With a KDE Desktop (dont know if it is the same with gnome) you can run pkexec whoami with no problems but if you try a graphical application it will fail. like partitionmanager pkexec partitionmanager partitionmanager-bin: cannot connect to X server
You a .policy file for the binary with an allow_gui annotation for this to work, see http://www.freedesktop.org/software/polkit/docs/latest/pkexec.1.html for details
thank you for this information but in this case, wouldnt it be better to have a graphical error message which sais that this application is not allowed to run as root?
Created attachment 66854 [details] [review] Create $XAUTHORITY from $HOME if unset I have just checked in a Ubuntu 12.04 Live CD and I see that XAUTHORITY is set. This is not the case for KDE. The attached patch sets XAUTHORITY to $HOME/.Xauthority if it was not set before and thus allowing programs like gparted to work.
*** Bug 49707 has been marked as a duplicate of this bug. ***
It's not pkexec(1)'s job to set XAUTHORITY
I submitted a patch for kdm but it got rejected there too. > > The fix is declined for polkit as "It's not pkexec(1)'s job to set XAUTHORITY" > > https://bugs.freedesktop.org/show_bug.cgi?id=51623 > > > tell him to get a clue. the program which changes the user context must > also adjust relevant environment variables, which includes setting them > in the first place when they start to deviate from the default. He has a point. Since pkexec already passes DISPLAY, why would you choose to ignore XAUTHORITY? I say ignore because of the user change, the interpreted XAUTHORITY variable also changes, and the goal of use_gui is actually letting the program display itself on the user's screen. > It's not pkexec(1)'s job to set XAUTHORITY pkexec(1) does set it for child programs, so it should make sure that the child receives sane values.
Please read the source before commenting: pkexec(1) will preserve the value of XAUTHORITY if the appropriate annotation is used. Stop reopening this bug.
david, you are simply WRONG. X defines that XAUTHORITY defaults to ~/.Xauthority if it is not set. therefore, "preserving" the value of the variable implies *actively setting* it upon changing the user identity. pkexec contains no such code, and is thereofore broken by definition. period. not to mention that simply passing on a reference to the calling user's xauth file is a rather inelegant solution (it relies on the target app running as root, potentially gives access to way too many displays, and opens the door for accidental modifications). study pam_xauth to see how to do it *right*. if you close this as NOTABUG again you'll make a laughing stock of yourself.
OK. I still don't like how XAUTHORITY works but that's somewhat unimportant since it does work the way you describe. I've added a patch loosely based on the one in comment 3: http://cgit.freedesktop.org/polkit/commit/?id=d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Closing.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.