[Idea][Wayland] Run administrator session

English Open Chat
1

Wayland have restrictions to ran programs as root or other user. Way to solve this is add new program in menu, called run administrator session.

This button will check environment variable, called prefered_admin_session and search for item with the same name belonging to specific for administration session path, for example /usr/graphical/sbin/Wayland_root. If user have some_program in prefered_admin_session environment variable, this button will start new Wayland session, which will have in env username and prefered_admin_session, so it could ask for admin password or password for current user. Once user provided correct password, it loads /user/graphical/sbin/Wayland_root/some_program.

Additionally, starting new administrator session means, that:
(1)clipboard content will be copy into new admin session
(2) New window in user’s wayland session will be displayed, with button called switch to administrator session (This button will switch onto VT with ran administrative session and synchronize clipboard; maybe it will asks for password again)
(3) Each Wayland compositor, which is compatible with this solution, will display go to normal user session, making opposite action to second point
(4) Some protocols can be written to communicate both normal and administrator session, like administrator session could display window from normal session and allow to use it, but with some restrictions.

2

At present, I am using:

xhost +SI:localuser:root

That allows the root user to run X sessions. I run that at a command line.

In a Konsole window, I can use “su” to get a root command prompt. That does not require anything special, since Konsole itself is not running as root. After giving that “xhost” command above, it can start root sessions as needed. In any case, after giving that suggested command, you should be able to run Yast, which will start a root X session.

As for administrator session – I’m waiting for something to be integrated into openSUSE to deal with such issues. For the present, a root command prompt and Yast are sufficient for most of what I need.

3

The concept of an Administrator is typically a User based security model like what you might find in SAMBA or LDAP, and not in a native Linux machine, although a common workaround is to deploy the “wheel group” as a kind of Administrators User Group.

Seems to me that an enterprising person could write a short script that incorporates the ideas of both @Lachu and @nrickert to enable easy access to elevated Wayland X sessions, but should first be reviewed by someone knowledgeable about related security issues.

TSU