adnan360 8e828a99e7 Add sudo GUI password prompt example | 3 years ago | |
---|---|---|
.. | ||
README.md | 3 years ago | |
passprompt.sh | 3 years ago | |
run.sh | 3 years ago |
When scripts are run from GUI and not from a terminal, there are no sudo password prompts shown. For example, reboot/shutdown menu in openbox implemented with rofi or dmenu. On some systems it takes sudo reboot
and a sudo password input to do a reboot. This is tricky to do in GUI. Unless polkit or any other solution is used and properly configured, it is not possible to run sudo commands from GUI. Not every system has polkit or other solutions installed. So this is a problem.
sudo
has a -A
or --askpass
parameter which can use any program/script that can take an input and then print the input as a password prompt. e.g. Run ssh-askpass
on a terminal, enter something and you'll see your input being printed out. It just prints the input to stdout. So this can be used for askpass.
Any program/script that can do this basic thing can be used with SUDO_ASKPASS
to replace the default cli sudo password prompt. But it's recommended to use masked password prompt whenever possible. That means one which does not show the input on screen when being typed. It's not good to show sudo password on screen when it is being input because any person passing by can see the password.
A small note though, I am not aware if this solution has any security issues.
ssh-askpass
If you have ssh-askpass
installed on your system:
SUDO_ASKPASS=`which ssh-askpass` sudo -A <some command>
For example, running "SUDO_ASKPASS=which ssh-askpass
sudo -A " can be used to reboot the system.
rofi
or anything elseIf you don't have ssh-askpass
and want to use something else, just make a simple file like this:
~/passprompt.sh
#!/usr/bin/env bash
rofi -dmenu -i -p 'sudo password' -password -theme-str 'inputbar {children: [prompt,entry];} listview {lines: 0;}'
SUDO_ASKPASS
does not accept command with parameters. This is a workaround to make it take our parameters. We'll just set this script as SUDO_ASKPASS
.
Make it executable with: chmod +x ~/passprompt.sh
Then run:
SUDO_ASKPASS="$HOME/passprompt.sh" sudo -A <some command>
This will first ask for password if sudo requires it. Then it will run the command. e.g. You can run SUDO_ASKPASS="$HOME/passprompt.sh" sudo -A reboot
to have a script running in the GUI to ask for password and reboot.
This dir has 2 scripts as an example to ask for the sudo password in GUI and then run any command as sudo. Just try:
./run.sh <some command>
For example, running ./run.sh reboot
will ask for sudo password (probably won't if exception is configured) and reboot the system.