[deepin exploration] Running Commands with Root Privileges Without Entering a Password
Technology Exchange 934 views · 1 replies ·
deepin小助手
Super Moderator
OM
2024-07-11 07:56
Author
Typically, to run commands with root privileges, you can use <span>sudo</span> and <span>pkexec</span>.
To skip the password entry step, you need to configure them separately.
<span>sudo</span> can manage users uniformly, while <span>pkexec</span> can be configured for each command, and it supports graphical interface authorization.
Configuring sudo
You can edit the sudo configuration file using the command <span>sudo visudo</span>.
Add the following line at the end of the file:
<span>maicss ALL=(ALL:ALL) NOPASSWD:ALL</span>
Make sure to add it at the end (after the <span>%sudo</span> line), otherwise it won't be effective.
After saving, the user <span>maicss</span> will not be prompted for a password when using <span>sudo</span>.
Configuring pkexec
The policy files for <span>pkexec</span> are stored in <span>/usr/share/polkit-1/actions/</span>. To modify the policy for a specific program, you need to add a policy file (you can copy an existing one and modify it).
Setting the Prompt Message
(Here, I am demonstrating on Fedora, using the <span>dnf</span> command as an example. You can configure and modify it according to your needs.)
To set the prompt message for the <span>dnf</span> command, create a new configuration file named <span>org.maicss.dnf.policy</span>. The name should ideally match the corresponding program ID, but you can name it anything, as long as it has a <span>.policy</span> extension.
中文 
deepin 
windows support 
GitHub 
Telegram 
Facebook 
Twitter 
Reddit 
Discord
Typically, to run commands with root privileges, you can use
<span>sudo</span>and<span>pkexec</span>.To skip the password entry step, you need to configure them separately.
<span>sudo</span>can manage users uniformly, while<span>pkexec</span>can be configured for each command, and it supports graphical interface authorization.Configuring sudo
You can edit the sudo configuration file using the command
<span>sudo visudo</span>.Add the following line at the end of the file:
<span>maicss ALL=(ALL:ALL) NOPASSWD:ALL</span>Make sure to add it at the end (after the
<span>%sudo</span>line), otherwise it won't be effective.After saving, the user
<span>maicss</span>will not be prompted for a password when using<span>sudo</span>.Configuring pkexec
The policy files for
<span>pkexec</span>are stored in<span>/usr/share/polkit-1/actions/</span>. To modify the policy for a specific program, you need to add a policy file (you can copy an existing one and modify it).Setting the Prompt Message
(Here, I am demonstrating on Fedora, using the
<span>dnf</span>command as an example. You can configure and modify it according to your needs.)To set the prompt message for the
<span>dnf</span>command, create a new configuration file named<span>org.maicss.dnf.policy</span>. The name should ideally match the corresponding program ID, but you can name it anything, as long as it has a<span>.policy</span>extension.<span><?xml version="1.0" encoding="UTF-8"?></span><span><!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"</span><span> "</span>"><span>http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"></span><span><policyconfig></span><span> <vendor>Dnf Package Manager</vendor></span><span> <icon_name>x-package-repository</icon_name></span><span> <action id="org.maicss.dnf"></span><span> <description>要使用包管理器需要root权限</description></span><span> <message>要使用dnf命令进行包管理需要获得root权限</message></span><span> <defaults></span><span> <allow_any>auth_admin</allow_any></span><span> <allow_inactive>auth_admin</allow_inactive></span><span> <allow_active>auth_admin</allow_active></span><span> </defaults></span><span> <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/dnf</annotate></span><span> <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate></span><span> </action></span><span></policyconfig></span>Explanation of some important lines:
<span>whereis</span>command to find the path if it's a command.Setting No Password Requirement
To set it so that no password is required, modify lines 11-13 in the code above to
<span>yes</span>, as shown below:<span><?xml version="1.0" encoding="UTF-8"?></span><span><!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"</span><span> "</span>"><span>http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"></span><span><policyconfig></span><span> <vendor>Dnf Package Manager</vendor></span><span> <icon_name>x-package-repository</icon_name></span><span> <action id="org.maicss.dnf"></span><span> <description>要使用包管理器需要root权限</description></span><span> <message>要使用dnf命令进行包管理需要获得root权限</message></span><span> <defaults></span><span> <allow_any>yes</allow_any></span><span> <allow_inactive>yes</allow_inactive></span><span> <allow_active>yes</allow_active></span><span> </defaults></span><span> <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/dnf</annotate></span><span> <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate></span><span> </action></span><span></policyconfig></span>Now, using the command
<span>pkexec dnf update</span>will not prompt for a password and will run directly.