Get output stream from QProcess

t0msk

@jsulm thanks :)

@JonB I was looking for polkit, and it seems to be over-complicated, I thought that it will be only some lines of code.

Can be workaround that app will require to be started as sudo? Then if my application runs with sudo privileges then it means that I don't have to use sudo command and everything should work, right?

JonB

@t0msk
polkit requires the administrator to set it up to allow a program through. It's not great for "one-off"s.

Yes, to be clear, if the user is prepared to invoke your whole program via sudo then it has those privileges throughout. So if it spawns a QProcess of apt update that will run as you intend.

This is not usually the solution people are looking for when they ask about a sudo QProcess, as they do not expect/intend the user to run the whole Qt program sudo. But if that's is going to be OK with your users, it will solve your issue, Be especially careful about what your code does, as everything it does will be sudo now! This could be an issue if you create files, and also you should check the desktop windowing system being used in case it does not like UI programs running under sudo.

t0msk

@JonB said in Get output stream from QProcess:

polkit requires the administrator to set it up to allow a program through. It's not great for "one-off"s

So you mean that if user downloads my app then he have to set up polkit first and then he will be able to run my app and use "sudo functions"?

JonB

@t0msk
I have never used polkit. But my understanding is first the system administrator would have to set up for polkit on the system. Then you supply, I believe, an XML file or something for your program to do the sudo command, and the system administrator then has to "incorporate" that into his polkit setup to authorize it. That would make sense conceptually to me. I stand it be corrected! As I said, I suggest you Google.

t0msk

@JonB said in Get output stream from QProcess:

@t0msk
I have never used polkit. But my understanding is first the system administrator would have to set up for polkit on the system. Then you supply, I believe, an XML file or something for your program to do the sudo command, and the system administrator then has to "incorporate" that into his polkit setup to authorize it. That would make sense conceptually to me. I stand it be corrected! As I said, I suggest you Google.

That approach is very bad for me, I just want that user downloads my app and runs it, and if needed he will be prompted for password.

JonB

@t0msk
Which is why I originally wrote

Personally I thought it a lot of hassle for the administrator to have to set up, but you could read up on it and see if it suits you.

and

polkit requires the administrator to set it up to allow a program through. It's not great for "one-off"s.

:)

I see this question asked frequently in this forum. The obvious question to me is: why does the apt-get need to be run sudo? If it does, it's best done by the admin user! Why does your app need to do it for the user?

t0msk

@JonB it is only example, Im working on frontend app for some console only program, and that console program requires sudo.

JonB

@t0msk
Then going back to what I suggested originally, have you checked out sudo -S ?

t0msk

@JonB sudo -A doesn't work for my by default and -S what does it mean? I read manpage that it will read password from stdin, but Im working on GUI app, how can I show popup "Enter password" and then pass it to that process?

JonB

@t0msk
So your Qt GUI will get the password from the user once. Then you will invoke sudo -S .... You will send the password to it via QProcess::write(). That will be connected to sub-process's stdin. Similar to the way that you can read from sub-process's stout/stderr in the code we have been discussing. Look back up at @jsulm's post. Have a read through the QProcess doc page.

Chrisw01

@t0msk I ran into this on a PHP web app I wrote once where I needed to control some system services. My VERY dangerous approach was to modify the /etc/sudoers file to allow a certain user to run certain programs without a sudo password. Again this was VERY dangerous but I assumed the risk.

I added a line in my sudoers file like this...

<username>  ALL=(ALL:ALL) NOPASSWD:<comma separated list of programs that I wanted to run without a password>

Again, this is a VERY dangerous approach but I assumed the risks by running the program as a user that had no login shell. The chances of exploitation was very small.

As far as the need to communicating with the process I'm sure you come up with some sort of non blocking or interactive mode for QProcess. As @jsulm said read up and maybe try communicating via the channels of QProcess.

Chris~

JonB

@Chrisw01
One can run with NOPASSWD, and indeed I do on my development machine where I am the only user. If the application is only to be run on his own machine this might be acceptable. However, for the OP to make his end user sites change over to no root password, admittedly only for apt-get, seems inappropriate. It also requires setup from the system administrator. I would not dream of accepting software with this! Again, I would ask why his application requires a sudo apt-get rather than just an apt-get?

As I have noted above, you can run sudo with a password from a UI by using the -S option. If you are going to write code which uses channel communication with QProcess anyway you are already halfway there to what is needed.

Chrisw01

@JonB Agreed, which is why all the warnings of it being dangerous. And only control of that was given to a specific user, not the whole system. It fit my needs...

@t0msk I think that @JonB has hit the nail on the head. Run sudo with the -S parameter. And use channels to read and write to and from stdin/stdout/stderr as required.

From the sudo man page:

     -S, --stdin
        Write the prompt to the standard error and read the password from the standard input instead of using the terminal device.  The password must be followed by a newline character.

Oh and one more thing to keep in mind, not all distros of Linux install sudo by default. Debian server for instance requires you to use the su program or manually install sudo. Some distro's only allow sudo to the admin or users in the sudoers group but not to regular users. So some adjustments may be required.

t0msk

@JonB I need to use sudo with apt you can look here:

tomsk@tomsk-Ntb:~$ apt update
Reading package lists... Done
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)

So if I understand correctly, if user will want to do something which requires sudo, then I will show QDialog with lineEdit where he enters password and then I will call QProcess with sudo -S and after that I use QProcess::write() where I insert his password?

I just downloaded application which requires administration rights from Linux repository and if I launch it, it looks like this:

PolicyKit 1

As you can see it uses PolicyKit 1 and I didn't have to set up polkit on my system as you said (that xml what you mentioned), sorry but I am confused.

IT'S working now I used pkexec apt update.

JonB

@t0msk

You only need to use sudo because you are going apt update, which does a system-wide update of stuff. Why does your app need that? That's my point.
Yes to what you wrote about sudo -S.
Like I said I have never used polkit so it's up to you to read up. You say "and I didn't have to set up polkit on my system", but isn't the point that you are being prompted for a password here where the point of using polkit is to allow stuff through without requiring a password? So it seems to me it is not currently set up to allow whatever you are trying through without a password, and an admin would need to configure it to make it allow no password here?

t0msk

@JonB said in Get output stream from QProcess:

@t0msk

You only need to use sudo because you are going apt update, which does a system-wide update of stuff. Why does your app need that? That's my point.

Yes to what you wrote about sudo -S.

Like I said I have never used polkit so it's up to you to read up. You say "and I didn't have to set up polkit on my system", but isn't the point that you are being prompted for a password here where the point of using polkit is to allow stuff through without requiring a password? So it seems to me it is not currently set up to allow whatever you are trying through without a password, and an admin would need to configure it to make it allow no password here?

As I said many times apt update is only example, and if you use pkexec it will show system popup like on screenshot in my last post, then you have to enter password and after that command will be executed.

jsulm

@t0msk said in Get output stream from QProcess:

As I said many times apt update is only example

@JonB understands that "apt update" is just an example, he actually wanted to know why your app needs to be executed as root...

JonB

@t0msk

As I said many times apt update is only example, and if you use pkexec it will show system popup like on screenshot ...

@jsulm has leapt to my defence :) And as I have said many times, my question is not about apt update but about why you need to run it or anything else sudo from your program? This equally applies if you go pkexec (though the whole point of that is it's part of polkit, and the point of polkit is that you are supposed to configure it so that it does not "show system popup like on screenshot").