Many apps on my desktop such as my package manager and Virt-Manager ask for my password to in order to do certain function in the app that require root. They do this in two interesting ways. One, they ask for the password of a local adminstrator, or someone in the wheel group. The second thing they do is ask for admin after they launch and in a gui menu. How do I do these things. Do I simply launch the gui app in root (setuid)? Do I create a second executable that has setuid? Thanks.
Related
After installation of the program, can not make uac dialog box disappear when the program is run?
Can I grant administrator privileges to install and have it run automatically at install time?
You cannot bypass UAC, the user is supposed to be in control of their computer, that is the whole point of UAC! If you want to do machine wide changes that require administrator privileges there is no way around it, the user has to elevate with UAC at least once.
If you want the installed application to run elevated automatically then you must write a custom service that can be started on demand. When a administrator starts your application un-elevated the application must start your service and ask it to launch a elevated instance. The service must then call CreateProcessAsUser with the linked elevated token. This is too difficult for most developers and most applications just have to accept the fact that they must display a UAC prompt when they are started.
Is it possbible to use node with admin or sudo privileges within electron?
I found sudo-prompt, but from my understanding, this could only be used to execute a shell command and not to use node functions (code from within the main.js-file for example).
Is this possible? If so, could you give me any advice on that?
Any help would be really appreciated, maybe I am just looking for the wrong things.
Thanks in advance!
Yes you can, take a look at electron-sudo module: https://github.com/automation-stack/electron-sudo
Run a subprocess with administrative privileges, prompting the user
with a graphical OS dialog if necessary. Useful for background
subprocesse which run native Electron apps that need sudo.
Windows, uses elevate utility with native User Account Control (UAC) prompt (no PowerShell required)
OS X, uses bundled applet (inspired by Joran Dirk Greef)
Linux, uses system pkexec or gksudo (system or bundled).
It is not recommended to run the entire Electron app as admin administrator. As this gives the entire app blanket access to change anything on the users machine. If someone were to inject code, or if you had a bug you could do lots of bad things to a computer.
It's better to run a single function and always prompt the user to login as admin before the function is run.
You can see this approach in a popular Electron app: https://github.com/microsoft/vscode
In the package.json file they have two useful dependencies:
https://www.npmjs.com/package/native-is-elevated
https://www.npmjs.com/package/#vscode/sudo-prompt
They check to see if permissions are elevated using native-is-elevated, and if not, prompt for an admin password using sudo-prompt.
You can read the source code for the process here: https://github.com/microsoft/vscode/blob/8845f89c1e4183b54126cd629cd45c8f0f7549f2/src/vs/platform/native/electron-main/nativeHostMainService.ts#L491
I have created an example Electron app using this approach here:
https://github.com/kmturley/electron-runas-admin
It is suposed that every user in the VM created on the Google Cloud Platform has root permissions, but I haven't been able to do anything, because it says that my user has no permissions and I don't have any password, either for my user, or for root.
Is there any default password for root, or any way I could find it?
Thanks!
well i have virtual machine with ubuntu (i presume that it is the same for other linux distros as well) : login to your Google Cloud platform -> VM Instances -> click on you instance (virtual machine) , click on SSH button which is on left upper corner and for example pick a frist option Open in browser window.. when the windows opens you will be logged in as regular user with sudo permission. After that you can create users etc.. If you want to use other ssh client then go to
https://cloud.google.com/compute/docs/instances/connecting-to-instance#standardssh
it well written documentation.. the most "complicated" will be to create key pairs .. if you still have problems just ask :)
Folks,
I've got a strange issue at the moment with a visual studio 2010 built MSI...
When I run the msi, it performs a few tasks, then executes a tool we built - this tool then carries out some more advanced work we couldn't do within a custom task.
The issue here, is then when the msi starts my custom built tool, it doesn't execute it with the same credentials as I start the MSI with (i.e. my administrative login).
Is there a parameter I can pass to an MSI to enforece this? Or perhaps I can pass the credentials to the process when I start it?
My process is started using Process process = Process.Start(procInfo) nothing fancy. I've also noted the ability to pass in a parameterised username/password/domain, but this will vary depending on the user who is installing - can this be extracted from the installer somehow?
Any help (or questions) welcomed.
Dave
EDIT: for clarity... I'm running the MSI under my domain account, and I want my custom process to run under that 'context'. At present, it starts (regardless of whether I start as administrator or not) under the SYSTEM account (rather than mydomain\me). I'm using Windows Server DataCenter edition if that helps...
I should also add, I think this is a policy issue, but I've no idea what to check/where to check...
By default Windows Installer runs custom actions as the current user. If the MSI is elevated, custom actions will run as the elevated user.
Please note that if you are running the MSI as an Administrator, it doesn't mean your custom actions will have full Administrator privileges. On Vista or higher any user can gain Administrator privileges through elevation.
So if your custom actions need Administrator privileges, make sure they use the msidbCustomActionTypeNoImpersonate flag so they run under the local system account.
If this is not the problem and you just need access to the current user data, can you please give me more details?
I am using Visual Studio 2008 to build an MSI install package. Within the install I have numerous custom actions. Within the OnAfterInstall custom action I attempt to start an exe which is deployed by the install. The exe starts ok, but runs within a security context of NT AUTHORITY\SYSTEM (i.e. under the elevated privileges granted to the Windows Installer process). I actually need the exe to run in the security context of the currently logged-on user who started the install in the first place. Does anyone know how to start the exe so it runs in this 'reduced' context. I really want to avoid having to ask the user for their login credentials if possible.
You need to use Remote Desktop Services API: http://msdn.microsoft.com/en-us/library/aa383464%28v=VS.85%29.aspx . It is available starting from WinXP.
This API allows you to run your application in context of any logged in user account. You need to be running as a SYSTEM to be able to use it. And you are.
For instance you may enumerate sessions using WTSEnumerateSessions, then take user token by WTSQueryUserToken and run application using this token.