search

gnuradio / pybombs

PyBOMBS (Python Build Overlay Managed Bundle System) is the GNU Radio install management system for resolving dependencies and pulling in out-of-tree projects.
https://gnuradio.org
GNU General Public License v3.0
415 stars 189 forks source link

Use pkexec instead of sudo for granting elevated privileges #369

Open NinjaComics opened 8 years ago

NinjaComics commented 8 years ago

It would be nice if we use pkexec instead of sudo (we currently use sudo -H in subproc.py) for granting the elevated privileges while installing packages using pybombs. On the upside, pkexec will call the default system authentication agent and prompts the user to enter the password in a gui dialog if the app is running in X session or prompts to enter in terminal if the app is run from a tty. Plus, this will work for both pybombs-cli and the pybombs-gui.

On the downside, everytime the pkexec is called from within pybombs, the user has to enter the password.

Example: sudo:

sudo <do-something> #asks for password sudo <do-something-after-a-little-while> #executes the command without asking for password

pkexec:

pkexec <do-something> #asks for password pkexec <do-something-after-a-little-while> #asks for password

pkexec does that for security reasons.

This problem can be overcome by writing policy files as specified in pkexec's reference manual for each packager that requires elevated privileges.

mbr0wn commented 7 years ago

With elevate_pre_args, we can already do this. Would make sense to define policy files though if we really want to support this, or it's kinda pointless. Do you want to work on this?

NinjaComics commented 7 years ago

Enabling policies for each packager makes sense only when pybombs is in use. When not in use, I would want to restore the normal functionality of the packager. I will work on it and submit a PR soon.

mbr0wn commented 7 years ago

@NinjaComics Did you ever submit that PR?