Administrative File Management Challenges

Adminstrative File Management Challenges

Synopsis

Many users prefer graphical applications for file management both organizing, viewing content and edit of content.

Root or superuser administration

With newer more secure methods coming - methods which is designed to avoid the security flaws in X (not that I know much of them) - we also face the fact that our proven methods are beginning to fail.

There is several actions we are used to do - like opening a file manager as root or edit a configuration in a grapfical editor - but these actions are becoming increasingly difficult. Launching a new instance of pcmanfm as superuser fails and we get annoyed.

The hardcore users are not as much affected as new users - they use the terminal most of time - simply because it is faster - and they have done so for a long time - making the commands easy to remember. Many hardcore users has scripted various parts of their administrative tasks.

But new users - coming from Windows - do not have that background and may be confused that it is not possible to edit a configuration directly using e.g. Xed or Mousepad.

Old ways - new commands

Recently we have faced - years ago - the gksu package was deprecated and not installed as part of a default ISO. Then we found an old app on the Debian attic which made a nice replacement for gksu - the gksu-polkit package. The sources for this package is 10 years old and it is also beginning to fail in certain environments.

gvfs

Gvfs is a set of GTK functions and protocols to manage files and folders over a range of devices. The basics is covered in the gvfs package but specialized functions are available for NFS, SMB, Google drive etc.

Using this to manage files and folders is straight forward e.g. launching a filemanager (pcmanfm is not working)

thunar admin:///etc

Edit a config file e.g.

gedit admin:/etc/fstab

pkexec

If I should define why it is called so it would be a policy kit execution app. The pkexec authentication is targeted at graphical applications but works using CLI apps as well.

Pamac is a good example of an application implementing both a graphical and cli authentication through the dbus.

Pkexec provides a graphical authorization window where the user can verify it is either the polkit itself or an application action which can be identified by clicking the details link in the authorization window.

Because policykit is build to avoid the insecurity of Xorg applications it will require specific instructions when launching a graphical application with administrative aka root permissions. This makes it hard to use because it need information of the user executing in graphical context and which screen the app is running in/on.

The authorization app mentioned (gksu-polkit) is an application designed to run from CLI and obtain the authorization credentials - connect with the polkit daemon and return an answer. This has worked for quite some time but it has begun failing.

zensu

Some years ago @Chrysostomus created a wrapper around the su commandline authentication. The package is in the repo as zensu and provides the necessary authentication for running graphical utilites using either a desktop launcher or the commandline.

sudo pacman -Syu zensu

The zensu package provides a gksu symlink (just like the gksu-polkit app do) so existing applications or scripts depending on the gksu command being available do not break.

Conclusion

If you are having problems with your preferred execute-x-app-as-root shortcuts you may install the zensu package and you will keep going for a while.

But be prepared for changes in the years to come and do try to familiarize yourself which the policykit and pkexec - the pros and cons - the do's and don'ts.

40 Likes

Forum kindly sponsored by