Reputation: 5263
Use PolicyKit to give my application access to restricted files
I'm writing an application for Ubuntu, which allows you to customize the Unity 2D desktop environment.
Some settings, I can change using Dconf, which is user-specific. So if one user changes a setting, it only applies for that user.
For other settings, however, I need to edit text files which are located in /usr/share/unity-2d/, to which a normal user can't write. To solve this problem, I thought it was a good idea to have users run the application as root, which makes sure they have access to /usr/share/unity-2d/. Only, when the application is running as root, and one of the Dconf settings is changed, it gets changed in the root user's Dconf, so the changes don't apply to the actual user.
I need to find a solution to this problem, and my first realistic idea was to use PolicyKit. I need to make sure that my application runs as the current user (so not always as root), but that it does have access to /usr/share/unity-2d/ and the files inside it. I'm writing the application in C#, using the Mono framework. I don't really have any experience with PolicyKit, and to be honest this is my first attempt in making a serious Linux application.
My idea was PolicyKit, but if one of you has another (realistic) way to achieve this, that fine with me as well. If it comes down to using PolicyKit, I'd like to have a bit more information on how to do this, and what everything does, please. I know I can probably just run my application using pkexec, but I was actually thinking more among the lines of a button in my application to unlock the features which need access to that directory, which at that moment asks for a password to get writing access to the files in the folder. In this way, people who don't have special permissions on the system the application is running on, can still customize some basic settings.
Upvotes: 4
Views: 818
Answers (1)
Reputation: 385
Well, the obvious solution is to have two processes, one normal user app with the GUI, and something that runs as root that manipulates files as root.
E.g. as an analog "commandline only" issue would writing a file as root:
sudo echo Hello World >/root/hello.txt
Does not work because the redirection is done by the interactive shell and it does not have root's access.
The classical solution is to use two processes:
echo Hello World | sudo tee /root/hello.txt
Now the /root/hello.txt file is opened by tee which runs as root (via sudo), which is allowed.
Upvotes: 1
Related Questions
- How to modify file access control in .NET Core
- File permission to a specific application
- How to limit folder/file access to a program only?
- Make a file read/write accessible only from within my application
- Setting Windows file security
- Test file permissions on Mono
- How to set file access permissions for a file created in code (.NET)
- File access issue in C# application running on mac using mono
- How to run my app with privileges for access to _every_ directory?
- Mono on Unix - File system ACLs