1y ago

Is there a way to add "Run as Sudo" to context menu like with Windows?

I found a (lengthy) guide to doing this but it is for gksu which is gone. I have to imagine there's an easy way. I am running Ubuntu. There is no specific use case, it is just a feature I miss from windows.

EDIT: I always expect a degree of hostility and talking-down from the desktop Linux community, but the number of people in this thread telling me I am using my own computer that I bought with my own money in a way they don't prefer while ignoring my question is just absurd and frankly should be deeply embarrassing for all of us. I have strongly defended the desktop Linux community for decades, but this experience has left a sour taste in my mouth.

Thank you to the few of you who tried to assist without judgement or assumptions.

106 comments

Do not do this. "Run as Administrator" is a Windows answer to a Windows problem. The only time you should regularly need root privileges is installing software and editing system wide configuration files.
- It would occasionally be handy running gparted, but for as often as I need to do that sudo gparted works just fine
  
  I've seen people say that a few times here but any time I use gparted I get the Gnome 'enter password' dialog which seems to work fine.
  
  Gparted prompts you to enter your password so it can elevate itself to root.

I don't know why everyone is getting self-righteous about this. I've used Linux since the mid-90s, and occasionally I find it easier to just run a GUI file manager as root to do some filter and deletions of things in caches and such that need root permission. Hell, I want to edit the files in /etc/wireguard for my tunnels; should I only do this at a sudo prompt in the terminal when I'm perfectly capable of pulling it up in Kate and copypasting stuff in?
Get off your high horses, there's plenty of valid use cases if you're using your head.
- Manipulating large amounts of different files in terminal is a pain in the ass and everyone who disagrees is wrong.

Your polkit will always prompt you for a password. No need to complicate it. If it doesn't, then it doesn't need to be ran as root
- Obviously I would want to input a password.
  
  That comment meant anything that needs root will prompt for it WITHOUT you running as root. Running GUI apps as root directly won't work well (1, it isn't a good idea. 2, your user likely owns the X session)
  
  Polkit (Policy Kit) is an authorization framework used in modern Linux distributions to manage access rights and privileges on the system. It allows unprivileged processes to communicate with privileged processes in a controlled and secure manner.
  \ pkexec a command used to execute commands with elevated privileges, leverages both PAM (Pluggable Authentication Modules) and Polkit to authenticate the user and authorize the requested action. PAM is a framework used in Linux systems to handle user authentication and authorization.
  \ Check out Polkit & PAM
  
  While the other user explained what polkit is from a low level, I think it's more practical to give you a high level explanation. Polkit is responsible for the dialog box that pops up when you try to open an app like GParted that requires root permissions (it edits partitions, a rootful task). What the user you replied to is saying is that you never want to run an app as root unless it prompts you for it (like with polkit prompts), or you know in great detail what you are doing. Running random things as root can break your system and the app you're running. Most apps you will be using are not intended to be run as root under any circumstance, and at the very least will likely experience issues because of it (UI issues, data issues because the root home directory is not your home directory, configuration/setting changes, improper scaling, etc). Unless you know for a fact that something has to be run as root (like updating packages with your package manager) or you are specifically prompted when trying to do something, you absolutely do not want to be running things as root.
  Just to further explain, even if an app isn't started as root, it can request that permission as needed. For instance, Nautilus allows you to navigate through the root directory, and will prompt you for a password through polkit if you are trying to access something your user does not have permission to read (of course assuming your user has sudo privileges, but that's beside the point). Unlike Windows, there is no practical use for a "run as root" option, because apps have the ability to request root access when it is necessary, and only when it is necessary. In addition to that, polkit limits the root access that an app is given to the specific actions for which it is requested (so an app can't use root privileges to run unauthorized commands). The exception to that is when you start dealing with the terminal, but that falls into the category of "you better know what you're doing and why".
  The short answer as to why this isn't a thing in Linux is that the authentication and permission system functions nothing like Windows. In Linux, a "run as root" button is not a solution, it is a problem. The only reason that run as administrator exists in Windows is because sometimes the solution to a problem in Windows is to run an app as admin. That is not the case for Linux, and never will be.
  There are many ideological differences between Windows and Linux. You'll find many discussions here about how it is often not a good idea to try to do something the "Windows way" on Linux, because those ideologies and the software principles are incompatible. Part of learning how wonderful Linux is involves unlearning all of the horrible habits and ideological differences that Microsoft forces onto Windows users. This is one of those things that has to be unlearned, because full root privilege is not something that a regular app should ever ask for or even want in Linux. Root privilege is provided on a case-by-case basis from polkit with GUI apps; only when needed.

