Q4OS Forum

Dai_trying

Member

From: UK

Registered: 2015-12-14

Posts: 2,992

pkexec not working as expected

I am currently re-writing my apt updater/notifier and have found some strange behaviour when using the pkexec command, I can see it is aliased to tdesudo which is causing a small issue and although it is not a critical problem it does cause me to include some workaround code to account for it.

The problem is I can use the command

sudo apt-get -q update

to update the repositories, but if I use the command

pkexec apt-get -q update

I get the following error

dai@q4scorpion:~$ pkexec apt-get -q update
tdesudo: Unknown option '-q'.
tdesudo: Use --help to get a list of available command line options.

I can use this command on a standard debian installation without issue due to the pkexec command being used natively. The reason I wanted to use pkexec is to have a secure method of elevating privileges that is not distro specific and as pkexec is available I thought it would be a good fit.

I have tried sourcing pkexec directly from /usr/bin with

/usr/bin/pkexec apt-get -q update

which gives the following error

dai@q4scorpion:~$ /usr/bin/pkexec apt-get -q update
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/usr/bin/apt-get' as the super user
Authenticating as: dai,,, (dai)
Password: 
polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

This incident has been reported.

Obviously I have sudo rights on this desktop but it seems policykit might not be set-up correctly, any advice? or is this maybe a bug?

q4osteam

Q4OS Team

Registered: 2015-12-06

Posts: 4,501

Website

Re: pkexec not working as expected

...I can see it is aliased to tdesudo which is causing a small issue and although it is not a critical problem it does cause me to include some workaround code to account for it. ...

Yes, we can confirm an incorrect implementation of the pkexec aliasing in Q4OS. It will be fixed by the next 'q4os-base' update. Meanwhile, you can safely fix the '/opt/trinity/bin/pkexec' file to be:

#!/bin/sh
#for pkexec the 'polkit-gnome-authentication-agent-1' daemon have to be launched

ARGS="$( echo "$@" | sed "s/--user/-u/g" )"
tdesudo "$ARGS"

I have tried sourcing pkexec directly from /usr/bin with
/usr/bin/pkexec apt-get -q update
which gives the following error ...
...
... but it seems policykit might not be set-up correctly, any advice? or is this maybe a bug?

You need to run pkexec from a gui terminal to be proceeded correctly, as it needs 'polkit-gnome-authentication-agent-1' daemon to be loaded within the current session. It works the same way in the bare Debian system, as well as in Q4OS.

Last edited by q4osteam (2018-05-04 08:09)

Dai_trying

Member

From: UK

Registered: 2015-12-14

Posts: 2,992

Re: pkexec not working as expected

Yes, we can confirm an incorrect implementation of the pkexec aliasing in Q4OS. It will be fixed by the next 'q4os-base' update. Meanwhile, you can safely fix the '/opt/trinity/bin/pkexec' file to be:

#!/bin/sh
#for pkexec the 'polkit-gnome-authentication-agent-1' daemon have to be launched

ARGS="$( echo "$@" | sed "s/--user/-u/g" )"
tdesudo "$ARGS"

Thank you, this fixed the problem for me.