News, tips, partners, and perspectives for the Oracle Solaris operating system

Running Privileged Applications in the OpenSolaris GNOME Desktop

Darren Moffat
Senior Software Architect

gksu(1) says:

     This manual page documents briefly gksu and gksudo

     gksu is a frontend to su and gksudo is a frontend  to  sudo.
     Their primary purpose is to run graphical commands that need
     root without the need to run  an  X  terminal  emulator  and
     using su directly.

Unfortunately the man page doesn't currently (I'm logging a bug) say anything about the changes made for integration with OpenSolaris RBAC (LSARC/2006/348).

If the user has an RBAC profile entry to run the command, given as the argument to gksu, then gksu will execute the command using pfexec(1).

If the user doesn't have a direct RBAC profile entry for the command but the user can assume a role that does have an RBAC profile entry then gksu prompts for the role password and uses the role. In this case gksu is doing the exec using embedded_su(1M) (which is really a hardlink to /bin/su).

Failing all that then gksu prompts for the root password; which will fail it root is a role that the user can't assume.

Menu entries for things like packagemanager, updatemanager, printmanager on OpenSolaris already do use gksu(1)

gksu by default does a full X keyboard and mouse grab while prompting for the password.  It also passes on the users X magic cookie so GUI programs work well.

gksu can also use sudo as the back end instead of OpenSolaris RBAC or embeded_su, that is standard gksu behaviour though not something specific to OpenSolaris.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.