How to pass root or sudo password to the Linux Kernel via a Lazarus GUI

[TurboRascal]

One word of warning though - this way you are dependent on the existence of the sudo command, which is not always available. While Ubuntu, for example, has it by default because it's built around the concept of using sudo for administrative task, AFAIK RedHat based distributions don't have it, and I think Debian too. So, you should check for the existence of the sudo command.

The troubles don't end there though, most of the distributions which don't have sudo by default don't even allow users to sudo unless configured to do so. Those systems are usually meant to be administered by logging in as root and using su. For example, in default installs, you cannot use su in Ubuntu nor sudo in Fedora, because Ubuntu is installed without root password, and Fedora doesn't give the users sudo privilege by default.

My proposal for this to work would be to check if sudo exists, if it doesn't, you should give up on it and check for su, then ask for root password if it exists. This way you will have a better chance to get the right way for the root rights as intended by the distribution.

I myself would prefer to implement the authentication methods used by sudo and su in the program itself, instead of depending on external programs, but I believe the above solution with trying sudo and then su should practically always work.

@BigChimp: I don't think "clearing" the password would work that way, at least not if your new string has different length from the original pass, that might cause it to write the string to another memory location and leave the original location as "undefined" data, which would mean the password will remain there. I have never tried to do something like that though, but my guess would be that rewriting the string with the same length string might do the trick, even more likely if you use the pointer to it...

[ludob]

policykit is the recommended way to get privilege elevation and is installed per default on most modern linux distributions. To run a program as super user is quite simple. Example:

Code: [Select]

program runasroot;

uses
  process;

var
  Proc: TProcess;
  s:string;
  len:integer;
begin
  Proc := TProcess.Create(nil);
  Proc.Options := [poWaitOnExit,poUsePipes];
  Proc.CommandLine := 'pkexec whoami';
  Proc.Execute;
  setlength(s,200);
  len:=Proc.output.read(s[1],200);
  setlength(s,len);
  Proc.free;
  writeln(s);
end.           

A window will pop up requesting root authorization. This is the same window you get when you run an administrative program. No security risks since your program isn't involved in getting the root password 

[BigChimp]

Ludo,

Thanks!

@BigChimp: I don't think "clearing" the password would work that way, at least not if your new string has different length from the original pass, that might cause it to write the string to another memory location and leave the original location as "undefined" data, which would mean the password will remain there. I have never tried to do something like that though, but my guess would be that rewriting the string with the same length string might do the trick, even more likely if you use the pointer to it...

Arny, you're probably right...

[a.atalla]

The use of policykit is the recommended way to do it in linux
but what if i want to modify some config files that need root priviliages ,do i need to run my Laz app with pkexec ?
is that the only way ????