Menu
I'm building a Gnome shell extension, and I want to be able to do some things with escalated privileges. So, I'm thinking I need to use "policy kit", but I don't know how to do go about doing this.
So, say I wanted to do something like ifconfig eth0 down or ifconfig eth0 up
I can run from the terminal: pkexec ifconfig eth0 down and it will prompt for a password and then do it.
But, how am I supposed to do it from inside an extension?
I'm pretty sure it has something to do with making a file in /usr/share/polkit-1/actions, but I can't find anything on the internet or otherwise.
I want to be able to set it up so that there is no need for a password to be typed in, and the extension can just run the certain command whenever.
I know that it is a really bad idea to allow any command to be run. That is not what I am asking for, I want to be able to just run a single program/command.
EDIT: I'm not sure, but I think it might be impossible for there to be no need to type in a password. I just know that sudo doesn't ask for the password for a while after the first time, so I kind of want similar functionality. Not sure what possible.
208
On Linux, this is typically done via the sudo (Super User DO) command that enables condition-based privilege elevation for user accounts.
Privilege escalation is the process of elevating your permission level, by switching from one user to another one and gain more privileges. For example, a normal user on Linux can become root or get the same permissions as root. This can be authorized usage, with the use of the su or sudo command.
Executive summary. Red Hat is aware of a vulnerability found in pkexec that allows an authenticated user to perform a privilege escalation attack. The polkit package is designed to define and handle policies that allow unprivileged processes to communicate with privileged processes on a Linux system.
Polkit (formerly PolicyKit) is an application-level toolkit for managing access privileges in UNIX/LINUX-based systems. Polkit defines the security policies needed to handle unprivileged and privileged processes communications.
It's a long time since I didn't work with PolicyKit, but from what I remember, you have indeed to create a file in the actions/ directory, with contents like :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<action id="org.freedesktop.policykit.pkexec.run-ifconfig">
<description>Configure network</description>
<message>Authentication is required to set ifconfig parameters</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>...</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/sbin/ifconfig</annotate>
</action>
</policyconfig>
You have to change the value in :
<allow_active>...</allow_active>
To the value you want. Selecting a value of :
Changing the allow_active key's value to "yes" should stop the authentication demands.
Then you need to adapt the action file to your needs and to call it.
Hugo,
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
