2

I'm writing a cross-platform app that I would like to run on Linux-based operating systems like Fedora and Ubuntu. I use QSerialPort and it works fine. I can use QSerialPortInfo to get a list of serial ports in the system and present them to the user who can select which one s/he wants to use.

However, on Linux systems, by default the user doesn't have permissions to the serial ports. I know that it is wrong to run my app with sudo and I also know that it is not user friendly to ask the user to run chmod 666 on the serial port manually every time the app is used. So I looked around and it seems to me that polkit is the answer, however I haven't been able to find any example which would show me how to do it.

Can you please tell me how to use polkit (formerly known as policykit) to request permission for my app to use a specific serial port?

EDIT:

What I'm looking for is a way to:

  1. Check if the user has access to the serial port
  2. If not, pop up a dialog that asks for permission (like the Gnome settings app for example)
  3. If the user authenticated successfully, make the serial port available to the app.

Some more thoughts

  • I do NOT want to set up an udev rule that gives perimission to every serial port
  • I do NOT want to ask the user to run a script
  • I do NOT want my app to run as the superuser
  • I do NOT want any other actions performed as root, just the serial port access

Yes I've found the official polkit docs, but they are not very clear on how to do this.

Venemo
  • 18,515
  • 13
  • 84
  • 125

1 Answers1

1

General thinking:

It is not a good idea to try to make an application "universal".

I understand that you want your software to be easy to use, but for things like this (system's settings), you should rely on the system packagers.

At anytime, polkit can be replaced by another solution, or ressource's name can be changed, or whatever and your application would be no more usable.

I advise you to:

  • at most, raise a polkit windows that woulde ask for password
  • or better, to make distribution packages that will do the necessary tweaks through regular scripts

An idea

I didn't do it (but I played a lot in the past with pam :-) )

So here are links that I found and what I understood:

  • polkit acts the same way as sudo do: it allow you to run program with another identity (explanations)
  • so you can run your program either as root or as one having enough right access to the serial

So you could create:

  • an install script that allow to run your program with the good identity (e.g. example). That way you would ask root password once (at the install for creating the polkit policy), and each time the user wanted to run your program. That identity maybe root or any identity as long as that identity has R/W access.
  • a policy file: you can look either at 1 or documentation
  • a script for lauching your program containing something like this: pkexec <path>/<pgm>

Here are some pointers:

lemmel
  • 132
  • 1
  • 6
  • `at most, raise a polkit windows that woulde ask for password` ― can you show me how to do that? – Venemo Aug 04 '16 at 19:28
  • Sorry, but so far you haven't told me anything I didn't know already. Like I said in my question I've already found the polkit docs, just have never seen an actual example and the docs are very cryptic. – Venemo Aug 05 '16 at 08:16
  • I don't see the problem: define a policy kit file (as in http://www.odi.ch/weblog/posting.php?posting=696), retarts the deamon and run your program with `pkexec`. Did you do some tests ? – lemmel Aug 05 '16 at 08:48