1

I have two users. admin can see everything. pi is restricted.

I have a tkinter python application. pi must be able to run the program, but it cannot read any of the files directly. There is a data.json file that the application needs, but I don't want the user cheating by peaking at the file directly.

I added the following line to visudo: pi ALL=(admin) NOPASSWD: /home/admin/myapp/main.py If I understand correctly, this will allow pi to switch to admin just when trying to run the python app.

Then I made a script runapp.sh with the line: `gksudo -u admin python3 /home/admin/myapp/main.py

I run the script as pi and nothing happens. Even when I run it from the terminal, there are no errors, but the app does not appear. Before, I tried using just sudo instead of gksudo and got the error _tkinter.TclError: couldn't connect to display ":0", so I know it is at least trying to execute the python code.

What do I need to change to get this working?

asked Jan 24, 2019 at 0:33
1
  • 2
    Linux scripts (including Python) have limited privilege escalation. What you want is not possible. This is not a Pi specific question. Commented Jan 24, 2019 at 0:47

1 Answer 1

1

First off, gksudo is deprecated, and not needed in your case. You should use sudo instead. The failure you're seeing has nothing to do with sudo, you're likely running your script before a GUI environment has started, so there is no display to connect to.

Second, you try to run /home/admin/myapp/main.py as the pi user. Normally, pi won't even have read access inside /home/admin. You should place executable scripts somewhere else, e.g. in /usr/local/bin.

Finally, you authorize the pi user to run /home/admin/myapp/main.py, but you actually run python3 instead, so your sudo rule won't even apply. Your runapp.sh should contain the line

sudo -u admin /home/admin/myapp/main.py

and your main.py should start with #!/usr/bin/env python3 if python3 is not the default Python interpreter.

answered Nov 5, 2021 at 7:48
1

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.