Anno domini 2020 Wed, 29 Jul 09:39:46 -0500 Michael scripsit: > Issue: > In TDE in MX18 (stretch) the MX Tools apps would open in TDE. > > In TDE in MX19 (buster) the MX Tools that need to run as root will not open in > TDE. The behavior is click the menu item and nothing happens (e.g. do not > get any prompts for password). > > MX Dev: > “What does TDE Buster use to escalate permissions for their apps that need > it?” > “We did switch them to using a wrapper called mx-pkexec to keep the tools > working on Buster after Debian removed gksu and went more to policykit-based > privileges.” IMO it's "tdesu" Nik > > This isn’t huge, really just an annoyance, as I can login to Xfce to run any > of the MX Tools I need... > > Example Menu Command: > su-to-root -X -c mx-packageinstaller > > Copied mx-pkexec, su-to-root, and other called items below. > > I tried the example command, it seems to need a GUI, as it borks with 'wrong > password' (when the root password is correct). > > Any thoughts would be really appreciated. > > Best, > Michael > > Ref’s: > https://forum.mxlinux.org/viewtopic.php?p=589003#p589003 > > michael@local [~]# cat /usr/bin/mx-pkexec > #!/bin/bash > > # MX Linux pkexec wrapper to retain QT environment > # Usage: > # mx-pkexec mx-apps ... > # original code by fehlix for MX-Linux > > if test "$EUID" != 0; then > # normal user > # wayland fix (chkboom) > if [ x"$WAYLAND_DISPLAY" != "x" ] && [ -n "${WAYLAND_DISPLAY##/*}" ]; then > WAYLAND_DISPLAY=$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY > fi > > QTENV="${XDG_RUNTIME_DIR:-/tmp}/mx-pkexec-qtenv.$EUID.$PPID.$$. > $RANDOM$RANDOM" > if [ -f "$QTENV" ] ; then > rm $QTENV > fi > umask 0022 > touch "$QTENV" > while IFS=$'\n' read -r ENV; do > IFS='=' read PAR VAL < <(echo $ENV); > echo "export $PAR=${VAL@Q}" >> $QTENV > done < <(printenv | grep -E '^DESKTOP_SESSION|^KDE_FULL_SESSION=| > ^LANG=|^LANGUAGE=|^LC_|^QT_|^XDG_SESSION_TYPE|^XDG_CURRENT_DESKTOP| > ^WAYLAND_') > > echo "CURRENT_WORK_DIR='$PWD'" >> "$QTENV" > chmod +r "$QTENV" > pkexec /usr/bin/mx-pkexec "--qtenv" "$QTENV" "${@}" > if [ -f "$QTENV" ] ; then > rm $QTENV > fi > fi > if test "$EUID" == 0; then > # root user > # set XDG_RUNTIME_DIR - do nothing if already set > if [ x"$XDG_RUNTIME_DIR" = "x" ]; then > XDG_RUNTIME_DIR=/run/user/0 > export XDG_RUNTIME_DIR > [ -d $XDG_RUNTIME_DIR ] || mkdir -p $XDG_RUNTIME_DIR > chmod 700 $XDG_RUNTIME_DIR > chown 0:0 $XDG_RUNTIME_DIR > fi > if [ "x$1" = "x--qtenv" ]; then > QTENV="$2" > shift > shift > if [ -f "$QTENV" -a "x$QTENV" != "x${QTENV#*/mx-pkexec-qtenv.}" ] ; > then > . "$QTENV" > rm "$QTENV" > cd "${CURRENT_WORK_DIR}" > unset CURRENT_WORK_DIR > fi > PATH="/usr/local/bin:$PATH" > fi > > # check if command is given within one parameter, split by eval in case > [ $# == 1 ] && eval set "$@" > RUN="$1" > shift > > # check remaining parameter are quoted twice and do unquote > [ $# != 0 ] && [ -z "${1##[\'\"]*}" ] && [ -z "${1%%*[\'\"]}" ] && eval > set "$@" > echo Starting "$RUN" "${@@Q}" > command -v "$RUN" >/dev/null || { echo "mx-pkexec: Command '$RUN' not > found"; exit 1; } > exec "$RUN" "${@}" > fi > exit > > > michael@local [~]# cat /usr/bin/su-to-root > #!/bin/bash > > if test -r /etc/su-to-rootrc; then > . /etc/su-to-rootrc > fi > > if test -r ~/.su-to-rootrc; then > . ~/.su-to-rootrc > fi > > PRIV=root > COMMAND= > NEEDS=text > > gettext=$(which gettext 2>/dev/null) > > transl() { > txt="$1"; > shift; > if [ -n "$gettext" ]; then > txt="$(gettext su-to-root "$txt")"; > fi > printf "$txt" "$@" > } > > eshell() { > getent passwd $1 | cut -f7 -d: > } > > usage () { > transl 'usage: %s [-X] [-p <user>] -c <command> > -c command: command to execute as a string (mandatory) > -p <user>: user to switch to (default: root) > -X: command is a X11 program\n' "$0" >&2 > exit 1 > } > > for i in "$@"; do > case "$prev" in > -p) > PRIV="$i";; > -c) > COMMAND="$i";; > -X) > NEEDS="X11";; > esac > prev="$i" > done > > if [ -z "$COMMAND" ] ; then > usage; > fi > > euid=$(id -u) > privid=$(id -u $PRIV) > if test "$euid" = "$privid"; then > sh -c "$COMMAND" > else > case $NEEDS in > text) > if test "$euid" != 0; then > transl 'About to execute %s.\n' "$COMMAND" > transl 'This command needs %s privileges to be executed.\n' "$PRIV" > fi > > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin > SHELL=`eshell $PRIV` > case $SU_TO_ROOT_SU in > sux) suname=sux; pwuser="$PRIV"; cmd='sux -p "$PRIV" "$COMMAND"';; > sudo) suname=sudo;pwuser="$USER"; cmd='sudo -u "$PRIV" > sh -c "$COMMAND"';; > *) suname=su; pwuser="$PRIV"; cmd='su -p "$PRIV" -c "$COMMAND"';; > esac > transl 'Using %s...\n' "$suname" > transl 'Enter %s password at prompt.\n' "$pwuser" > yesexpr=$(locale yesexpr) > while ! eval $cmd; do > transl 'Incorrect password or command failed. Try again? (y/N)' > read ans > if echo "$ans" | perl -e "<> =~ /$yesexpr/ and exit(1);"; then > exit 1 > fi > done;; > X11) > if test -z "$SU_TO_ROOT_X"; then > if which gksu >/dev/null 2>&1 ; then > SU_TO_ROOT_X=gksu > if test "X$KDE_FULL_SESSION" = "Xtrue" ; then > if which kdesu >/dev/null 2>&1 ; then > SU_TO_ROOT_X=kdesu > elif test -x /usr/lib/kde4/libexec/kdesu ; then > SU_TO_ROOT_X=kde4su > fi; > fi; > elif which kdesu >/dev/null 2>&1 ; then > SU_TO_ROOT_X=kdesu > elif test -x /usr/lib/kde4/libexec/kdesu ; then > SU_TO_ROOT_X=kde4su > elif which ktsuss >/dev/null 2>&1 ; then > SU_TO_ROOT_X=ktsuss > elif which sux >/dev/null 2>&1 ; then > SU_TO_ROOT_X=sux > else > SU_TO_ROOT_X=su-to-root > fi > fi > case $SU_TO_ROOT_X in > gksu) gksu -u "$PRIV" "$COMMAND";; > gksudo) gksudo -u "$PRIV" "$COMMAND";; > kdesu) kdesu -u "$PRIV" "$COMMAND";; > kdesudo) kdesudo -u "$PRIV" "$COMMAND";; > kde4su) /usr/lib/kde4/libexec/kdesu -u "$PRIV" "$COMMAND";; > ktsuss) ktsuss -u "$PRIV" "$COMMAND";; > sux) env SU_TO_ROOT_SU=sux \ > x-terminal-emulator -e su-to-root -p "$PRIV" -c "$COMMAND";; > # As a last resort, open a new x-terminal-emulator and prompt for the > password > # Do not use -X here! > *) x-terminal-emulator -e su-to-root -p "$PRIV" -c "$COMMAND";; > esac;; > esac > fi > michael@local [~]# which x-terminal-emulator > /usr/bin/x-terminal-emulator > michael@local [~]# ll /usr/bin/x-terminal-emulator > lrwxrwxrwx 1 root root 37 May 30 > 22:29 /usr/bin/x-terminal-emulator -> /etc/alternatives/x-terminal-emulator > michael@local [~]# ll /etc/alternatives/x-terminal-emulator > lrwxrwxrwx 1 root root 31 May 30 > 22:29 /etc/alternatives/x-terminal-emulator -> /usr/bin/xfce4-terminal.wrapper > michael@local [~]# ll /usr/bin/xfce4-terminal.wrapper > -rwxr-xr-x 1 root root 1124 Aug 15 2019 /usr/bin/xfce4-terminal.wrapper > michael@local [~]# cat /usr/bin/xfce4-terminal.wrapper > #! /usr/bin/perl -w > # > # Terminal.wrapper - Debian terminal wrapper script > # > # Copyright (c) 2004-2005 os-cillation > # > > while ($opt = shift(@ARGV)) > { > if ($opt eq '-display') > { > $arg = shift(@ARGV); > push(@args, '--default-display', $arg); > } > elsif ($opt eq '-name') > { > $arg = shift(@ARGV); > } > elsif ($opt eq '-n') > { > $arg = shift(@ARGV); > } > elsif ($opt eq '-T' || $opt eq '-title') > { > push(@args, '--title', shift(@ARGV)); > } > elsif ($opt eq '-geometry') > { > $arg = shift(@ARGV); > push(@args, "--geometry=$arg"); > } > elsif ($opt eq '-fn') > { > $arg = shift(@ARGV); > } > elsif ($opt eq '-fg') > { > $arg = shift(@ARGV); > } > elsif ($opt eq '-bg') > { > $arg = shift(@ARGV); > } > elsif ($opt eq '-tn') > { > $arg = shift(@ARGV); > } > elsif ($opt eq '-e') > { > $arg = shift(@ARGV); > if (@ARGV) > { > push(@args, '-x', $arg, @ARGV); > last; > } > else > { > push(@args, '-e', $arg); > } > last; > } > elsif ($opt eq '-h' || $opt eq '--help') > { > push(@args, '--help'); > } > } > exec('xfce4-terminal',@args); > michael@local [~]# which xfce4-terminal > /usr/bin/xfce4-terminal > michael@local [~]# ll /usr/bin/xfce4-terminal > -rwxr-xr-x 1 root root 248384 Aug 15 2019 /usr/bin/xfce4-terminal > michael@local [~]# > > > michael@local [~/data/trash]# su-to-root -X -c mx-packageinstaller > ==== AUTHENTICATING FOR org.mxlinux.mx-pkexec === > Authentication is required to run this application > Authenticating as: root > Password: > polkit-agent-helper-1: error response to PolicyKit daemon: > GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie > ==== AUTHENTICATION FAILED === > Error executing command as another user: Not authorized > > This incident has been reported. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: trinity-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx > For additional commands, e-mail: trinity-users-help@xxxxxxxxxxxxxxxxxxxxxxxxxx > Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ > Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting > > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... --------------------------------------------------------------------- To unsubscribe, e-mail: trinity-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx For additional commands, e-mail: trinity-users-help@xxxxxxxxxxxxxxxxxxxxxxxxxx Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
