SUDO_ASKPASS functionality

[adrelanos]

Expected Behavior

Functional SUDO_ASKPASS functionality.

Current Behavior

Broken SUDO_ASKPASS functionality.

Possible Solution

Steps to Reproduce (for bugs)

VISUAL=mousepad SUDO_ASKPASS=/usr/bin/lxqt-sudo sudoedit --askpass /etc/a

Context

What are you trying to accomplish?

Editing files in /etc folder with a graphical text editor. This requires write permissions in that folder. Some sort of root rights will be required. With X11, sudoedit was suitable for this task.

sudoedit copies the file to a temporary location, edits it as a normal user and then overwrites the original using sudo. This way is much more secure as it does not run the editor as root.

If lxqt-sudo supported being used as SUDO_ASKPASS tool, then any text editor could still be used to edit files in /etc with root rights even under Wayland. Even editors that do not support gvfs. (Example: gedit admin:///etc/ld.so.preload)

Running any editor as root is insecure. In native Wayland it is no longer possible to run editors with root rights. (Excluding xwayland.)

[adrelanos]

On a second thought I just saw that you have https://github.com/lxqt/lxqt-openssh-askpass which has just 1 usability bug for this use case:

• Askpass is not always used for asking for a passphrase lxqt-openssh-askpass#88

[adrelanos]

On the other hand, lxqt-sudo is nice because it shows the actual command that is about to be executed before executing it with root rights. If would be good if this feature could be kept for the sudoedit use case.