3

ConsoleHelper - Making apps ask for passwords.

view full story
linux-howto

http://forums.fedoraforum.org – Hope this is in the right place and I apologize in advance if it is not. Many people would like not to have to open a terminal or have more granular control over permitions that can be achieved using PAM permissions(read the man pages for PAM for more information) and the consolehelper. The sources for this comes from Red Hat manuals Say we want to have gedit ask for a root pasword so we do the fallowing. - Step 1 - Open a terminal. (Applications -> System Tools -> Terminal) - Step 2 - Become root: Code: su - - Step 3 - Create a symlink in /usr/sbin/ Code: cd /usr/bin ln -s consolehelper gedit-root - Step 4 - Create a PAM configuration file in /etc/pam.d/foo: # Open an editor you like (vi, nano, gedit) create a file with this inside: #%PAM-1.0 auth [success=done ignore=ignore default=bad] pam_selinux_permit.so session include system-auth auth include system-auth auth optional pam_gnome_keyring.so account include system-auth password include system-auth Save it to /etc/pam.d/ with the name of your symlink in this case gedit-root ps: Those permissions were copied from the /etc/pam.d/gnome-screensaver file if you are curious about where I got those permitiions, but you can also read the man pages and do some interisting things with PAM permissions like limit resources to users, limit access and a lot more limiting. It is better then just using su -, you can even limit memory usage! :) - Step 5 - Create a description to PAM in /etc/security/console.apps/foo: With your preferred text editor paste this: USER=root PROGRAM=/usr/bin/gedit SESSION=true FALLBACK=false IMPORTANT! Please note that in the PROGRAM part the file called is gedit not gedit-root. Name the file gedit-root and save it in /etc/security/console.apps/ - Step 6 - Create a Desktop descriptor in /usr/share/applications/foo.desktop so you can see it on the applications menu: With your preferred text editor paste thiis: [Desktop Entry] Encoding=UTF-8 Name=gedit-root GenericName=Text Editor Root StartupNotify=true MimeType=text/plain; Categories=Application;System;X-Red-Hat-Base Comment=Launches Gedit As Root Icon=password.png Exec=/usr/bin/gedit-root Terminal=false Type=Application StartupNotify=true MimeType=text/plain; Icon=accessories-text-editor Categories=GNOME;GTK;Utility;TextEditor; X-GNOME-DocPath=gedit/gedit.xml X-GNOME-FullName=gedit-root Text Editor X-GNOME-Bugzilla-Bugzilla=GNOME X-GNOME-Bugzilla-Product=gedit X-GNOME-Bugzilla-Component=general X-GNOME-Bugzilla-Version=2.28.3 X-GNOME-Bugzilla-ExtraInfoScript=/usr/libexec/gedit-2/gedit-bugreport.sh X-Desktop-File-Install-Version=0.15 Name it gedit-root.desktop and save it to /usr/share/applications/ and you are done. Now when you need to edit your config files you can just click on the gedit-root and it will open gedit as root. ps: I took this configurations from the original gedit.desktop file and edited a little. You can now make programs ask for permissions like nautilus when you want to navigate through root owned folders, you can make the nvidia settings start as root and you can now using the PAM file describe what can be done or not. (HowTos)