Issue: In TDE in MX18 (stretch) the MX Tools apps would open in TDE. In TDE in MX19 (buster) the MX Tools that need to run as root will not open in TDE. The behavior is click the menu item and nothing happens (e.g. do not get any prompts for password). MX Dev: “What does TDE Buster use to escalate permissions for their apps that need it?” “We did switch them to using a wrapper called mx-pkexec to keep the tools working on Buster after Debian removed gksu and went more to policykit-based privileges.” This isn’t huge, really just an annoyance, as I can login to Xfce to run any of the MX Tools I need... Example Menu Command: su-to-root -X -c mx-packageinstaller Copied mx-pkexec, su-to-root, and other called items below. I tried the example command, it seems to need a GUI, as it borks with 'wrong password' (when the root password is correct). Any thoughts would be really appreciated. Best, Michael Ref’s: https://forum.mxlinux.org/viewtopic.php?p=589003#p589003 michael@local [~]# cat /usr/bin/mx-pkexec #!/bin/bash # MX Linux pkexec wrapper to retain QT environment # Usage: # mx-pkexec mx-apps ... # original code by fehlix for MX-Linux if test "$EUID" != 0; then # normal user # wayland fix (chkboom) if [ x"$WAYLAND_DISPLAY" != "x" ] && [ -n "${WAYLAND_DISPLAY##/*}" ]; then WAYLAND_DISPLAY=$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY fi QTENV="${XDG_RUNTIME_DIR:-/tmp}/mx-pkexec-qtenv.$EUID.$PPID.$$. $RANDOM$RANDOM" if [ -f "$QTENV" ] ; then rm $QTENV fi umask 0022 touch "$QTENV" while IFS=$'\n' read -r ENV; do IFS='=' read PAR VAL < <(echo $ENV); echo "export $PAR=${VAL@Q}" >> $QTENV done < <(printenv | grep -E '^DESKTOP_SESSION|^KDE_FULL_SESSION=| ^LANG=|^LANGUAGE=|^LC_|^QT_|^XDG_SESSION_TYPE|^XDG_CURRENT_DESKTOP| ^WAYLAND_') echo "CURRENT_WORK_DIR='$PWD'" >> "$QTENV" chmod +r "$QTENV" pkexec /usr/bin/mx-pkexec "--qtenv" "$QTENV" "${@}" if [ -f "$QTENV" ] ; then rm $QTENV fi fi if test "$EUID" == 0; then # root user # set XDG_RUNTIME_DIR - do nothing if already set if [ x"$XDG_RUNTIME_DIR" = "x" ]; then XDG_RUNTIME_DIR=/run/user/0 export XDG_RUNTIME_DIR [ -d $XDG_RUNTIME_DIR ] || mkdir -p $XDG_RUNTIME_DIR chmod 700 $XDG_RUNTIME_DIR chown 0:0 $XDG_RUNTIME_DIR fi if [ "x$1" = "x--qtenv" ]; then QTENV="$2" shift shift if [ -f "$QTENV" -a "x$QTENV" != "x${QTENV#*/mx-pkexec-qtenv.}" ] ; then . "$QTENV" rm "$QTENV" cd "${CURRENT_WORK_DIR}" unset CURRENT_WORK_DIR fi PATH="/usr/local/bin:$PATH" fi # check if command is given within one parameter, split by eval in case [ $# == 1 ] && eval set "$@" RUN="$1" shift # check remaining parameter are quoted twice and do unquote [ $# != 0 ] && [ -z "${1##[\'\"]*}" ] && [ -z "${1%%*[\'\"]}" ] && eval set "$@" echo Starting "$RUN" "${@@Q}" command -v "$RUN" >/dev/null || { echo "mx-pkexec: Command '$RUN' not found"; exit 1; } exec "$RUN" "${@}" fi exit michael@local [~]# cat /usr/bin/su-to-root #!/bin/bash if test -r /etc/su-to-rootrc; then . /etc/su-to-rootrc fi if test -r ~/.su-to-rootrc; then . ~/.su-to-rootrc fi PRIV=root COMMAND= NEEDS=text gettext=$(which gettext 2>/dev/null) transl() { txt="$1"; shift; if [ -n "$gettext" ]; then txt="$(gettext su-to-root "$txt")"; fi printf "$txt" "$@" } eshell() { getent passwd $1 | cut -f7 -d: } usage () { transl 'usage: %s [-X] [-p <user>] -c <command> -c command: command to execute as a string (mandatory) -p <user>: user to switch to (default: root) -X: command is a X11 program\n' "$0" >&2 exit 1 } for i in "$@"; do case "$prev" in -p) PRIV="$i";; -c) COMMAND="$i";; -X) NEEDS="X11";; esac prev="$i" done if [ -z "$COMMAND" ] ; then usage; fi euid=$(id -u) privid=$(id -u $PRIV) if test "$euid" = "$privid"; then sh -c "$COMMAND" else case $NEEDS in text) if test "$euid" != 0; then transl 'About to execute %s.\n' "$COMMAND" transl 'This command needs %s privileges to be executed.