如何使用 pkexec 以 root 身份執行 GUI 應用程序？

我正在使用Gnome3 閃回桌面環境附帶的Trisquel GNU/Linux-Libre。

我知道我可以通過sudo&以 root 身份執行 GUI 應用程序，gksudo但我想知道如何在 的幫助下以 root 身份執行 GUI 應用程序**pkexec**？

當我嘗試執行gedit（或任何其他應用程序，如nautilus：）pkexec gedit時，它會提示輸入密碼以進行身份驗證：-

輸入密碼後退出並出現錯誤：-

$ pkexec gedit
error: XDG_RUNTIME_DIR not set in the environment.

(gedit:6135): Gtk-WARNING **: cannot open display:

---

所以，顯示環境似乎出了點問題。

我也嘗試過DISPLAY=:0 pkexec gedit但不起作用。

---

以下資訊可從man pkexec：-

PROGRAM 將執行它的環境將設置為最小已知和安全環境，以避免通過 LD_LIBRARY_PATH 或類似機制注入程式碼。此外，PKEXEC_UID 環境變數設置為呼叫 pkexec 的程序的使用者 ID。因此，pkexec 將不允許您以另一個使用者身份執行 X11 應用程序，因為 $ DISPLAY and $ 未設置 XAUTHORITY 環境變數。如果操作上的 org.freedesktop.policykit.exec.allow_gui 註釋設置為非空值，則將保留這兩個變數；但是，這是不鼓勵的，並且應該只用於遺留程序。

現在我不知道該怎麼做才能做到這一點。

因此，幫助我了解如何通過pkexec. 或者這可能嗎？

---

順便說一句，受gparted-pkexec命令啟發，效果很好。怎麼gparted用pkexec？

可以通過向 policykit 添加自定義操作來完成。如果你想以 root 身份執行 gedit，pkexec你必須創建新文件/usr/share/polkit-1/actions/org.freedesktop.policykit.gedit.policy，例如：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
   <action id="org.freedesktop.policykit.pkexec.gedit">
   <description>Run gedit program</description>
   <message>Authentication is required to run the gedit</message>
   <icon_name>accessories-text-editor</icon_name>
   <defaults>
       <allow_any>auth_admin</allow_any>
       <allow_inactive>auth_admin</allow_inactive>
       <allow_active>auth_admin</allow_active>
   </defaults>
   <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gedit</annotate>
   <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
   </action>
</policyconfig>

最後pkexec gedit應該按預期工作。

---

訪問手冊頁或參考手冊，其中使用範例進行解釋，例如：-

$ man pkexec | grep -i ^Example -A 60
EXAMPLE
      To specify what kind of authorization is needed to execute the program /usr/bin/pk-example-frobnicate as
      another user, simply write an action definition file like this

          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE policyconfig PUBLIC
           "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
           "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
          <policyconfig>

            <vendor>Examples for the PolicyKit Project</vendor>
            <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>

            <action id="org.freedesktop.policykit.example.pkexec.run-frobnicate">
              <description>Run the PolicyKit example program Frobnicate</description>
              <description xml:lang="da">Kør PolicyKit eksemplet Frobnicate</description>
              <message>Authentication is required to run the PolicyKit example program Frobnicate (user=$(user), program=$(program), command_line=$(command_line))</message>
              <message xml:lang="da">Autorisering er påkrævet for at afvikle PolicyKit eksemplet Frobnicate (user=$(user), program=$(program), command_line=$(command_line))</message>
              <icon_name>audio-x-generic</icon_name>
              <defaults>
                <allow_any>no</allow_any>
                <allow_inactive>no</allow_inactive>
                <allow_active>auth_self_keep</allow_active>
              </defaults>
              <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate>
            </action>

          </policyconfig>

      and drop it in the /usr/share/polkit-1/actions directory under a suitable name (e.g. matching the namespace of
      the action). Note that in addition to specifying the program, the authentication message, description, icon
      and defaults can be specified. Note that occurences of the strings $(user), $(program) and $(command_line) in
      the message will be replaced with respectively the user (of the form "Real Name (username)" or just "username"
      if there is no real name for the username), the binary to execute (a fully-qualified path, e.g.
      "/usr/bin/pk-example-frobnicate") and the command-line, e.g. "pk-example-frobnicate foo bar". For example, for
      the action defined above, the following authentication dialog will be shown:

          [IMAGE][2]

              +----------------------------------------------------------+
              |                     Authenticate                     [X] |
              +----------------------------------------------------------+
              |                                                          |
              |  [Icon]  Authentication is required to run the PolicyKit |
              |          example program Frobnicate                      |
              |                                                          |
              |          An application is attempting to perform an      |
              |          action that requires privileges. Authentication |
              |          is required to perform this action.             |
              |                                                          |
              |          Password: [__________________________________]  |
              |                                                          |
              | [V] Details:                                             |
              |  Command: /usr/bin/pk-example-frobnicate                 |
              |  Run As:  Super User (root)                              |
              |  Action:  org.fd.pk.example.pkexec.run-frobnicate        |
              |  Vendor:  Examples for the PolicyKit Project             |
              |                                                          |
              |                                  [Cancel] [Authenticate] |
              +----------------------------------------------------------+

引用自：https://unix.stackexchange.com/questions/203136