Get output stream from QProcess
-
@t0msk
Which is why I originally wrotePersonally I thought it a lot of hassle for the administrator to have to set up, but you could read up on it and see if it suits you.
and
polkit requires the administrator to set it up to allow a program through. It's not great for "one-off"s.
:)
I see this question asked frequently in this forum. The obvious question to me is: why does the
apt-getneed to be runsudo? If it does, it's best done by the admin user! Why does your app need to do it for the user? -
@JonB it is only example, Im working on frontend app for some console only program, and that console program requires sudo.
-
@JonB
sudo -Adoesn't work for my by default and-Swhat does it mean? I read manpage that it will read password from stdin, but Im working on GUI app, how can I show popup "Enter password" and then pass it to that process?wrote on 23 Oct 2019, 21:20 last edited by JonB@t0msk
So your Qt GUI will get the password from the user once. Then you will invokesudo -S .... You will send the password to it viaQProcess::write(). That will be connected to sub-process's stdin. Similar to the way that you can read from sub-process's stout/stderr in the code we have been discussing. Look back up at @jsulm's post. Have a read through theQProcessdoc page. -
wrote on 23 Oct 2019, 23:58 last edited by
@t0msk I ran into this on a PHP web app I wrote once where I needed to control some system services. My VERY dangerous approach was to modify the /etc/sudoers file to allow a certain user to run certain programs without a sudo password. Again this was VERY dangerous but I assumed the risk.
I added a line in my sudoers file like this...
<username> ALL=(ALL:ALL) NOPASSWD:<comma separated list of programs that I wanted to run without a password>Again, this is a VERY dangerous approach but I assumed the risks by running the program as a user that had no login shell. The chances of exploitation was very small.
As far as the need to communicating with the process I'm sure you come up with some sort of non blocking or interactive mode for QProcess. As @jsulm said read up and maybe try communicating via the channels of QProcess.
Chris~
-
@t0msk I ran into this on a PHP web app I wrote once where I needed to control some system services. My VERY dangerous approach was to modify the /etc/sudoers file to allow a certain user to run certain programs without a sudo password. Again this was VERY dangerous but I assumed the risk.
I added a line in my sudoers file like this...
<username> ALL=(ALL:ALL) NOPASSWD:<comma separated list of programs that I wanted to run without a password>Again, this is a VERY dangerous approach but I assumed the risks by running the program as a user that had no login shell. The chances of exploitation was very small.
As far as the need to communicating with the process I'm sure you come up with some sort of non blocking or interactive mode for QProcess. As @jsulm said read up and maybe try communicating via the channels of QProcess.
Chris~
wrote on 24 Oct 2019, 07:12 last edited by JonB@Chrisw01
One can run withNOPASSWD, and indeed I do on my development machine where I am the only user. If the application is only to be run on his own machine this might be acceptable. However, for the OP to make his end user sites change over to no root password, admittedly only forapt-get, seems inappropriate. It also requires setup from the system administrator. I would not dream of accepting software with this! Again, I would ask why his application requires asudo apt-getrather than just anapt-get?As I have noted above, you can run
sudowith a password from a UI by using the-Soption. If you are going to write code which uses channel communication withQProcessanyway you are already halfway there to what is needed. -
wrote on 24 Oct 2019, 15:41 last edited by
@JonB Agreed, which is why all the warnings of it being dangerous. And only control of that was given to a specific user, not the whole system. It fit my needs...
@t0msk I think that @JonB has hit the nail on the head. Run sudo with the -S parameter. And use channels to read and write to and from stdin/stdout/stderr as required.
From the sudo man page:
-S, --stdin Write the prompt to the standard error and read the password from the standard input instead of using the terminal device. The password must be followed by a newline character.Oh and one more thing to keep in mind, not all distros of Linux install sudo by default. Debian server for instance requires you to use the su program or manually install sudo. Some distro's only allow sudo to the admin or users in the sudoers group but not to regular users. So some adjustments may be required.
-
wrote on 25 Oct 2019, 07:34 last edited by t0msk
@JonB I need to use
sudowithaptyou can look here:tomsk@tomsk-Ntb:~$ apt update Reading package lists... Done E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied) E: Unable to lock directory /var/lib/apt/lists/ W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied) W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)So if I understand correctly, if user will want to do something which requires
sudo, then I will showQDialogwithlineEditwhere he enters password and then I will call QProcess withsudo -Sand after that I useQProcess::write()where I insert his password?I just downloaded application which requires administration rights from Linux repository and if I launch it, it looks like this:
As you can see it uses PolicyKit 1 and I didn't have to set up polkit on my system as you said (that xml what you mentioned), sorry but I am confused.
