4

I am using Ubuntu Mate 20.04 and pkexec to launch apps with admin privileges if needed.

However, when policy agent kit asking to authorize request, there is no enough information to make a decision. For example, if I run

pkexec sh -c 'echo hello'

I'll see this promt:

policy-kit-agent

Note that there is no information about the command I'm trying to execute. So, it would look like the same for dangerous

pkexec sh -c 'rm -rf /'

How can I tweak my setup by configuring or changing agent so I can see more information (e.g. full command line) about action I'm asked to authorize?

ov7a
  • 261

1 Answers1

1

The variable responsible for full command line with arguments is command_line. To change it, one can create a custom policy as man pkexec page suggests.

However, I've ended up editing LC_MESSAGES. My locale is en_US, so I've done these steps:

  1. copied /usr/share/locale-langpack/en_GB/LC_MESSAGES/polkit-1.mo
  2. unpacked it with msgunfmt polkit-1.mo -o polkit-1.po
  3. edited polkit-1.po
msgid "Authentication is needed to run `$(program)' as the super user"
msgstr "Authentication is needed to run '$(program)' as the super user"

to

msgid "Authentication is needed to run `$(program)' as the super user"
msgstr "Authentication is needed to run '$(program)' ('$(command_line)') as the super user"

and several similar lines too.

  1. packed it back with msgfmt polkit-1.po -o polkit-1.mo
  2. put it into /usr/share/locale/en_US/LC_MESSAGES/polkit-1.mo
  3. restarted polkit daemon systemctl restart polkit

And now I can get the full command enter image description here

ov7a
  • 261
  • One minor issue is quotes, but I think it's ok – ov7a Jul 07 '21 at 08:11
  • You have to report your idea upstream as bug-report or pull-request. Otherwise it will be implemented only on your machine and rest of the world can't use it. – N0rbert Jul 09 '21 at 07:12
  • @N0rbert, that's a nice idea, thanks. However, my solution is just a quick hack, not a proper solution. Changing the original message could break language packs (because msgid contains template itself). I think a better place for full command line would be Details block. – ov7a Jul 10 '21 at 17:34
  • As for the creating an issue, I've tried to register to freedesktop gitlab with 3 different types of login, and got 500 from each of them. Guess I'll try again later :( – ov7a Jul 10 '21 at 17:44
  • 1
    https://gitlab.freedesktop.org/polkit/polkit/-/issues/147 – ov7a Jul 11 '21 at 13:07