try it
– AlmuHS
Feb 25 at 20:08




Ok, I'll try it
– AlmuHS
Feb 25 at 20:08












After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
– AlmuHS
Feb 25 at 20:15




After change this, the problem continues. Shutdown menu takes around 10 seconds in be showed, and notification isn't showed
– AlmuHS
Feb 25 at 20:15












Add this in your bash script: LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2). Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
– mviereck
Feb 25 at 20:56





Add this in your bash script: LOG_FILE=/tmp/script.log ; exec > >(tee -a $LOG_FILE ) ; exec 2> >(tee -a $LOG_FILE >&2). Check the log file afterwards to see possible error messages. Btw.: use @mviereck if you adress me, than I get a notification.
– mviereck
Feb 25 at 20:56













@mviereck after add this in my script and press shutdown button, the log file is empty
– AlmuHS
Feb 25 at 21:04





@mviereck after add this in my script and press shutdown button, the log file is empty
– AlmuHS
Feb 25 at 21:04











1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted










After doing a few test, I got this results:



  • polkitd is a nologin user


  • If I execute this command, to execute my script with polkitd user, shows an error:



    sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu



    Error executing command as another user: Not authorized



    This incident has been reported.



So, I think that polkitd user is a limited account, who it can't execute commands as other user



As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit






share|improve this answer






















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f426525%2fhow-to-allow-running-notify-send-as-another-user-with-pkexec%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote



    accepted










    After doing a few test, I got this results:



    • polkitd is a nologin user


    • If I execute this command, to execute my script with polkitd user, shows an error:



      sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu



      Error executing command as another user: Not authorized



      This incident has been reported.



    So, I think that polkitd user is a limited account, who it can't execute commands as other user



    As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit






    share|improve this answer


























      up vote
      0
      down vote



      accepted










      After doing a few test, I got this results:



      • polkitd is a nologin user


      • If I execute this command, to execute my script with polkitd user, shows an error:



        sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu



        Error executing command as another user: Not authorized



        This incident has been reported.



      So, I think that polkitd user is a limited account, who it can't execute commands as other user



      As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit






      share|improve this answer
























        up vote
        0
        down vote



        accepted







        up vote
        0
        down vote



        accepted






        After doing a few test, I got this results:



        • polkitd is a nologin user


        • If I execute this command, to execute my script with polkitd user, shows an error:



          sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu



          Error executing command as another user: Not authorized



          This incident has been reported.



        So, I think that polkitd user is a limited account, who it can't execute commands as other user



        As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit






        share|improve this answer














        After doing a few test, I got this results:



        • polkitd is a nologin user


        • If I execute this command, to execute my script with polkitd user, shows an error:



          sudo su polkitd -s /bin/bash -c aux_scripts/send_notify.sh almu



          Error executing command as another user: Not authorized



          This incident has been reported.



        So, I think that polkitd user is a limited account, who it can't execute commands as other user



        As a conclusion, I determine that this action isn't possible to do without modify system internal. I can't allow this in my application, so I can't launch commands as another user from polkit







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Mar 24 at 15:50

























        answered Feb 27 at 7:12









        AlmuHS

        1346




        1346






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f426525%2fhow-to-allow-running-notify-send-as-another-user-with-pkexec%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?