IT'S working now I used
pkexec apt update. -
@JonB I need to use
sudowithaptyou can look here:tomsk@tomsk-Ntb:~$ apt update Reading package lists... Done E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied) E: Unable to lock directory /var/lib/apt/lists/ W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied) W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)So if I understand correctly, if user will want to do something which requires
sudo, then I will showQDialogwithlineEditwhere he enters password and then I will call QProcess withsudo -Sand after that I useQProcess::write()where I insert his password?I just downloaded application which requires administration rights from Linux repository and if I launch it, it looks like this:
As you can see it uses PolicyKit 1 and I didn't have to set up polkit on my system as you said (that xml what you mentioned), sorry but I am confused.
IT'S working now I used
pkexec apt update.wrote on 25 Oct 2019, 09:14 last edited by-
You only need to use
sudobecause you are goingapt update, which does a system-wide update of stuff. Why does your app need that? That's my point. -
Yes to what you wrote about
sudo -S. -
Like I said I have never used
polkitso it's up to you to read up. You say "and I didn't have to set up polkit on my system", but isn't the point that you are being prompted for a password here where the point of usingpolkitis to allow stuff through without requiring a password? So it seems to me it is not currently set up to allow whatever you are trying through without a password, and an admin would need to configure it to make it allow no password here?
-
-
-
You only need to use
sudobecause you are goingapt update, which does a system-wide update of stuff. Why does your app need that? That's my point. -
Yes to what you wrote about
sudo -S. -
Like I said I have never used
polkitso it's up to you to read up. You say "and I didn't have to set up polkit on my system", but isn't the point that you are being prompted for a password here where the point of usingpolkitis to allow stuff through without requiring a password? So it seems to me it is not currently set up to allow whatever you are trying through without a password, and an admin would need to configure it to make it allow no password here?
wrote on 26 Oct 2019, 08:44 last edited by@JonB said in Get output stream from QProcess:
-
You only need to use
sudobecause you are goingapt update, which does a system-wide update of stuff. Why does your app need that? That's my point. -
Yes to what you wrote about
sudo -S. -
Like I said I have never used
polkitso it's up to you to read up. You say "and I didn't have to set up polkit on my system", but isn't the point that you are being prompted for a password here where the point of usingpolkitis to allow stuff through without requiring a password? So it seems to me it is not currently set up to allow whatever you are trying through without a password, and an admin would need to configure it to make it allow no password here?
As I said many times
apt updateis only example, and if you usepkexecit will show system popup like on screenshot in my last post, then you have to enter password and after that command will be executed. -
-
@JonB said in Get output stream from QProcess:
-
You only need to use
sudobecause you are goingapt update, which does a system-wide update of stuff. Why does your app need that? That's my point. -
Yes to what you wrote about
sudo -S. -
Like I said I have never used
polkitso it's up to you to read up. You say "and I didn't have to set up polkit on my system", but isn't the point that you are being prompted for a password here where the point of usingpolkitis to allow stuff through without requiring a password? So it seems to me it is not currently set up to allow whatever you are trying through without a password, and an admin would need to configure it to make it allow no password here?
As I said many times
apt updateis only example, and if you usepkexecit will show system popup like on screenshot in my last post, then you have to enter password and after that command will be executed.@t0msk said in Get output stream from QProcess:
As I said many times apt update is only example
@JonB understands that "apt update" is just an example, he actually wanted to know why your app needs to be executed as root...
-
-
@JonB said in Get output stream from QProcess:
-
You only need to use
sudobecause you are goingapt update, which does a system-wide update of stuff. Why does your app need that? That's my point. -
Yes to what you wrote about
sudo -S. -
Like I said I have never used
polkitso it's up to you to read up. You say "and I didn't have to set up polkit on my system", but isn't the point that you are being prompted for a password here where the point of usingpolkitis to allow stuff through without requiring a password? So it seems to me it is not currently set up to allow whatever you are trying through without a password, and an admin would need to configure it to make it allow no password here?
As I said many times
apt updateis only example, and if you usepkexecit will show system popup like on screenshot in my last post, then you have to enter password and after that command will be executed.wrote on 29 Oct 2019, 08:12 last edited by JonBAs I said many times
apt updateis only example, and if you usepkexecit will show system popup like on screenshot ...@jsulm has leapt to my defence :) And as I have said many times, my question is not about
apt updatebut about why you need to run it or anything else sudo from your program? This equally applies if you gopkexec(though the whole point of that is it's part ofpolkit, and the point ofpolkitis that you are supposed to configure it so that it does not "show system popup like on screenshot"). -
19/21