Development/Tutorials/PolicyKit/Helper HowTo: Difference between revisions
No edit summary |
No edit summary |
||
Line 19: | Line 19: | ||
* '''Include in the helper just the strictly needed code.''' The fact itself that is a helper delegated to run just small parts of code implies that only the few lines of code you need to run as root should go in | * '''Include in the helper just the strictly needed code.''' The fact itself that is a helper delegated to run just small parts of code implies that only the few lines of code you need to run as root should go in | ||
* '''Link against and use the minor number of libraries possible.''' The helper itself requires only QtCore and QtDBus. In particular, try not to use KDELibs as possible, as they were not designed to be used as root. | * '''Link against and use the minor number of libraries possible.''' The helper itself requires only QtCore and QtDBus. In particular, try not to use KDELibs as possible, as they were not designed to be used as root. | ||
* '''DO NOT USE SETUID IN HELPER.''' We'll see in this tutorial how to get root privileges without messing with the setuid bit. | |||
If you are aware of this, and you're also sure that your application actually needs root privileges, you can go on reading. | |||
== What we need to do == | |||
What is cool about PolicyKit and this approach is that we need to write a minimum portion of code, don't need hacks or executon bits, and we actually get root privileges for a minimum portion of code. Suppose we still have our foo application we saw in the precedent Tutorial. From our .policy file, we know action2 actually does something that requires authentication as root. In fact, the following lines of code in action2 definitely require root privileges: | |||
<code cpp> | |||
eraseHardDrive(); | |||
killUser(); | |||
detonatePC(); | |||
runAsFastAsYouCan(); | |||
</code> |
Revision as of 17:23, 11 March 2009
Development/Tutorials/PolicyKit/Introduction
Languages: عربي | Asturianu | Català | Česky | Kaszëbsczi | Dansk | Deutsch | English | Esperanto | Español | Eesti | فارسی | Suomi | Français | Galego | Italiano | 日本語 | 한국어 | Norwegian | Polski | Português Brasileiro | Română | Русский | Svenska | Slovenčina | Slovenščina | српски | Türkçe | Tiếng Việt | Українська | 简体中文 | 繁體中文
Tutorial Series | PolicyKit Tutorial |
Previous | Development/Tutorials/PolicyKit/Introduction |
What's Next | None
reading=None |
Further Reading | n/a |
Before you start
Applications running under root privileges has always been a major problem in Linux, and PolicyKit was created exactly to make the whole process easier and more secure. Though, running applications as root, even if small and controlled, can be still a major issue. So there are a few things you should take in account that will help you minimize possible issues:
- Include in the helper just the strictly needed code. The fact itself that is a helper delegated to run just small parts of code implies that only the few lines of code you need to run as root should go in
- Link against and use the minor number of libraries possible. The helper itself requires only QtCore and QtDBus. In particular, try not to use KDELibs as possible, as they were not designed to be used as root.
- DO NOT USE SETUID IN HELPER. We'll see in this tutorial how to get root privileges without messing with the setuid bit.
If you are aware of this, and you're also sure that your application actually needs root privileges, you can go on reading.
What we need to do
What is cool about PolicyKit and this approach is that we need to write a minimum portion of code, don't need hacks or executon bits, and we actually get root privileges for a minimum portion of code. Suppose we still have our foo application we saw in the precedent Tutorial. From our .policy file, we know action2 actually does something that requires authentication as root. In fact, the following lines of code in action2 definitely require root privileges:
eraseHardDrive();
killUser();
detonatePC();
runAsFastAsYouCan();