How do I ask password by GUI prompt while using commands using sudo in terminal?

Question

I am using Ubuntu 20.04 focal. I have been wanting the GUI password prompt for executing command with sudo in terminal.Example consider following command to be runned by terminal :

sudo nautilus

So now, it will ask for the sudo password by GUI prompt otherwise it will not run as sudo:

I have used the suggestion for usin in the script as sugested by scrat.squirrel using the pkexec (polkit application) but unable to determine where is the sudo.conf file for Ubuntu 20.04.

So if there is any solution to this for ***getting GUI based prompt for the commands used with sudo , rather than entering password in that boring terminal propmt:

I am not sure but, I think that for Ubuntu 20.04 there is no sudo.conf file, but there is a sudoers file in /etc Please Confirm ? — RAHUL DHANOLA, May 31 '21 at 16:12
pkexec nautilus just works for me without need for any configuration files. — raj, May 31 '21 at 16:26
If you really must run a GUI-app with sudo, please use sudo -H GUI-app. Avoid sudo GUI-app. Otherwise you may overwrite a regular user's configuration file for the GUI-app and change owner to root, which means that it will not work for the regular user. See also this link. - And pkexec GUIapp should be a safe alternative too, for GUIapps that are configured for it. — sudodus, May 31 '21 at 19:14
@sudodus I think you have not readed the heading carefully. I am asking tha for example if i run in terminal sudo nautilus then it should not prompt password in terminal as CLI as displayed in second picture, but ask using the GUI password prompt as displayed in the first picture. — RAHUL DHANOLA, Jun 01 '21 at 02:17
also please confirm that for Ubuntu 20.04 there is no sudo.conf file, but there is a sudoers file in /etc? — RAHUL DHANOLA, Jun 01 '21 at 02:18
@RAHULDHANOLA, You are right about that; I know what you ask for, but I think it is important with the advice to use sudo -H for graphical applications programs anyway (even for other readers of this thread). - Anyway, the solution in the comment by raj, to use pkexec instead of sudo should be both safe and provide a small window to enter the password :-) — sudodus, Jun 01 '21 at 06:48
@RAHULDHANOLA, Yes there is a file /etc/sudoers, but it addresses permissions, and I don't think you can use it to made sudo ask for password in a separate small window. You can also tweak the file /etc/group in order to decide which users, that belong to the sudo group (and hence are allowed to use sudo). — sudodus, Jun 01 '21 at 06:59

score 2 · Answer 1 · answered Jun 02 '22 at 06:31

I know that this is an old question, but it hasn't been answered. Commenters are correct that pkexec should be used, but by itself, you need to either authorise the specific app by adding a policy to polkit-1, or pass certain details to pkexec.

If you don't do this, pkexec nautilus returns the error message, cannot open display:.

Thus, there are two answers to this.

Single app authorisation

If you wish to authorise just the one app (say, Gedit or Nautilus), you can add a policy to polkit-1. This is the more complicated way to do it, but it has some advantages, so I include it here for completeness.

In the following, I've used the text [app], but you should replace it with the app name. For example, for Nautilus, instead of [app], put nautilus without the square brackets.

Create a file named com.ubuntu.pkexec.[app].policy in folder /usr/share/polkit-1/actions that contains the following.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
    "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
    "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
        <action id="com.ubuntu.pkexec.[app]">
        <message gettext-domain="[app]">Authentication for [app]</message>
        <icon_name>[app]</icon_name>
        <defaults>
            <allow_any>auth_admin</allow_any>
            <allow_inactive>auth_admin</allow_inactive>
            <allow_active>auth_admin</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/[app]</annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
    </action>
</policyconfig>

Change all five instances of [app] in the file contents. The wording in the <message ...> section is for human eyes, so you could replace [app] with (say) Nautilus or the file manager.

Answer: Credit to Radu Rădeanu

Generic solution

A generic solution that works for any app, whether GUI or not, uses pkexec by passing two parameters to the target app. There are, again, two solutions to this, depending on your requirements.

Only from the terminal

If you are going to use this command only when you enter it manually from the terminal, and not from a script, create an alias for pkexec. You can name the alias whatever you want; in this example, I've used the same name, pkexec. You can set this up in your initialisation script ~/.bashrc.

alias pkexec="pkexec env DISPLAY='${DISPLAY:-}' XAUTHORITY='${XAUTHORITY:-}'"

Now, you can use:

pkexec nautilus

From the terminal or a script

An alias doesn't work if you need to call pkexec from a script. This needs a different method.

Create a script in your path; I call it pk and put it in my preferred personal path, ~/bin. Inside the script, place the following two lines:

#!/usr/bin/env bash
pkexec env DISPLAY="${DISPLAY:-}" XAUTHORITY="${XAUTHORITY:-}" "${@}"

Ensure that the script is executable:

chmod +x pk

Now, you can call any app with pk. Examples:

pk nautilus
pk gedit
pk apt install --dry-run meld

Pros and cons

Each method has its own pros and cons.

Using a policy, you can fine-tune access, if this is what you require.
With a policy, you get to add a meaningful message; without a policy, you get only the unhelpful message, "Authentication is need to run '/usr/bin/env' as the superuser."
Using a policy requires you to create, in advance, a policy file for every single app that you need to run as root. This is good if you wish to be precise (good for security), but not good if you need to access miscellaneous apps on an ad-hoc basis.
Using an alias means that you can use this only when manually entered from a terminal, which is fine if that's all you need. Using a script means ensuring that the script is on your path, so that it's accessible by you in a terminal, and by a script that requires it.

+1; Thanks a lot for this lecture :-) – sudodus Jun 02 '22 at 08:18 — sudodus, Jun 02 '22 at 08:18