Unable to execute GUI application as a different user using `pkexec`
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I have created following policy file at /usr/share/polkit-1/actions/com.xyz.xyz.policy
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<vendor>XYZ Technologies Inc.</vendor>
<vendor_url>http://www.xyz.com</vendor_url>
<action id="org.xyz.policykit.pkexec.run-xyz">
<description>Run XYZ</description>
<message>Authentication is required to run XYZ</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/xyz</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
</action>
</policyconfig>
and desktop file at /usr/local/share/applications/xyz-gui-root.desktop
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Name[en_in]=XYZ administrator (root)
Exec=pkexec xyz
Comment[en_IN]=Launches XYZ administrator
Name=XYZ administrator (root)
Comment=Launches XYZ administrator
Icon[en_IN]=/xyz/xyzroot.png
Icon=/xyz/xyzroot.png
When I search XYZ and run through Activity->Search, it doesn't show any activity, not even ask for password. But double clicking on xyz-gui-root.desktop file it works as expected with password authentication.
If I change
Exec=pkexec xyz
as
Exec=gnome-terminal -x pkexec xyz
it works fine with Activity->Search with authentication, but it opens a unwanted terminal.
What I am missing in above files? How can I avoid unwanted terminal to open with gnome-terminal entry? Is there any way to execute GUI application with authentication using pkexec or any other method like consolehelper?
Thanks in advance!
fedora gnome environment-variables authentication pkexec
asked Dec 16 '17 at 13:30
Nitinkumar Ambekar
1456
add a comment |Â
up vote
1
down vote
favorite
I have created following policy file at /usr/share/polkit-1/actions/com.xyz.xyz.policy
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<vendor>XYZ Technologies Inc.</vendor>
<vendor_url>http://www.xyz.com</vendor_url>
<action id="org.xyz.policykit.pkexec.run-xyz">
<description>Run XYZ</description>
<message>Authentication is required to run XYZ</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/xyz</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
</action>
</policyconfig>
and desktop file at /usr/local/share/applications/xyz-gui-root.desktop
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Name[en_in]=XYZ administrator (root)
Exec=pkexec xyz
Comment[en_IN]=Launches XYZ administrator
Name=XYZ administrator (root)
Comment=Launches XYZ administrator
Icon[en_IN]=/xyz/xyzroot.png
Icon=/xyz/xyzroot.png
When I search XYZ and run through Activity->Search, it doesn't show any activity, not even ask for password. But double clicking on xyz-gui-root.desktop file it works as expected with password authentication.
If I change
Exec=pkexec xyz
as
Exec=gnome-terminal -x pkexec xyz
it works fine with Activity->Search with authentication, but it opens a unwanted terminal.
What I am missing in above files? How can I avoid unwanted terminal to open with gnome-terminal entry? Is there any way to execute GUI application with authentication using pkexec or any other method like consolehelper?
Thanks in advance!
fedora gnome environment-variables authentication pkexec
asked Dec 16 '17 at 13:30
Nitinkumar Ambekar
1456
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have created following policy file at /usr/share/polkit-1/actions/com.xyz.xyz.policy
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<vendor>XYZ Technologies Inc.</vendor>
<vendor_url>http://www.xyz.com</vendor_url>
<action id="org.xyz.policykit.pkexec.run-xyz">
<description>Run XYZ</description>
<message>Authentication is required to run XYZ</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/xyz</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
</action>
</policyconfig>
and desktop file at /usr/local/share/applications/xyz-gui-root.desktop
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Name[en_in]=XYZ administrator (root)
Exec=pkexec xyz
Comment[en_IN]=Launches XYZ administrator
Name=XYZ administrator (root)
Comment=Launches XYZ administrator
Icon[en_IN]=/xyz/xyzroot.png
Icon=/xyz/xyzroot.png
When I search XYZ and run through Activity->Search, it doesn't show any activity, not even ask for password. But double clicking on xyz-gui-root.desktop file it works as expected with password authentication.
If I change
Exec=pkexec xyz
as
Exec=gnome-terminal -x pkexec xyz
it works fine with Activity->Search with authentication, but it opens a unwanted terminal.
What I am missing in above files? How can I avoid unwanted terminal to open with gnome-terminal entry? Is there any way to execute GUI application with authentication using pkexec or any other method like consolehelper?
