[sudo-users] Using sudo from a GUI app (getting a persistent ticket)

Alec Leamas leamas.alec at gmail.com
Fri Sep 27 05:20:17 MDT 2013

Dear list,

I'm trying to make a GUI app which messes with files owned by root. 
Instead of running a complete toolkit (+ external applications!) as root 
my idea is to run the app as a regular user and use sudo to copy files 
at certain occasions. All this works fid when I  start the app (python + 
Gtk) from a command line.

But I want it to start from a desktop file, without any command line. 
What happens then is that I need to authenticate for each and every root 
operation, the ticket which I get on the command line doesn't seem to 
work in this context. I don't want this, I want my ticket to work for 
the 5 minutes it should.

There are walk-arounds: disabling tty_tickets (security aspects...) or 
starting from a terminal (clumsy).  This is wat I do today.

A "real" solution would be to somehow convince  sudo that all calls from 
my app are indeed from the same user. I made some experiments with a C 
wrapper which sets sid and controlling terminal (setsid() and ioctl(fd, 
TIOCSCTTY...). Using this wrapper I can see that the output from 
/proc/self/stat lists the same session id and controlling terminal for 
the first authentication attempts.  Still, the ticket is not valid on 
the second attempt and I need to enter password again.

Any hints  out there?


More information about the sudo-users mailing list