Acquire root privileges for QFile

**ChrisW67** · 1st February 2011, 22:26

I have not done this in anger but I don't think you should not need to run the whole application as root. You will need to use setpcap as root to attach allowable capabilities to the executable file and your file system(s) have to support storing these also. The whole topic of capabilities in Linux seems a bit murky.

Another approach would be to write a separate process that can be spun-off using sudo (without password) or marked setuid (or even setgid) to do just the privileged writing on your behalf either as a daemon or a one-off execution. You need to be very careful of abuse though.

**craftyguy** · 1st February 2011, 22:47

I messed around with attaching capabilities using setpcap this morning, however none of them would 'take' unless the app was run as root to begin with. After reading more about the capability stuff, it looks like it's a way to trim down root applications so they can be allowed to do only what they need to as root, and not with every single perk that comes along with running as root. If this is true, it still requires the application to be executed as root (maybe someone familiar with this can correct me!)

I've never used PAM, how well does QT integrate with it?

**ChrisW67** · 2nd February 2011, 08:41

You should be able to access PAM from any C/C++ code: Qt does not interface to PAM in any way I can see. Exactly which PAM module is going to fix this problem for you is a mystery to me: perhaps squidge knows?

**squidge** · 2nd February 2011, 13:26

I was thinking of starting the application as a standard user and then using PAM to request the root password and request privilege escalation. It's entirely possible that I'm mixing my words and/or talking crap. I just remember doing it somehow