Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

Execute multiple root privileged commands using single password prompt



  • Hello guys, I'm using QT in Linux. Is it possible to take user password once using pkexec to execute multiple root privileged commands in QProcess? Or is there a way to start the entire project as root?



  • not really a Qt specific question, but...QProcess executes a single process in the privilege context of the Qt application. To escalate the privilege the QProcess executable should either be suid root or execute a batch file using something like sudo.

    as to pkexec, I will withhold comment on that because I have nothing good to say about polkit, systemd, pulsaudio, or any other the other window-esque things that have been shoved down the throat of the linux users.



  • @Kent-Dorfman Thank you for the replay. I'm new to QT can you please give an example how I could get user privilege in a proper way? Also is there a way to run the project as root at the beginning?



  • @Dylan-Holt said in Execute multiple root privileged commands using single password prompt:

    Also is there a way to run the project as root at the beginning?

    If you mean running your project from Qt Creator with root privileges (although it doesn't sound like a good idea, you've been warned...), you can do:

    sudo /your/path/to/qtcreator
    


  • @Pablo-J.-Rogina said in Execute multiple root privileged commands using single password prompt:

    If you mean running your project from Qt Creator with root privileges (although it doesn't sound like a good idea, you've been warned...), you can do:

    sudo /your/path/to/qtcreator
    

    No, I asked if there a way to make the app request root permission when we deploy the project and start the app as root. Like Gparted which asks for root permission when we launch it.



  • What you are asking for is traditionally a suid root application. It is the way in the UNIX world that system commands can execute privileged functions when necessary. Setting it up is easy and there is ample information online as to how to do it...doing it securely and correctly is another matter. I strongly suggest reading up on design of system utilities before simply making a program privileged. The first step is always to evaluate whether you really need root privilege and to avoid it if at all possible. assuming it IS NECESSARY, you need to do a full cyber security analysis of your program to see if it is susceptible to attacks, and then (only then) you use system calls to immediately drop privilege when the program is executed and only elevate privilege in the specific parts of the program where it is necessary to do a protected function, dropping privilege again immediately after.


  • Qt Champions 2019



  • @Kent-Dorfman

    as to pkexec, I will withhold comment on that because I have nothing good to say about polkit, systemd, pulsaudio, or any other the other window-esque things that have been shoved down the throat of the linux users.

    That is interesting to hear. I come from old-skool setuid times, so this polkit stuff is new to me and I see people talking about it in these forums when asking about elevation. Sounded complex, and requires set-up. Nice to know you don't rate it :)



  • @Dylan-Holt
    Your original question was:

    Is it possible to take user password once using pkexec to execute multiple root privileged commands in QProcess?

    That is rather different from:

    I asked if there a way to make the app request root permission when we deploy the project and start the app as root.

    If you need root only for executing some OS commands from your app, you should be careful about taking root permission on your app as your solution, unless you really know what you're doing.... In any case, if your Qt app has a GUI you may have problems running it as root, depending on your Linux variant/configuration.

    There is a way to satisfy your initial question. You could prompt for root password once in your Qt UI and then leverage the -S argument to sudo to run commands without having to re-prompt for the password. Whether this is advisable is another matter, but it answers your original question. There is also the -A argument, but support is not always present, and it would re-prompt each time. There was a question I answered in this forum a while ago where a dev wanted to prompt only once but run multiple sudo commands.


Log in to reply