bash - Need root right for accessing any folders eventually '/etc' and start gui apps 'okular'

Hello.

I use a bash script to find files from any folder including /etc.
In the script, I use the command find to create a text file which contains the list of files.
Then the script read the list.
Depending of the file extension the script starts google-earth or okular or some other graphical software.

The script run normally if started from a root console but it is a bad manner.

Running from a user console, the script give this error :


Text read from file: /win_linux_echange/USER_DATA/PRODUCT/LEVEL1/FORD.pdf
FILENAME : FORD.pdf
EXT_NAME : pdf
show pdf file : /win_linux_echange/USER_DATA/PRODUCT/LEVEL1/FORD.pdf

COMMAND : kdesu okular /win_linux_echange/USER_DATA/PRODUCT/LEVEL1/FORD.pdf
**QXcbConnection: Could not connect to display
/backup_sys/000_COMMON/Bin/files_show_files_from_date: line 64: 13503 Aborted                 kdesu okular /win_linux_echange/USER_DATA/PRODUCT/LEVEL1/FORD.pdf**

The main script start with :

# # ensure running as root
if  "$(id -u)" != "0" ]; then
    exec sudo "$0" "$@"
fi
#
...
...


Then call another script file :

/backup_sys/000_COMMON/Bin/files_show_files_from_date   param1  param2  param3

This second script use :


.....
.....

        case "$EXT_NAME" in
.....
.....
                pdf)
                        # show pdf file
                        echo "show pdf file : $line"
                        show_pdf_file "$line"
                        ;;

.....
.....
                *)
                        echo "Cannot show this kind of file with 'ext' : $EXT_NAME"

        esac


and the function show_pdf_file contains :

function show_pdf_file () {

    local TXT_FILE_NAME
    TXT_FILE_NAME="$1"
    echo
    echo
    CMD="kdesu okular $TXT_FILE_NAME"
    echo "COMMAND : $CMD"
    kdesu okular $TXT_FILE_NAME
    echo
    echo
    echo
    echo "Type a key to continue"
    read MY_TEMP
    echo
    echo
}

Any help is welcome.

You cannot connect to a display, because the environment variable $DISPLAY is not not passed along by “sudo”. Maybe use “su -” in place of “sudo” . Or perhaps you would need:

su - -c

since you are passing an argument line to the root shell.

At the moment I don’t know if there is a safe way for a script to access the display, a number of vulnerabilities have been patched in recent years so a number of tried and true methods that have been used for decades no longer work. Perhaps the most common way to do what you’re asking about is to invoke “xhost+” If you write your script using this function, it’s anyone’s guess how long it will work and will likely require modifications in the future.

There may be better alternatives for what you’re trying to do… If the text doesn’t change, maybe echo the text to stdout?
Or, is there a real requirement in your use to connect to the display, what if you simply invoke Ocular, particularly if the document is invoked with a specific User profile/account?

TSU

Before I read your comments, I have made another try.
I have make a “link to application”, and fill the run as user as root.
That works with errors :

COMMAND : kdesu okular /win_linux_echange/USER_DATA/PRODUCT/LEVEL1/FORD.pdf
QStandardPaths: wrong ownership on runtime directory /run/user/1001, 1001 instead of 0
klauncher not running... launching kdeinit
QStandardPaths: wrong ownership on runtime directory /run/user/1001, 1001 instead of 0
QStandardPaths: wrong ownership on runtime directory /run/user/1001, 1001 instead of 0
No DBUS session-bus found. Check if you have started the DBUS server.
kdeinit5: Communication error with launcher. Exiting!
"KLauncher could not be reached via D-Bus. Error when calling kdeinit_exec_wait:
Not connected to D-Bus server
"
Don't need password!!

Is there any things to configure with the D-Bus registration option in the advance tab of the link to application ?
When I say it works with errors, I mean the script does what it’s supposed to do.

What is the difference with my previous attempt from command line ( "if not root run ‘exec sudo $0 $@’ " )

Any new comments are welcome.

I see those “wrong ownership” messages. But they have never caused problems for me. I suppose they only cause problems for applications which depend on that path.

I have no experience with using dbus for what you are trying to do.

Thank you very much for your quick comment.

What is the difference between:

  • Calling a script from user console; the script start with
"if not root do 'exec sudo $0  $@' ........ " )

. I try that but failed to do the job

  • Calling a script from user console; put
su - -c.... 

each time a command is started within the script

  • Calling a script from link to application and set run as to user root ( my second try )

The main difference is in what is passed along from the environment. The “sudo” command carefully cleans the environment for security reasons.

Instead of:

exec sudo "$0" "$@"

you could possibly try:

sudo DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY "$0" "$@"

but first make sure that $AUTHORITY is defined in your desktop.