We need to develop a Python library and a tool that will handle password prompts in a GUI for sudo command execution using the SUDO_ASKPASS mechanism. The goal is to ensure the tool behaves like pkexec or gksu, but using sudo and honoring the sudoers configuration, including NOPASSWD rules.
Requirements
Python Library:
A library that:
Launches a GUI prompt to ask for the user's password.
Sets the SUDO_ASKPASS environment variable only within the Python session (it should not be visible outside of the session or to other processes).
Executes the sudo command using the SUDO_ASKPASS mechanism.
Supports sudo options such as -u (to specify user) and -i (to run as a login shell).
Ensures the password prompt respects the sudoers file, meaning it only asks for a password if required. If NOPASSWD is set, it should not prompt the user.
Tool:
A command-line tool that:
Acts similarly to pkexec or gksu, but uses sudo.
Checks if the user is in the sudoers file before prompting for a password.
Honors the NOPASSWD directive in sudoers (if set, no password prompt should be shown).
Supports common sudo options like:
-u: Execute the command as a different user.
-i: Execute the command as a login shell.
Deliverables
A Python library that can be integrated into other projects and codebases.
A standalone tool that behaves like pkexec/gksu but works with sudo.
Acceptance Criteria
Password is only prompted when required (i.e., if NOPASSWD is not set).
The tool checks sudoers for user permissions.
SUDO_ASKPASS is only visible within the Python session and not accessible from other processes.
Support for sudo options -u and -i in both the library and the tool.
Works correctly on systems with a properly configured sudoers file.
Description
We need to develop a Python library and a tool that will handle password prompts in a GUI for
sudocommand execution using theSUDO_ASKPASSmechanism. The goal is to ensure the tool behaves likepkexecorgksu, but usingsudoand honoring thesudoersconfiguration, includingNOPASSWDrules.Requirements
Python Library:
SUDO_ASKPASSenvironment variable only within the Python session (it should not be visible outside of the session or to other processes).sudocommand using theSUDO_ASKPASSmechanism.sudooptions such as-u(to specify user) and-i(to run as a login shell).sudoersfile, meaning it only asks for a password if required. IfNOPASSWDis set, it should not prompt the user.Tool:
pkexecorgksu, but usessudo.sudoersfile before prompting for a password.NOPASSWDdirective insudoers(if set, no password prompt should be shown).sudooptions like:-u: Execute the command as a different user.-i: Execute the command as a login shell.Deliverables
pkexec/gksubut works withsudo.Acceptance Criteria
NOPASSWDis not set).sudoersfor user permissions.SUDO_ASKPASSis only visible within the Python session and not accessible from other processes.sudooptions-uand-iin both the library and the tool.sudoersfile.