Starting from Ubuntu 17.10 the gksu and gksudo commands have dissapeared from the repositories. But still you may want to be able to run a program with root privileges.
From a terminal, you can use
pkexec thunar
to run Thunar as root. But that doesn't work for nautilus or gedit
Another alternative is using
sudo -H nautilus
that will start a sudo with root environment and run nautilus. It also works with gedit.
But the easiest way is to create an alias named gksu using pkexec with environment variables set:
alias gksu='pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY'
To create an alias permanently add the alias to your .bashrc file
gedit ~/.bashrc
And then add your alias at the bottom.
alias gksu='pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY'
Now execute
. ~/.bashrc
in your terminal (there should be a space between the . and ~/.bashrc.
Now you can check your alias.
For more background information I copied from answers here:
https://askubuntu.com/questions/287845/how-to-configure-pkexec/332847#332847
that explains it all
how to configure pkexec
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gedit
man pkexec
is very clear in this matter: [...] pkexec will not allow you to run X11 applications as another user since the $DISPLAY and $XAUTHORITY environment variables are not set.[...]
alias pkexec='pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY'
man pkexec
says: [...] These two variables will be retained if the org.freedesktop.policykit.exec.allow_gui annotation on an action is set to a nonempty value; this is discouraged, though, and should only be used for legacy programs.[...]
/usr/share/polkit-1/actions
named com.ubuntu.pkexec.gedit.policy
with the following xml code inside where the most important thing is to set org.freedesktop.policykit.exec.allow_gui
to a nonempty value:<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> <policyconfig> <action id="com.ubuntu.pkexec.gedit"> <message gettext-domain="gparted">Authentication is required to run gedit</message> <icon_name>gedit</icon_name> <defaults> <allow_any>auth_admin</allow_any> <allow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin</allow_active> </defaults> <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gedit</annotate> <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> </action> </policyconfig>
For these three setting tags: allow_any
, allow_inactive
and allow_active
from the policy file, the following options are available:
sudo
, the authorization lasts a few minutes.sudo
, the authorization lasts a few minutes.Source: Polkit - Structure - Actions
So, if you use auth_admin_keep option (or, as applicable, auth_self_keep), pkexec
will not ask for a password again for some time (by default this time is set to 5 minutes as I checked). The disadvantage here is that this thing is applicable only for one - the same - command / application and valid for all users (unless if it is overruled in later configuration).
Configuration files or polkit definitions can be divided into two kinds:
/usr/share/polkit-1/actions
. Each action has a set of default permissions attached to it (e.g. you need to identify as an administrator to use the GParted action). The defaults can be overruled but editing the actions files is NOT the correct way. The name of this policy file should have this format:com.ubuntu.pkexec.app_name.policy
/usr/share/polkit-1/rules.d
(though few if any do) and /etc/polkit-1/rules.d
is for local configuration. The .rules files designate a subset of users, refer to one (or more) of the actions specified in the actions files and determine with what restrictions these actions can be taken by that/those user(s). As an example, a rules file could overrule the default requirement for all users to authenticate as an admin when using GParted, determining that some specific user doesn't need to. Or isn't allowed to use GParted at all.