\n' "$PRIV" fi PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin SHELL=`eshell $PRIV` case $SU_TO_ROOT_SU in sux) suname=sux; pwuser="$PRIV"; cmd='sux -p "$PRIV" "$COMMAND"';; sudo) suname=sudo;pwuser="$USER"; cmd='sudo -u "$PRIV" sh -c "$COMMAND"';; *) suname=su; pwuser="$PRIV"; cmd='su -p "$PRIV" -c "$COMMAND"';; esac transl 'Using %s...\n' "$suname" transl 'Enter %s password at prompt.\n' "$pwuser" yesexpr=$(locale yesexpr) while ! eval $cmd; do transl 'Incorrect password or command failed. Try again? (y/N)' read ans if echo "$ans" | perl -e "<> =~ /$yesexpr/ and exit(1);"; then exit 1 fi done;; X11) if test -z "$SU_TO_ROOT_X"; then if which gksu >/dev/null 2>&1 ; then SU_TO_ROOT_X=gksu if test "X$KDE_FULL_SESSION" = "Xtrue" ; then if which kdesu >/dev/null 2>&1 ; then SU_TO_ROOT_X=kdesu elif test -x /usr/lib/kde4/libexec/kdesu ; then SU_TO_ROOT_X=kde4su fi; fi; elif which kdesu >/dev/null 2>&1 ; then SU_TO_ROOT_X=kdesu elif test -x /usr/lib/kde4/libexec/kdesu ; then SU_TO_ROOT_X=kde4su elif which ktsuss >/dev/null 2>&1 ; then SU_TO_ROOT_X=ktsuss elif which sux >/dev/null 2>&1 ; then SU_TO_ROOT_X=sux else SU_TO_ROOT_X=su-to-root fi fi case $SU_TO_ROOT_X in gksu) gksu -u "$PRIV" "$COMMAND";; gksudo) gksudo -u "$PRIV" "$COMMAND";; kdesu) kdesu -u "$PRIV" "$COMMAND";; kdesudo) kdesudo -u "$PRIV" "$COMMAND";; kde4su) /usr/lib/kde4/libexec/kdesu -u "$PRIV" "$COMMAND";; ktsuss) ktsuss -u "$PRIV" "$COMMAND";; sux) env SU_TO_ROOT_SU=sux \ x-terminal-emulator -e su-to-root -p "$PRIV" -c "$COMMAND";; # As a last resort, open a new x-terminal-emulator and prompt for the password # Do not use -X here! *) x-terminal-emulator -e su-to-root -p "$PRIV" -c "$COMMAND";; esac;; esac fi michael@local [~]# which x-terminal-emulator /usr/bin/x-terminal-emulator michael@local [~]# ll /usr/bin/x-terminal-emulator lrwxrwxrwx 1 root root 37 May 30 22:29 /usr/bin/x-terminal-emulator -> /etc/alternatives/x-terminal-emulator michael@local [~]# ll /etc/alternatives/x-terminal-emulator lrwxrwxrwx 1 root root 31 May 30 22:29 /etc/alternatives/x-terminal-emulator -> /usr/bin/xfce4-terminal.wrapper michael@local [~]# ll /usr/bin/xfce4-terminal.wrapper -rwxr-xr-x 1 root root 1124 Aug 15 2019 /usr/bin/xfce4-terminal.wrapper michael@local [~]# cat /usr/bin/xfce4-terminal.wrapper #! /usr/bin/perl -w # # Terminal.wrapper - Debian terminal wrapper script # # Copyright (c) 2004-2005 os-cillation # while ($opt = shift(@ARGV)) { if ($opt eq '-display') { $arg = shift(@ARGV); push(@args, '--default-display', $arg); } elsif ($opt eq '-name') { $arg = shift(@ARGV); } elsif ($opt eq '-n') { $arg = shift(@ARGV); } elsif ($opt eq '-T' || $opt eq '-title') { push(@args, '--title', shift(@ARGV)); } elsif ($opt eq '-geometry') { $arg = shift(@ARGV); push(@args, "--geometry=$arg"); } elsif ($opt eq '-fn') { $arg = shift(@ARGV); } elsif ($opt eq '-fg') { $arg = shift(@ARGV); } elsif ($opt eq '-bg') { $arg = shift(@ARGV); } elsif ($opt eq '-tn') { $arg = shift(@ARGV); } elsif ($opt eq '-e') { $arg = shift(@ARGV); if (@ARGV) { push(@args, '-x', $arg, @ARGV); last; } else { push(@args, '-e', $arg); } last; } elsif ($opt eq '-h' || $opt eq '--help') { push(@args, '--help'); } } exec('xfce4-terminal',@args); michael@local [~]# which xfce4-terminal /usr/bin/xfce4-terminal michael@local [~]# ll /usr/bin/xfce4-terminal -rwxr-xr-x 1 root root 248384 Aug 15 2019 /usr/bin/xfce4-terminal michael@local [~]# michael@local [~/data/trash]# su-to-root -X -c mx-packageinstaller ==== AUTHENTICATING FOR org.mxlinux.mx-pkexec === Authentication is required to run this application Authenticating as: root Password: polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie ==== AUTHENTICATION FAILED === Error executing command as another user: Not authorized This incident has been reported. --------------------------------------------------------------------- To unsubscribe, e-mail: trinity-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx For additional commands, e-mail: trinity-users-help@xxxxxxxxxxxxxxxxxxxxxxxxxx Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
