[sudo-users] Using sudo from a GUI app (getting a persistent ticket)
leamas.alec at gmail.com
Fri Sep 27 05:20:17 MDT 2013
I'm trying to make a GUI app which messes with files owned by root.
Instead of running a complete toolkit (+ external applications!) as root
my idea is to run the app as a regular user and use sudo to copy files
at certain occasions. All this works fid when I start the app (python +
Gtk) from a command line.
But I want it to start from a desktop file, without any command line.
What happens then is that I need to authenticate for each and every root
operation, the ticket which I get on the command line doesn't seem to
work in this context. I don't want this, I want my ticket to work for
the 5 minutes it should.
There are walk-arounds: disabling tty_tickets (security aspects...) or
starting from a terminal (clumsy). This is wat I do today.
A "real" solution would be to somehow convince sudo that all calls from
my app are indeed from the same user. I made some experiments with a C
wrapper which sets sid and controlling terminal (setsid() and ioctl(fd,
TIOCSCTTY...). Using this wrapper I can see that the output from
/proc/self/stat lists the same session id and controlling terminal for
the first authentication attempts. Still, the ticket is not valid on
the second attempt and I need to enter password again.
Any hints out there?
More information about the sudo-users