Thanks in advance!
fedora gnome environment-variables authentication pkexec
asked Dec 16 '17 at 13:30
Nitinkumar Ambekar
1456
I have created following policy file at /usr/share/polkit-1/actions/com.xyz.xyz.policy
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<vendor>XYZ Technologies Inc.</vendor>
<vendor_url>http://www.xyz.com</vendor_url>
<action id="org.xyz.policykit.pkexec.run-xyz">
<description>Run XYZ</description>
<message>Authentication is required to run XYZ</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/xyz</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
</action>
</policyconfig>
and desktop file at /usr/local/share/applications/xyz-gui-root.desktop
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Name[en_in]=XYZ administrator (root)
Exec=pkexec xyz
Comment[en_IN]=Launches XYZ administrator
Name=XYZ administrator (root)
Comment=Launches XYZ administrator
Icon[en_IN]=/xyz/xyzroot.png
Icon=/xyz/xyzroot.png
When I search XYZ and run through Activity->Search, it doesn't show any activity, not even ask for password. But double clicking on xyz-gui-root.desktop file it works as expected with password authentication.
If I change
Exec=pkexec xyz
as
Exec=gnome-terminal -x pkexec xyz
it works fine with Activity->Search with authentication, but it opens a unwanted terminal.
What I am missing in above files? How can I avoid unwanted terminal to open with gnome-terminal entry? Is there any way to execute GUI application with authentication using pkexec or any other method like consolehelper?
Thanks in advance!
fedora gnome environment-variables authentication pkexec
asked Dec 16 '17 at 13:30
Nitinkumar Ambekar
1456
asked Dec 16 '17 at 13:30
Nitinkumar Ambekar
1456
asked Dec 16 '17 at 13:30
Nitinkumar Ambekar
1456
asked Dec 16 '17 at 13:30
Nitinkumar Ambekar
1456
1456
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
The complete answer for my question is here. In short:
1) Create a shell script as /usr/local/bin/foo.sh:
#!/bin/sh
pkexec "/usr/sbin/foo" "$@"
2) Give executable permission to above script:
chmod +x /usr/local/bin/foo.sh
3) If you are using .desktop file, change Exec value as:
Exec=/usr/local/bin/foo.sh
4) Make sure that your policy file in /usr/share/polkit-1/actions/ has following entry to allow GUI:
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
Thats it!
answered Dec 18 '17 at 10:15
Nitinkumar Ambekar
1456
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
The complete answer for my question is here. In short:
1) Create a shell script as /usr/local/bin/foo.sh:
#!/bin/sh
pkexec "/usr/sbin/foo" "$@"
2) Give executable permission to above script:
chmod +x /usr/local/bin/foo.sh
3) If you are using .desktop file, change Exec value as:
Exec=/usr/local/bin/foo.sh
4) Make sure that your policy file in /usr/share/polkit-1/actions/ has following entry to allow GUI:
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
Thats it!
answered Dec 18 '17 at 10:15
Nitinkumar Ambekar
1456
add a comment |Â
up vote
1
down vote
accepted
The complete answer for my question is here. In short:
1) Create a shell script as /usr/local/bin/foo.sh:
#!/bin/sh
pkexec "/usr/sbin/foo" "$@"
2) Give executable permission to above script:
chmod +x /usr/local/bin/foo.sh
3) If you are using .desktop file, change Exec value as:
Exec=/usr/local/bin/foo.sh
4) Make sure that your policy file in /usr/share/polkit-1/actions/ has following entry to allow GUI:
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
Thats it!
answered Dec 18 '17 at 10:15
Nitinkumar Ambekar
1456
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
The complete answer for my question is here. In short:
1) Create a shell script as /usr/local/bin/foo.sh:
#!/bin/sh
pkexec "/usr/sbin/foo" "$@"
2) Give executable permission to above script:
chmod +x /usr/local/bin/foo.sh
3) If you are using .desktop file, change Exec value as:
Exec=/usr/local/bin/foo.sh
4) Make sure that your policy file in /usr/share/polkit-1/actions/ has following entry to allow GUI:
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
Thats it!
answered Dec 18 '17 at 10:15
Nitinkumar Ambekar
1456
The complete answer for my question is here. In short:
1) Create a shell script as /usr/local/bin/foo.sh:
#!/bin/sh
pkexec "/usr/sbin/foo" "$@"
2) Give executable permission to above script:
chmod +x /usr/local/bin/foo.sh
3) If you are using .desktop file, change Exec value as:
Exec=/usr/local/bin/foo.sh
4) Make sure that your policy file in /usr/share/polkit-1/actions/ has following entry to allow GUI:
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
Thats it!
answered Dec 18 '17 at 10:15
Nitinkumar Ambekar
1456
answered Dec 18 '17 at 10:15
Nitinkumar Ambekar
1456
answered Dec 18 '17 at 10:15
Nitinkumar Ambekar
1456
answered Dec 18 '17 at 10:15
Nitinkumar Ambekar
1456
1456
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f411251%2funable-to-execute-gui-application-as-a-different-user-using-pkexec%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
