API tools faq
paste
Advertisement
vonschutter

Untitled

vonschutter
Jun 22nd, 2021
215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 3.70 KB | None | 0 0
raw download clone embed print report
  1. ensure_admin ()
  2. {
  3. # Description: Function to elevate priviledges of script execution and to ensure administrative privileges
  4. # such that system wide settings or configuration may be done.
  5. #
  6. # This function evaluates and uses multiple ways to elevate priviledges based on the environment. In an
  7. # X session; and normal GUI w. systemd: elevate privs with normal GUI policy kit, otherwise try dialog
  8. # menu system and cached sudo, and finally fall back on good old sudo. Since scripts may be launched with
  9. # a GUI front (for user interaction) end and NO terminal; it is really preferable to display a proper
  10. # priviledge escalation propt in a GUI format and only use sudo in cases where there is a terminal or
  11. # no other option is present.
  12. #
  13. # Should the function not discover an X session, then dialog will be preferred over regular sudo.
  14. #
  15. # Globals: $UID
  16. # Arguments: None
  17. # Outputs: GUI
  18. # Dependencies: soft dependency on "dialog", will fall back on CLI if dialog is absent.
  19. # Returns: relaunches script under sudo.
  20. # Usage: The function expects no arguments, but will prompt for system password if required.
  21. # Usage: ensure_admin
  22. #
  23. # End of documentation
  24.  
  25.     if [ ! "$UID" -eq 0 ]; then
  26.         if xset q &>/dev/null; then
  27.             # If X is running in this session then...
  28.             if echo $(systemctl get-default ) |grep graphical &>/dev/null ; then
  29.                 # If we are a normal GUI w. systemd: elevate privs with normal GUI policy kit...
  30.                 write_information "Allowing root to display menus..."
  31.                 xhost local:root
  32.                 write_information "Authenticating..."
  33.                 pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY ${0}
  34.                 exit
  35.             else
  36.                 # If we are some other kind of archane GUI then...
  37.                 write_information "Allowing root to display menus..."
  38.                 xhost local:root
  39.                 write_information "Checking for dialog..."
  40.                 if hash dialog 2>/dev/null ; then
  41.                     token=$(dialog --title "${Title:-"sudo"}" --backtitle "${BackTitle:-"$( basename $0 )"}" --insecure --stdout --passwordbox "\n This functionality requires elevated priviledges. \n Please provide your (sudo) password" 10 90)
  42.                     ret=$? ; clear
  43.                     case $ret in
  44.                         0)
  45.                             export HISTIGNORE='*sudo -S*'
  46.                             echo ${token} | sudo -S -v || ensure_admin
  47.                             sudo DISPLAY=$DISPLAY /bin/bash ${0} $@ || rtd_oem_pause 1
  48.                         ;;
  49.                         1) echo "Request cancelled" ;;
  50.                         255) echo "[esc] Request aborted" ;;
  51.                         * )  exit 1
  52.                     esac
  53.                     exit
  54.                 else
  55.                     # If we have some kind of X but not even "dialog" then...
  56.                     write_information "Dialog not found..."
  57.                     write_warning "This script needs administrative access..."
  58.                     xhost local:root
  59.                     sudo DISPLAY=$DISPLAY bash "${0}" "$@" || rtd_oem_pause 1
  60.                     exit
  61.                 fi
  62.             fi
  63.         else
  64.             # If there is no X in this session...
  65.             write_information "No X server at \$DISPLAY [$DISPLAY]"
  66.             # Use dialog if possible, otherwise just terminal...
  67.             if hash dialog 2>/dev/null ; then
  68.                 token=$(dialog --title "${Title:-"sudo"}" --backtitle "${BackTitle:-"$( basename $0 )"}" --insecure --stdout --passwordbox "\n This functionality requires elevated priviledges. \n Please provide your (sudo) password" 10 90)
  69.                 ret=$? ; clear
  70.                 case $ret in
  71.                     0)
  72.                         export HISTIGNORE='*sudo -S*'
  73.                         echo ${token} | sudo -S -v || ensure_admin
  74.                         sudo DISPLAY=$DISPLAY /bin/bash ${0} $@ || rtd_oem_pause 1
  75.                     ;;
  76.                     1) echo "Request cancelled" ;;
  77.                     255) echo "[esc] Request aborted" ;;
  78.                     * )  exit 1
  79.                 esac
  80.                 exit
  81.             else
  82.                 write_warning "This script needs administrative access..."
  83.                 sudo DISPLAY=$DISPLAY bash "${0}" "$@" || rtd_oem_pause 1
  84.                 exit
  85.             fi
  86.         fi
  87.     else
  88.         sudo sed -i s/'# session  optional       pam_xauth.so'/'session  optional       pam_xauth.so'/g /etc/pam.d/sudo
  89.     fi
  90. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!