Hello, I would like to allow a user group to use Etcher. I have debugged Polkit, but I think there is currently no way to identify the etcher program, because the output of the log shows a generated script /tmp/tmp-xxxx.cmd, which I cannot clearly proof to be etcher.
Any thoughts on how to solve the problem?
could you change this behavior by renaming the script to /tmp/etcher-xxx.cmd or something?
[Log]
polkitd[1102]: /etc/polkit-1/rules.d/20-rolkit-log.rules:3: action=[Action id=‘org.freedesktop.policykit.exec’ polkit.gettext_domain=‘polkit-1’ command_line=’/bin/bash -c echo SUDOPROMPT; sh ‘/tmp/tmp-3264V6MwkPhDUnSf.cmd’’ program=’/bin/bash’ user.gecos=‘root’ user=‘root’ polkit.message=‘Authentication is needed to run `$(program)’ as the super user’ user.display=‘root (root)’]
Hi @nazrhom i think i did not explan it right. I wrote that i want to allow a group use of etcher. What i realy ment was etcher works fine until i press the Flash button. I think then a script is beeing created in the tmp folder. This Script executes the neccecary commands i guess. But the user is not allowed to fire this script. Polkit then asks for the Password.
I tried to create a file with this content allowing all users to run etcher as root:
ALL ALL=(ALL) NOPASSWD: /opt/balenaEtcher/balena-etcher-electron
But still i get the same Error. See attatched Screenshot.
Hi Andy, my teammate maintaining Etcher notes that he’ll experiment with a potential solution and we’ll let you know how it goes. For now, the best option would be to run with sudo if possible.
Implementing this change correctly is taking us more time that we expected. I’ve created a github issue to track its progress https://github.com/balena-io/etcher/issues/3065. I suggest you to subscribe to that issue so that you’ll be notified as soon as it is resolved