You are not logged in.

#1 2016-01-17 04:42:34

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Sudo vs Polkits

Hi everyone,

So after reading some of tknomanzr's thread here: https://forums.bunsenlabs.org/viewtopic.php?id=971

and reading this article: Admin-Magazine Sudo & Policy Kits

As far as I understand it, Is it correct in assuming that a system can enforce permissions by sudo, polkits, or both? Or is it either one or the other?  I can see in Debian (and inherently B.L) we don't have any sudo files or packages installed. So I assume we are dealing with permissions using polkit. (cd'ing to /usr/share/polkit-1/ confirms this..)

If so inclined though, could I install and run the sudo package and effectively have a "two factor" authorization or permission type? (the system would check both permission standards?) Or can they not co-exist peacefully?

Also is it generally accept that polkit is more granular, but less user friendly than sudo?

Last edited by Horizon_Brave (2016-01-17 05:02:35)


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#2 2016-01-17 09:38:45

ohnonot
...again
Registered: 2015-09-29
Posts: 5,592

Re: Sudo vs Polkits

sudo isinstalled on my bl, and i'm 99.9% 100% sure it was there from the beginning.

no, i think they are just different ways to achieve the same thing: privilege escalation for certain apps/commands.
i don't know much about polkit, i guess it's better for automation, and i think it is what works with systemd, but i think you can essentially achieve the same things with both.
sudo maybe better for the manual approach: i have a script i want to run with a mouseclick, without typing my password each time - you can add that particular script to /etc/sudoers, voilá!
once you've done it succesfully (yes, please use visudo!), it's not so hard. and effective immediately.

Offline

#3 2016-01-17 10:33:11

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 9,093
Website

Re: Sudo vs Polkits

Horizon_Brave wrote:

I can see in Debian (and inherently B.L) we don't have any sudo files or packages installed

Pure Debian doesn't include sudo by default but BunsenLabs does.

In respect of the differences between polkit & sudo(8), from your link:

In contrast to sudo, PolicyKit regulates individual (system) functions.

So polkit is a framework that allows individual actions (such as drive mounting, for example) to be controlled at a fine-grained level that is impossible with /etc/sudoers

Polkit rules set the general security level on your system, which actions need which level of permission, etc, whereas sudo(8) controls who has access to those permissions.

Offline

#4 2016-01-17 23:12:58

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

ohnonot wrote:

sudo isinstalled on my bl, and i'm 99.9% 100% sure it was there from the beginning.

no, i think they are just different ways to achieve the same thing: privilege escalation for certain apps/commands.
i don't know much about polkit, i guess it's better for automation, and i think it is what works with systemd, but i think you can essentially achieve the same things with both.
sudo maybe better for the manual approach: i have a script i want to run with a mouseclick, without typing my password each time - you can add that particular script to /etc/sudoers, voilá!
once you've done it succesfully (yes, please use visudo!), it's not so hard. and effective immediately.

Hmm that's curious, any explanation for this:

nosudo.jpg

The same nothingness exists for my user accounts as well


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#5 2016-01-17 23:18:51

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 9,093
Website

Re: Sudo vs Polkits

Horizon_Brave wrote:

any explanation for this:

How did you log on to the root account?

Does `/usr/bin/sudo -i` work?

What is the output of:

apt-cache policy sudo

How did you install this system?

What have you done with it since installation?

Offline

#6 2016-01-17 23:34:45

damo
....moderator....
Registered: 2015-08-20
Posts: 6,734

Re: Sudo vs Polkits

`sudo` is included in the BL package list. The bl-welcome script needs it, so you wouldn't get very far as a noob user without it.


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#7 2016-01-17 23:42:16

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

Head_on_a_Stick wrote:
Horizon_Brave wrote:

I can see in Debian (and inherently B.L) we don't have any sudo files or packages installed

Pure Debian doesn't include sudo by default but BunsenLabs does.

In respect of the differences between polkit & sudo(8), from your link:

In contrast to sudo, PolicyKit regulates individual (system) functions.

So polkit is a framework that allows individual actions (such as drive mounting, for example) to be controlled at a fine-grained level that is impossible with /etc/sudoers

Polkit rules set the general security level on your system, which actions need which level of permission, etc, whereas sudo(8) controls who has access to those permissions.


Hmm so in a nutshell. Polkits regulates what processes need what level of permission, and sudo and /etc/sudoers regulates what users can do with the levels of permissions.

So Polkits seem fairly newish, So what regulated this before? Was it all left up to sudoers?


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#8 2016-01-17 23:46:28

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

Head_on_a_Stick wrote:
Horizon_Brave wrote:

any explanation for this:

How did you log on to the root account?

Does `/usr/bin/sudo -i` work?

What is the output of:

apt-cache policy sudo

How did you install this system?

What have you done with it since installation?

Hey, thanks for the quick replies, I missed your responses before I posted my previous comment. Anyway, the result of apt-cache:

aptcachesudo.jpg

And no dice with the /usr/bin/sudo  doesn't even exist in that dir.

Installation was from the normal bl Hydrogen-rc1 iso on a dvd.  And yea I went through the bl welcome script.  Its running in a VM on Virtualbox, but that shouldn't matter.

I log into root  by logging into my normal users and using su.  or directly from the terminal login prompt.

