run0: persist feature (if possible, probably not)

[zefr0x]

Component

other

Is your feature request related to a problem? Please describe

When running multiple commands in a row we will be prompted for the password multiple times.

Its better for security of course, but not expected behaviour from sudo.

I have no convincing argument ;)

Describe the solution you'd like

I don't know if this was possible in the first place, but after user successfully authenticates, they will not be prompted for a password again in the same shell for some time (sudo like behaviour).

It should be an optional feature since it prefer user-friendliness over security.

Describe alternatives you've considered

No response

The systemd version you checked that didn't have the feature you are asking for

256

[bluca]

This requires changes in polkit. As far as I understand, the "auth_admin_keep" feature requires the same agent to be running and making the subsequent requests. But given it's a CLI tool, this can't be done obviously. A possible solution would be for polkit to recognize subsequent requests from the same user session, given we can now track this reliably, but this might have security consequences that need to be carefully evaluated.

[septatrix]

Another problem is that the result would be valid for subsequent requests with the same action etc but different variables, so one may invoke a different command which might not be desirable IIRC

[AdrianVovk]

carbonOS set auth_admin_keep on pkexec and it worked just fine. Not sure what pkexec did to make that work :shrug:

[bluca]

pkexec is setuid:

$ ls -l /usr/bin/pkexec 
-rwsr-xr-x 1 root root 26776 Jan 31  2023 /usr/bin/pkexec

[poettering]

hmm, i presume you use run0 remotely via ssh or on the console?

if run within a desktop session, the PK agent is typically implemented by the DE (for example gnome-shell), and this should remember authorizations just fine. We'll fork off a terminal based PK agent temporarily that fills in if no DE is around that does this for you. This agent is shortlived, it only stays around as long as run0 does its thing. I guess this fallback agent does not allow the caching to take place.

This probably needs to be addressed in PK somehow, to cater better for this problem.

[poettering]

carbonOS set auth_admin_keep on pkexec and it worked just fine. Not sure what pkexec did to make that work 🤷

i presume you used pkexec from a local DE session, right?

[urbenlegend]

the PK agent is typically implemented by the DE (for example gnome-shell), and this should remember authorizations just fine.

I am using KDE in Arch Linux and run0 seems to ask me for a password every time.

[poettering]

e.

I am using KDE in Arch Linux and run0 seems to ask me for a password every time.

hmm, how does it do that? graphically via kde's pk support or in the terminal?

we do set "auth_admin_keep" for the relevant PK check, which should allow caching the authorization.

[urbenlegend]

It pops up a graphical password prompt that looks like this:

[jakedane]

Same with Gnome Shell 46 on Arch Linux, it uses Gnome's password prompt and requires the password for each subsequent run0 call:

[Bundy01]

@bluca: This option is eagerly awaited.

I would also add the option of not typing a password for specific commands, as with the sudoers NOPASSWD config.

Because of these indispensable options, I still use sudo.

Regards.

[mbiebl]

https://github.com/polkit-org/polkit/issues/472