No sudo prompt appearing on Ubuntu 18.04 & Electron 5.x

[Muffinman]

Hi,

Version: 9.0.0

I'm having an issue with this package not showing the sudo prompt at all on Ubuntu 18.04.

sudo.exec(commands.join(' && '), { name: 'Test' },
  function(error, stdout, stderr) {
    if (error) {
      console.log(error)
      console.log(stderr);
    }
  }
);

Produces the following output:

Error: User did not grant permission.
    at ChildProcess.exithandler (child_process.js:308)
    at ChildProcess.emit (events.js:194)
    at maybeClose (internal/child_process.js:998)
    at Socket.<anonymous> (internal/child_process.js:403)
    at Socket.emit (events.js:194)
    at Pipe.<anonymous> (net.js:593)

pkexec must be setuid root

As far as I can see my permissions on that file are all set OK?

$ ls -al /usr/bin/pkexec                                      Tue 18 Jun 2019 22:58:46 BST
-rwsr-xr-x 1 root root 22520 Mar 27 13:57 /usr/bin/pkexec*

Any ideas?

[Muffinman]

Also as an update, I'm able to manually run the following command as my user, and it works as expected. The prompt appears and it updates the modified date on the root owned file.

/usr/bin/pkexec touch /etc/hosts

[Muffinman]

UPDATE: I've done some further debugging and it seems that the command your package generates does seem to work when copying & pasting into the terminal.

cd "/home/matt/Sites/xxxxxxx"; "/usr/bin/pkexec" --disable-internal-agent /bin/bash -c "echo SUDOPROMPT; /usr/sbin/nginx -t && systemctl restart nginx && hostile set 127.0.0.1 dev.xxxxxxx.co.uk"

So I wonder if there is something else going on causing the problem?

My default user shell is fish, but since you're calling bash directly I don't see this causing an issue. I've got this packaged up inside an Electron app, so perhaps that is causing an issue?

[jorangreef]

Thanks @Muffinman for the detailed information, and for the copy of the actual command run by sudo-prompt. 👍

Would you please try running the test.js script included with sudo-prompt using node, i.e. node test.js from within the sudo-prompt directory?

Please would you also try running your own command above, but this time using a simple node script which requires sudo-prompt?

And then the above, but using bash as your shell instead of fish?

That will help to narrow things down further.

[Muffinman]

Hi @jorangreef, thanks for coming back to me so quickly.

I've done some testing tonight in the following conditions:

• Ran test.js with bash shell [works]
• Ran test.js with fish shell [works]
• Ran sample nodejs CLI script with node sample.js with basic sudo example [works]
• Ran same nodejs script packaged with npm run electron:serve [doesn't work]

So it looks like the Electron wrapper is the thing which kills it, strange that this works great on OSX.

I've just found https://github.com/automation-stack/electron-sudo so will give that a try and see if it works for my usecase.

EDIT: Looks like this might be related: electron/electron#18521

[jorangreef]

Thanks @Muffinman

Yes, electron/electron#18521 is definitely the culprit.

You will then need to launch Electron in such a way as to disable Electron's new setuid sandbox. Electron might have an environment variable or option to do this.

[jorangreef]

Closing this as an Electron 5.x sandbox issue.

[khrj]

Are there any workarounds that can be used?
Please tell me if you know any.
Thanks.

[jorangreef]

This is an Electron issue.

You will need to ask the Electron team here electron/electron#18521 if there any options to disable their setuid sandbox.