Last edited by Horizon_Brave (2016-01-17 23:50:18)


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#9 2016-01-17 23:59:41

damo
....moderator....
Registered: 2015-08-20
Posts: 6,734

Re: Sudo vs Polkits

Horizon_Brave wrote:

.....

Hmm so in a nutshell. Polkits regulates what processes need what level of permission, and sudo and /etc/sudoers regulates what users can do with the levels of permissions.

So Polkits seem fairly newish, So what regulated this before? Was it all left up to sudoers?

Well, June 2009 isn't fairly newish wink It supercedes PolicyKit.

https://en.wikipedia.org/wiki/Polkit wrote:

It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).[6] However, it may be preferable to use sudo, as this command provides more flexibility and security, in addition to being easier to configure

Did you specify a root password during the installation? I think sudo is not installed in that case.


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#10 2016-01-18 00:16:14

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

damo wrote:
Horizon_Brave wrote:

.....

Hmm so in a nutshell. Polkits regulates what processes need what level of permission, and sudo and /etc/sudoers regulates what users can do with the levels of permissions.

So Polkits seem fairly newish, So what regulated this before? Was it all left up to sudoers?

Well, June 2009 isn't fairly newish wink It supercedes PolicyKit.

https://en.wikipedia.org/wiki/Polkit wrote:

It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).[6] However, it may be preferable to use sudo, as this command provides more flexibility and security, in addition to being easier to configure

Did you specify a root password during the installation? I think sudo is not installed in that case.

Ahh, yea that makes sense, I did give root a PW. So I suppose that would trigger it to logically cancel out th eneed for the sudo installation, since you basically enable root as a login account?


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#11 2016-01-18 07:31:54

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 9,093
Website

Re: Sudo vs Polkits

Please use code tags when posting terminal output.

Many of the forum users will have limited bandwidth so it helps to use text rather than images of text wink

If you wish to use `sudo` then see this guide:
https://wiki.debian.org/sudo

Offline

#12 2016-01-18 18:29:33

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

Head_on_a_Stick wrote:

Please use code tags when posting terminal output.

Many of the forum users will have limited bandwidth so it helps to use text rather than images of text wink

If you wish to use `sudo` then see this guide:
https://wiki.debian.org/sudo

Whoops. I still haven't figured out how to copy and paste text from virtualbox to the host. It's why I take the screen shots  mad


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#13 2016-01-18 18:34:52

damo
....moderator....
Registered: 2015-08-20
Posts: 6,734

Re: Sudo vs Polkits

Horizon_Brave wrote:

...
Whoops. I still haven't figured out how to copy and paste text from virtualbox to the host. It's why I take the screen shots  mad

It is in the Machine settings, but you need Guest Additions installed first wink
Preparing a fresh BL install for VB Guest Additions

Last edited by damo (2016-01-18 18:38:47)


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#14 2016-01-18 18:37:10

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

damo wrote:
Horizon_Brave wrote:

...
Whoops. I still haven't figured out how to copy and paste text from virtualbox to the host. It's why I take the screen shots  mad

It is in the Machine settings wink

Not to get too off track, but yea I enabled bi directional clip board sharing, but I'm not sure what key set to use to actually use it.


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#15 2016-01-18 18:40:07

damo
....moderator....
Registered: 2015-08-20
Posts: 6,734

Re: Sudo vs Polkits

Horizon_Brave wrote:

...

Not to get too off track, but yea I enabled bi directional clip board sharing, but I'm not sure what key set to use to actually use it.

If you have a problem with keys, can you highlight, r-click, copy?


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#16 2016-01-18 19:03:27

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

damo wrote:
Horizon_Brave wrote:

...

Not to get too off track, but yea I enabled bi directional clip board sharing, but I'm not sure what key set to use to actually use it.

If you have a problem with keys, can you highlight, r-click, copy?

No, in this instance of BL, I'm not using any xsession. I boot straight to the console, so no right clicking, menus or anything.


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#17 2016-01-18 19:10:44

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 9,093
Website

Re: Sudo vs Polkits

Have you tried the pen&paper copy&paste method?
tongue

Offline

#18 2016-01-18 19:18:33

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

Head_on_a_Stick wrote:

Have you tried the pen&paper copy&paste method?
tongue

hehe, it works though!


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#19 2016-01-18 19:53:46

damo
....moderator....
Registered: 2015-08-20
Posts: 6,734

Re: Sudo vs Polkits

Horizon_Brave wrote:
damo wrote:
Horizon_Brave wrote:

...

Not to get too off track, but yea I enabled bi directional clip board sharing, but I'm not sure what key set to use to actually use it.

If you have a problem with keys, can you highlight, r-click, copy?

No, in this instance of BL, I'm not using any xsession. I boot straight to the console, so no right clicking, menus or anything.

I was talking about the BL terminal output in the VM. Is that not using openbox-session either?


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#20 2016-01-18 20:04:11

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Sudo vs Polkits

damo wrote:
Horizon_Brave wrote:
damo wrote:

If you have a problem with keys, can you highlight, r-click, copy?

No, in this instance of BL, I'm not using any xsession. I boot straight to the console, so no right clicking, menus or anything.

I was talking about the BL terminal output in the VM. Is that not using openbox-session either?


Yea, I have two two VM's of BL. The one I"m referring to isn't running openbox at all. No gui X at all.


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

Board footer

Powered by FluxBB