Replace GKSu with consolehelper
Section: Linux
Gksu is a "library that provides a Gtk+ frontend to su and sudo". It is useful for running applications that require root permission from a menu item or any script that is run without having a console, but it uses a different interface to the adminstration applications in Fedora and other distros. The following article is a solution to use consolehelper - the back-end that powers the Fedora administration login - to have custom scripts using the standard distro root password request dialog.
Having previously used GKSu by installing Redhat Enterprise Linux RPMs in Fedora, I have now replaced it with the method below for better integration.
The manual process
The PAM configuration for the script was borrowed from Fedora's Smart package manager application, as it provided a suitable dialog box and gave root access as required. It was also a separate application, unlike the configuration applications that used their own PAM files with configuration application specific data.
The solution
The solution comes in a few parts, which are compiled in to a script at the end of the article for easy execution.
Firstly, a symbolic link is needed between the consolehelper and the executable you want to create. I have a /usr/local partition for my own scripts and executables, so I create it in there. This may require root access depending on the permissions of the folder you create the symbolic link in.
The following will need root access, as they are creating files in system folders. Either su to your root account, use su -c, or use sudo if you have it configured in a suitable manner.
Next, you need to add the authentication in PAM. This is done by creating a file with a matching name in /etc/pam.d/ - in this example, app-you-create. Create the file /etc/pam.d/app-you-create using your favourite text editor and add the following:
If the user is not root, this configuration will prompt them for root's password using the system authentication dialog (the one the administration applications use).
Finally, you need to tell consolehelper what application to run and which user to run it as. This is done by creating a file with a matching name in /etc/security/console.apps/ - in this example, app-you-create. Create the file /etc/security/console.apps/app-you-create using your favourite text editor and add the following:
With all of this done you now have an application that is wrapped with a root password prompt.
The single script
The vast majority of the configuration above is common to any application. The parts that aren't common are still in a standard form. To ease the creation of links, I created the following script that combines all of the steps above.
To use the script to create your own application links with root authentication then copy and paste the code in to a text editor, save it in a bin directory (e.g. I use 'su-wrap' in /usr/local/bin/), make it executable and then run it from the command-line as follows:
Alternatively, if you want to have a GUI version then you can run the script once on itself and then future links can be created from the run dialog instead of the command-line. Note, though, that the output will still be on the command-line. To do this, run the following from the command-line:
Once it completes, you can use su-wrap-gui to create the same application links but with a graphical password prompt.
Using su-wrap
The main use I have is to start Apache and MySQL. My desktop machine is sometimes, but not always, used for web development and so it is more efficient and secure to not start Apache and MySQL by default, but only when requested. I have a short script called "dostarthttpd" that starts the Apache and MySQL services, but it requires root privileges. Previously I had a "starthttpd" script that just ran "gksu dostarthttpd" to prompt for the root password, but now I have a dostarthttpd wrapped and using a visually integrated dialog.
Navigation
Site Navigation
Links
- Hive World Terra - articles, downloads, fanfiction and an encyclopedia for Games Workshop's games.
- Skins@HWT - Skins, textures, badges, banners and team colours for Dawn of War, plus tutorials, tools and an FAQ.
- WarFoundry, the cross-platform, multi-system, open-source army creator.