gksudo disable elevation persistence

Fabio A. Miranda fabio.a.miranda at gmail.com
Sat Jan 16 13:02:36 UTC 2010 

Hello Karl, 

Thanks for your reply.

The "elevation" is commond among other environment, perhaps not Linux
"sudo".

Please, take the above code, and running it twice. The first time you
will get prom

public static void main(String[] args) {
        // TODO code application logic here
        ProcessBuilder pb = new ProcessBuilder();
        String comando = "";
        try {
            pb = new ProcessBuilder();
            pb.redirectErrorStream(true);
            comando = "/usr/bin/gksudo touch /bin/foo";
            pb.command("/bin/bash", "-c", comando);
            System.out.println(comando);
            Process p = pb.start();
            BufferedReader output = new BufferedReader(new
InputStreamReader(p.getInputStream()));
            String line;
            while ((line = output.readLine()) != null) {
                System.out.println(line);
            }
            int exitVal = p.waitFor();
            System.out.println("exit code" + exitVal);
        } catch (Exception e) {
            System.out.println(e.toString());
        }
}


You will see that a second attempt to execute it, with a different PID,
will request no password.

That is what i am trying to tell you, it is not PID related, anyone core
sudo developer to pronounce please ?

thanks,

fabio




On Sat, 2010-01-16 at 23:33 +1100, Karl Auer wrote:
> On Sat, 2010-01-16 at 06:05 -0600, Fabio A. Miranda wrote:
> > After a call to gksudo using ProcessBuilder(), the WaitFor() mnthod
> > returns, then, another ProcessBuilder does bash -c '/usr/bin/gksudo -k'
> > 
> > The command works perfect but the next ProcessBuilder() is still
> > elevated so it doens't do anything.
> 
> I think you may be misunderstanding what's going on. The "elevation" as
> you call it does not persist, it is just that sudo/gksudo remembers that
> it is permitted to run stuff as root for a certain amount of time after
> a password is entered. Inside that timeout period, it will not require a
> password, and any commands it is asked to run it will simply run as
> root.
> 
> Did you see my message regarding the timeout in the sudoers file?
> 
> BTW, don't use "gksudo -k", use "sudo -k". If run without a command,
> gksudo will ask for one after zeroing the timeout, and running that
> command (after giving the password, of course) will set the timeout
> again!
> 
> > If a JVM is "elevated", the System.getProperty("user.home"); will return
> > root's home, bcause gksudo was ran 2 minutes ago.
> 
> Only if the JVM is run via sudo/gksudo. The process that runs
> sudo/gksudo will NOT get root privileges, only the process that
> sudo/gksudo starts.
> 
> I haven't used sudo/gksudo inside Java, so maybe it's me that is
> misunderstanding things...
> 
> Regards, K.
>

More information about the ubuntu-users mailing list