gksudo disable elevation persistence

Karl Auer kauer at biplane.com.au
Sat Jan 16 12:33:09 UTC 2010


On Sat, 2010-01-16 at 06:05 -0600, Fabio A. Miranda wrote:
> After a call to gksudo using ProcessBuilder(), the WaitFor() mnthod
> returns, then, another ProcessBuilder does bash -c '/usr/bin/gksudo -k'
> 
> The command works perfect but the next ProcessBuilder() is still
> elevated so it doens't do anything.

I think you may be misunderstanding what's going on. The "elevation" as
you call it does not persist, it is just that sudo/gksudo remembers that
it is permitted to run stuff as root for a certain amount of time after
a password is entered. Inside that timeout period, it will not require a
password, and any commands it is asked to run it will simply run as
root.

Did you see my message regarding the timeout in the sudoers file?

BTW, don't use "gksudo -k", use "sudo -k". If run without a command,
gksudo will ask for one after zeroing the timeout, and running that
command (after giving the password, of course) will set the timeout
again!

> If a JVM is "elevated", the System.getProperty("user.home"); will return
> root's home, bcause gksudo was ran 2 minutes ago.

Only if the JVM is run via sudo/gksudo. The process that runs
sudo/gksudo will NOT get root privileges, only the process that
sudo/gksudo starts.

I haven't used sudo/gksudo inside Java, so maybe it's me that is
misunderstanding things...

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20100116/3a4c7234/attachment.pgp>


More information about the ubuntu-users mailing list