On Tue, Nov 09, 2004 at 06:03:44PM +1100, Grant Diffey wrote:
> I'm not subscribed so please use reply-to-all
>
> SUMMARY: su-to-root from the menu package is a nasty hack that should be
> replaced by a mechinism managed by /etc/alternatives
>
> PREMISE: The decision of which User interface people see when running a X11
> application that requires elevated privilages is a combination of system
> policy and user preference.
Hello,
I have written a new su-to-root script that
1) can be configured through '~/.su-to-rootrc'. (A better filename is
welcome).
2) support back-end gksu,kdesu,sux and built-in (checked in that order).
Please find it in attachment, with the new manpage.
I would really appreciate if you could test it and tell me what changes
I should make.
Cheers,
--
Bill. <[EMAIL PROTECTED]>
Imagine a large red swirl here.
#!/bin/bash
if test -r ~/.su-to-rootrc; then
. ~/.su-to-rootrc
fi
PRIV=root
COMMAND=
NEEDS=text
eshell() {
getent passwd $1 | cut -f7 -d:
}
usage () {
echo usage: $0 '[-X] [-p <user>] -c <command>' >&2
echo '-X: command is a X11 program' >&2
exit 1
}
for i in "$@"; do
case "$prev" in
-p)
PRIV="$i";;
-c)
COMMAND="$i";;
-X)
NEEDS="X11";;
esac
prev="$i"
done
if [ -z "$COMMAND" ] ; then
usage;
fi
euid=$(id -u)
privid=$(id -u $PRIV)
if test "$euid" = "$privid"; then
$COMMAND
else
case $NEEDS in
text)
if test "$euid" != 0; then
echo About to execute $COMMAND.
echo This command needs $PRIV privileges to be executed.
fi
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin
SHELL=`eshell $PRIV`
if test "X$SU_TO_ROOT_SU" = "Xsux"; then
echo "Using sux..."
echo enter $PRIV passwd:
while ! sux -p "$PRIV" "$COMMAND"; do
echo -n 'Incorrect password or command failed. Try again? (y/n)'
read ans
if test "$ans" != "y" -a "$ans" != "Y"; then
exit 1
fi
done
else
echo enter $PRIV passwd:
while ! su -p "$PRIV" -c "$COMMAND"; do
echo -n 'Incorrect password or command failed. Try again? (y/n)'
read ans
if test "$ans" != "y" -a "$ans" != "Y"; then
exit 1
fi
done
fi;;
X11)
if test -z "$SU_TO_ROOT_X"; then
if which gksu >/dev/null 2>&1 ; then
SU_TO_ROOT_X=gksu
elif which kdesu >/dev/null 2>&1 ; then
SU_TO_ROOT_X=kdesu
elif which sux >/dev/null 2>&1 ; then
SU_TO_ROOT_X=sux
else
SU_TO_ROOT_X=su-to-root
fi
fi
if test "X$SU_TO_ROOT_X" = "Xgksu" ; then
gksu -u "$PRIV" "$COMMAND"
elif test "X$SU_TO_ROOT_X" = "Xkdesu" ; then
kdesu -u "$PRIV" "$COMMAND"
elif test "X$SU_TO_ROOT_X" = "Xsux" ; then
env SU_TO_ROOT_SU=sux \
x-terminal-emulator -e su-to-root -p "$PRIV" -c "$COMMAND"
# As a last resort, open a new x-terminal-emulator and prompt for the password
# Do not use -X here!
else
x-terminal-emulator -e su-to-root -p "$PRIV" -c "$COMMAND"
fi;;
esac
fi
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
.\" "verbatim" environment (from strace.1)
.de CW
.sp
.nf
.ft CW
..
.de CE
.ft
.fi
.sp
..
.TH su-to-root 1 "20 October 1998" "Debian Project" "Debian GNU/Linux manual"
.SH NAME
su-to-root \- A simple script to give an `interactive' front-end to su.
It can be used in menu entry commands to ask for the root password
.SH SYNOPSIS
.B su-to-root [-X] [\-p <user>] \-c <command>
.SH DESCRIPTION
Most menu entries simply start an editor or a game or whatever. But
some menu entries would like to give the user the ability to change
important settings in the system, that require root privileges.
.B su-to-root
can be used to ask for the root password.
.SH OPTIONS
.IP -c <command>
The command to execute as a string. This option is mandatory.
.IP -p <user>
The name of the user to su to, instead of root.
.IP -X
The command is a X11 program that do not require a terminal.
This is to be used with menu entries that declare needs="X11".
.SH ENVIRONMENT
.IP SU_TO_ROOT_X
Select the su-like program called by \fBsu-to-root -X\fR.
Supported values are \fIgksu\fR, \fIkdesu\fR and \fIsux\fR.
.IP SU_TO_ROOT_SU
If set to \fIsux\fR force
.B su-to-root
to use \fIsux\fR in text mode.
.SH FILES
.IP ~/.su-to-rootrc
(\fBexperimental\fR)
\fBsu-to-root\fR will source this file at startup. This lets you define and
modify the environment variables above without restarting your X session.
.SH COPYING
.B su-to-root
is distributed under the GNU General Public License.
(GPL 2.0 or greater).
.SH AUTHORS
Joost Witteveen
.RI <[EMAIL PROTECTED]>
.P
X11 support by Morten Brix Pedersen and Bill Allombert
.RI <[EMAIL PROTECTED]>
.SH "SEE ALSO"
.BR update-menus (1),
.BR menufile (5),
.BR /usr/share/doc/menu/html
