Please provide Ubuntu documentation that refutes this: https://help.ubuntu.com/community/RootSudo Why, on my fully updated 13.04 system, does pkexec not function?
$ pkexec gedit somefile.txt
No protocol specified
** (gedit:13135): WARNING **: Could not open X display
Cannot open display:
Run '/usr/bin/gedit --help' to see a full list of available command line options
By default pkexec does not allow you to run graphical (X11) applications. From the man page:
The environment that PROGRAM will run it, will be set to a minimal known and safe environment in order to avoid injecting code through LD_LIBRARY_PATH or similar mechanisms. In addition the PKEXEC_UID environment variable is set to the user id of the process invoking pkexec. As a result, pkexec will not allow you to run X11 applications as another user since the $DISPLAY and $XAUTHORITY environment variables are not set. These two variables will be retained if the org.freedesktop.policykit.exec.allow_gui annotation on an action is set to a nonempty value; this is discouraged, though, and should only be used for legacy programs.
As stated in the man page, you can make it work albeit I really don't know if this is somehow dangerous or recommended.
To enable gedit for example you can create /usr/share/polkit-1/actions/com.ubuntu.gedit.policy with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<vendor>gedit</vendor>
<vendor_url>gedit</vendor_url>
<icon_name>accessories-text-editor</icon_name>
<action id="org.freedesktop.policykit.pkexec.gedit">
<description>Run "gedit"</description>
<message>Authentication is required to run Text Editor</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gedit</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
</policyconfig>
Then pkexec gedit should work as expected:
As you can guess, this will only make gedit work. In theory, if you added allow_gui to "org.freedesktop.policykit.exec" (the default action) this should work for all applications, but in my tests I got the same result as yours.
Here you can find a discussion about the strengths of pkexec.
gksudo is available, it is a lot easier to use it instead of create single actions to each app you need to use (if there is not a "global" way to do it).
– Salem
Jun 28 '13 at 16:52
gksudo or configure pkexec (you can also use sudo -i but that will not work with Alt+F2 aka "Run"). I find the first MUCH easier. If anyone thinks otherwise well... To me seems wrong to suggest something that will not work as intended, but I may be missing something...
– Salem
Jun 28 '13 at 20:45
lxpolkit which is an X11 application the pkexec can open. http://askubuntu.com/a/450559/159431
– iyrin
Apr 19 '15 at 19:17
pkexec actually can run GUI without configuration: http://askubuntu.com/a/332847/89385
– akostadinov
Jan 14 '16 at 08:48
pkexecrun GUI without configuring: http://askubuntu.com/a/332847/89385 – akostadinov Jan 14 '16 at 08:47