Results 1 to 5 of 5

Thread: Authorization via sudo

  1. #1

    Default Authorization via sudo

    I would like to configure openSUSE that way that, like in other distribution, like Fedora etc., it asks for sudo authorization instead of root password when admin privileges in Gnome or KDE are required
    For example when mounting partitions or opening yast. I allready configured sudo to prompt for user password.
    Anyone knows how to do that?

    thanks in advance

  2. #2

    Default Re: Authorization via sudo

    Quote Originally Posted by microsponge View Post
    I would like to configure openSUSE that way that, like in other distribution, like Fedora etc., it asks for sudo authorization instead of root password when admin privileges in Gnome or KDE are required
    For example when mounting partitions or opening yast. I allready configured sudo to prompt for user password.
    Anyone knows how to do that?
    KDE and GNOME don't use sudo.
    They have their own tools (kdesu, gnomesu) which use su to gain root privilees and/or they use polkit.

    At least kdesu can be configured to use sudo instead though, it then also respects sudo's settings.

    For polkit you have to override the appropriate rules in /etc/polkit-default-privs.local, or create your own javascript snipplet in /etc/polkit-1/rules.d/.

    See also here:
    https://forums.opensuse.org/showthre...d-sudoers-help

  3. #3

    Default Re: Authorization via sudo

    That's unfortunate, I was hoping for somesting like a config parameter to change from su to sudo
    And I guess gnomesu won't get sudo support anytime soon....
    Nevertheless thanks for the fast answer!

  4. #4

    Default Re: Authorization via sudo

    Quote Originally Posted by microsponge View Post
    That's unfortunate, I was hoping for somesting like a config parameter to change from su to sudo
    There is one for kdesum as mentioned. But there's no general switch to use sudo instead of su, as sudo and su are two completely different things.

    And I guess gnomesu won't get sudo support anytime soon....
    Probably never, as it seems to be deprecated anyway.

    And even if, it wouldn't help you with most desktop stuff. As I said, this uses polkit, not gnomesu.
    gnomesu is only used for some menu entries that start applications as root (YaST e.g.). Actually those use xdg-su though (which in turn runs gnomesu in GNOME and some other desktops, kdesu in KDE, and "su -" as fallback), so you could replace this with your own version that runs kdesu or pkexec (the latter uses polkit, and can be configured to ask for the user password too).

    The easiest way to switch polkit to using the user password instead of root's, would be:
    - copy the content of polkit-default-privs.standard to /etc/polkit-default-privs.local and replace all occurences of "auth_admin" with "auth_self", and "auth_admin_keep" with "auth_self_keep", and so on
    - then run "sudo set_polkit_default_privs" to apply the change
    Note that this will apply to all users then though, not just ones that are part of the wheel group or something like that.

    Another option would probably be to copy all the polkit stuff (/etc/polkit-1/) from Fedora to openSUSE.

  5. #5

    Default Re: Authorization via sudo

    That's great information!

    Quote Originally Posted by wolfi323 View Post
    Note that this will apply to all users then though, not just ones that are part of the wheel group or something like that.
    As I'm currently the only user I can live with that. So I did:

    Code:
    snapper -c root create --description "polkit configuration"
    just to be sure . Then:

    Code:
    cat /etc/polkit-default-privs.standard >> /etc/polkit-default-privs.local
    and

    Code:
    sed -i 's/auth_admin/auth_self/g' /etc/polkit-default-privs.local
    so far it works great, except for starting yast but that's enough for today.
    Many thanks again!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •