Enter admin rights once, use it in multiple process calls to terminal [Linux]
fleppe last edited by
I have a lot of process calls that runs commands in the terminal. This is done by calling the following line multiple times:
process.start("pkexec", QStringList() << "--user" << "root" << [command]);
This works, but it's not very convenient as the user gets a prompt to enter admin password every time these processes run.
So my question is, how should i do if i only want the user to enter admin rights once and still get root privileges multiple times?
@fleppe You could execute "sh" as command with "-c" parameter + "sudo" + "&&" + "pkexec", QStringList() << "--user" << "root" << [command]) + "&&" ... (all other commands).
JonB last edited by
I'm a little lost looking at your proposed command line. I don't see any
-c, I don't know what the first occurrence of
&&is about, I don't know how you're quoting/joining into one command, etc. Possibly fixed font would make it clearer.... Also, by the time you're
sudo-ing, do we need the
--user rootany longer?
If all you're suggesting to OP is to use
sudo, that accepts the command as-is on the line. So what about something like:
process.start("sudo " + command)
(There are various ways of passing arguments separately/together, each have their advantages/disadvantages. To be clear I'm using the straightforward
QStringoverload. There may be quoting issues, but yours will have those too.)
@JonB There is -c in my "example".
&& is simply to chain several commands in one command line (com1 && com2 && com3...).
But now I realised that this --user parameter is for the pkexec command (whatever it is), so my suggestion isn't valid.
JonB last edited by
I could be wrong, but if you try a command like you say which goes
sudo && pkexec ...
I would imagine that, since each segment separated by
&&s (or whatever similar) is run its own separate sub-shell, the
sudo's "lifetime" will only be its own sub-shell, and therefore assuming your intention was to run the later
pkexec ...on the command-line under
sudo(that was what you were intending, right?) it will in fact have "been & gone", leaving the
pkexec ...running not as
To be clear: not trying to nit-pick on you, I too am not always 100% and like to learn, am just trying to produce a heads-up clarification for @fleppe if he tries yours and it doesn't work.
As I said earlier, I would expect
process.start("sudo " + pkexec_command)
to correctly run the
However, unless OP has marked his
sudoto require no password (as I do, on my own machine), this might prompt for
sudocredentials each time for each
pkexec, which he says he wishes to avoid? From
man sudoI think this approach relies on:
Security policies may support credential caching to allow the user to run
sudo again for a period of time without requiring authentication. The
sudoers policy caches credentials for 15 minutes, unless overridden in
sudoers(5). By running sudo with the -v option, a user can update the
cached credentials without running a command.
If that is no good, one solution would be: Assuming you know what multiple
pkexecs you wish to execute, send them all off to a text file as separate commands and run that file once via
fleppe last edited by
Good idea to put the commands in a text file, thought the problem is that i need to do stuff in the QT-application in between command calls.
pkexecas i understand is: "A application used to interface with the polkit actions and authenticate an application to acquire root access." So that's a part of getting root access. https://stackoverflow.com/questions/47885043/proper-method-to-acquire-root-access-on-linux-for-qt-applications
Think of it as i calling
sudo apt updatemultiple times in the program and doing things in the QT application in between.
I'm grateful for your answers.
@JonB Yes, the && between sudo and first command is not needed, I was in hurry when I wrote my first comment in this thread.
JonB last edited by JonB
And there was I thinking
pkexecwas something to do with running some
This "polkit" stuff is all very good, and if that's what you want to use fine. But it's going to require a bit of setting up to use. I do not know how much configuring you want to do, or how "secure" you need to be for your purposes.
I will just say that in terms of "simplicity", if that's really what you want, my two thoughts would be:
sudoand rely on what I quoted from the man page to ensure the user only gets prompted for password once every 15 minutes, if that works for you.
Use setuid. It sounds like all your commands are
apt updates? I would not make your Qt program itself setuid (unless you really know what you are doing). Rather, a tiny executable wrapper program supplied with your Qt app to just do
apt updatewith setuid would suffice (installed with just
chmod u+s). I would suggest this might be the simplest solution if you want to avoid any password prompting at all, as per your original question. Have you at least considered/do you know about setuid, even if you have good reason to reject it?