4

I am developing a Java application that requires root/administrator privileges to function properly. If the user does not start the application with such privileges, I would like to notify the user and restart the program with these privileges. I have figured out how to do this on Windows and OS X but cannot find a way to do it on Linux systems. On Windows, I found a program that elevates any command you pass to it, on OS X it is possible through running a simple AppleScript but on Linux, there is simply no portable way to do it.

My plan was to use gksu but I recently discovered that this was not installed by default on most Linux systems and neither is Debian so I cannot install it either. Is there any portable way to restart an application with root privileges on most, if not all, Linux distros and flavours in Java?

EDIT: I am able to check if the program is running as administrator on all platforms.

rodit
  • 1,746
  • 2
  • 19
  • 33
  • I assume you want to use gksu because you want a popup for the password? – BillRobertson42 Jan 07 '16 at 15:30
  • I can't see any other way? @Bill – rodit Jan 07 '16 at 15:31
  • Here are some ideas for this: http://stackoverflow.com/questions/4350356/detect-if-java-application-was-run-as-a-windows-admin – glw Jan 07 '16 at 15:32
  • @glw Thanks for your reply - I've already implemented that I just need a portable way of restarting with root privileges on Linux - I should have made that more clear in the question. – rodit Jan 07 '16 at 15:33
  • In the Linux world, a common pattern is to notify and not automatically escalate. If it's a cross platform Java application I can't imagine it is doing much system level stuff, so if you don't mind sharing, if like to hear a justification for why privileges even need to be escalated. – erik258 Jan 07 '16 at 15:34
  • Thanks for the insight but this application is meant to be cross platform and that's not the case on Windows. @DanFarrell – rodit Jan 07 '16 at 15:35
  • Not sure that's relevant to the question :) @DanFarrell – rodit Jan 07 '16 at 15:36
  • It's probably not , and if you're not interested in discussing the escalation requirements, probably won't help you. – erik258 Jan 07 '16 at 15:38
  • It's a networking tool that allows automated operations such as modifying the network cards MAC address and connecting to networks using ifconfig/iwconfig etc (and Windows equivalents). @DanFarrell – rodit Jan 07 '16 at 15:40
  • Ah, cool, that's going to require root privs. What about running gksudo or kdesudo? Then you'd supposedly rerun Java I guess, I suppose that's what you're doing in the other platforms – erik258 Jan 07 '16 at 15:54
  • @DanFarrell gksudo isn't installed by default on all Linux distros (only some Debian and older Ubuntu ones) and also I can't tell if the user is running kde or gnome to choose between gksu and kdesudo. Thanks for the idea though. – rodit Jan 07 '16 at 15:56
  • Hmm, you could check for the existence of those programs in the path, you could support several options, and then worst case scenario error out with a message like, couldn't prompt for sudo password, please run as root. – erik258 Jan 07 '16 at 16:01
  • @DanFarrel I suppose that's probably what I'll do if there is no better solution. – rodit Jan 07 '16 at 16:02
  • Yuck, cross platform development. You're a courageous soul, good luck. Sorry I didn't have a better answer for you – erik258 Jan 07 '16 at 16:10
  • @DanFarrell Thanks for the answer anyway – rodit Jan 07 '16 at 16:10

1 Answers1

0

You're not going to be able to cleanly do this on Linux** because the idea of escalating privileges doesn't really exist in Linux. sudo is the de facto answer to privileged execution, but all that's really doing is running a single command as root, which is conceptually distinct from running a command as the same user but with escalated privileges.

Consider the fact that even baseline sudo (not even considering gksudo or its like) is just a userspace application and not a core component of Linux. Someone on Arch, for example, might have not ever installed it if they prefer to just do things with su.

This philosophy contrasts sharply with OS X and Windows, which are desktop-focused and thus find it convenient to blur the line between administration and regular usage. Because Linux uses the same kernel for both desktop and server distributions, the heightened security requirements of the server environment tend to dominate policies around these kinds of things at the kernel level and so you're not going to get a solution that isn't specific to some class of desktop-oriented distributions.

There's also a cultural difference; Linux users tend to be the kind of people who want fine grained control over how to run things and most would probably view something that restarts itself with root privileges as a form of virus :P

Easy answer: throw out an error message saying the application needs root privileges, exit with a non-zero error code, call it a day. That's more or less the "expected" behavior in Linux-land.

Hack-y answer: if you're going to be running in a graphical environment then link gksudo as a dependency along with gtk (or kdesudo if you're using qt or something, etc etc) and then use it to prompt for escalation. Even if it's not installed by default, you'll get to leverage Linux distros' fancy package management to get it easily installed without any extra effort on your part of the user's. In a non-graphical environment you're just out of luck.

** At least, not easily enough for it to be worth it for just one application, especially considering your application can then become an attack vector for anyone trying to write a new rootkit.

R Phillip Castagna
  • 896
  • 5
  • 12