tags:

views:

65

answers:

1

My app needs to do some privileged work. I've been looking everywhere, but I can't find anything useful. I know I want to use Policykit1 and dbus because all the other alternatives I've found aren't used anymore.

This is the code I got so far:

import dbus
import os

bus = dbus.SystemBus()
proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority')

system_bus_name = bus.get_unique_name()

subject = ('system-bus-name', {'name' : system_bus_name})
action_id = 'org.freedesktop.policykit.exec'
details = {}
flags = 1            # AllowUserInteraction flag
cancellation_id = '' # No cancellation i


result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id)

os.makedirs('/usr/local/share/somefolder')

I can't make the directory, what am I doing wrong?

+1  A: 

Filesystem security is stopping you because your user doesn't have write permissions to /usr/local/share/somefolder. You could use sudo to temporarily escalate permissions for that directory creation. But it doesn't stop there if you need to perform more operations as superuser.

If you need to write to something that isn't in user space, the entire program might be better of run as root (under sudo of course), such as sudo ./myscript.py.

jathanism
The whole point was to avoid using something like "sudo ./myscript.py" by using dbus and policykit as means to get privileges. So far this line of code: result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id) is able to ask for authentication but the privileges of the app doesn't rise even when I put my root password perfectly.
William
If you want to raise privileges by calling PolicyKit D-Bus methods (which is impossible), this makes no difference with running under `sudo`, because user has to trust your entire application. PolicyKit only allows calling pre-configured methods of privileged system services.
rkhayrov
Have you considered utilizing `gksudo` and just packaging your app with a simple bash script that executes `gksudo myscript.py`? That would certainly be a simple workaround.
jathanism