AFAIK the newer Ubuntu gksu equivalent is pkexec, if that helps.
You could copy all system .desktop files to your home dir and automatically edit them with a script that adds an action to run them with pkexec or sudo as root. However, most GUI apps should never be run as root, because they can break the system. For example, they may create hidden thumbnail files owned by root and break thumbnails in all apps not running as root that way
- Thanks, I'll give it a shot. I don't want it to always run everything as root, just on rare occasions.
  
  Can confirm the caution here. Bricked a system this way a while back.

I do not really see hostility or taking down. More of a difference of opinion or experience.
Also, this is not a private email thread. It is a public forum. Whatever advice you get risks becoming guidance for the community. I think it is perfectly reasonable, even responsible, for people to respond with their thoughts on security.
You can ignore the advice not to implement this capability on your personal machine. That is your call. However, this should not become standard practice by Linux users.
Thank you for answering at some point in the thread the use cases that drove your question. I was very curious.
When I have needed “Run as Administrator” in Windows, it has typically been to run the command line. The reason Windows needs this is because it has lacked “sudo”. The next release of Windows is adding it as a feature ( going the other way ).
I have used Linux for decades as well and really not needed this. Partially this is because tools that require root access are typically configured to ask for it already.
Your “need to delete a file” use case made sense to me but I do not run into it. Perhaps my file systems are mounted differently. Perhaps I am not manipulating files of other users ( sounds right ). Or maybe I am more likely to be at the command line. Your “edit files as root” use cases leads me to believe I use the command line more as that is certainly something I would be doing from the terminal. I have to edit files as root everyday but it is always from the terminal. I am not encountering files that I cannot edit in my file manager though as I would have navigated to those files in the terminal to begin with. Clicking around in a file manager to get to system files is not even something that would have occurred to me. If I am using the file manager, it is to manage my own files ( mostly media and documents ).
No judgement. Do things how you want. I was just curious what you were using this for. When I use Windows, I use “Run as Administrator” all the time. In Linux, I did not even notice it was missing. Going back to Windows makes me miss “sudo” in the terminal though. I am not the only one obviously as they are now adding it to Windows too.

Sudo is "su do", i.e. "run as root", so it's funny to hear run as sudo because it means "run as run as root", like "chai tea" or "ATM machine".
To your question the answer is "why?". You shouldn't need that, that's one of the hardest things to get rid of, the "Windows mentality", it's like when people ask how to install a .tar.gz they downloaded from the internet, the answer is most likely "you don't need that".
This leads to an XY problem, where you're asking how to solve problem Y but that is caused by you assuming you need to do X, when in fact you don't. The main clue is that people keep asking you why do you want to do this. So, what exactly is the problem you're trying to solve? Why do you think you need this?
- Sudo is “su do”, i.e. “run as root”
  It may default to root but it doesn't mean run as root. Su means substitute user identity i.e. any other user (if you have the rights to it).
  
  Both su and sudo originally meant "superuser" because that was their only use. They have retroactively been changed to "switch user" because this functionality was added later.
  
  I know, but explaining all that for just a comment on why I found funny the "run as sudo" seemed too much.
- I think you are right that people want a solution to a problem they don't have, but I think in this case they may just want to run executable files as sudo from a GUI.
  
  Which program/files and from which GUI? Each GUI will have it's own way of doing that, and on 99% of cases it's not necessary. He consistently refuses to answer simple questions about what he's ultimately trying to accomplish. I have a generic way of doing that, login with the root user. Do you think that's a bad idea? Then list all of the reasons why using root as your main user is a bad idea and probably every single one will apply to what he wants as well. There's a reason why programs that need root access ask for it and don't expect you to run them with sudo, the "run as administrator" is a windows concept from an OS that doesn't have a proper way to elevate privileges so programs can't implement that API and you need to elevate the entire program.
- There is no reason to assume this is an XY problem scenario.
  
  Yes there is, you're asking how to add a menu entry to run things with sudo, and refuse to answer why you want to do it, what's your use case? What graphical application do you need to run with sudo and why?
  I'm almost sure I know why, and your refusal to answer this even though it's been asked multiple times seems fishy. Like it was explained multiple times there's a 99% chance that you don't need it, and there is a package for the remaining 1% or you could do it manually like others have suggested. But until we know your use case we can't help you, so while you keep refusing to explain what is it that you're actually trying to accomplish and why do you feel you need it it will be impossible for anyone to help you.

What's the use case? What are you running into that you want to launch as sudo through the gui that isn't pulling up the dialogue automatically?
A few folks have argued this is unnecessary, but I'm curious about your perspective on why and when you think it would be useful
- What are you running into that you want to launch as sudo through the gui that isn’t pulling up the dialogue automatically?
  Almost anything. The first thing I tried to do was delete a file off of a network share. Also, editing the name of a file copied from a network share. Also, editing text files, also, formatting a thumb drive. I am not afraid of the command line, I just don't prefer it for every single time.
  Some people may consider this a permissions issue, which is technically correct but does not bring anyone closer to solving the problem that:
  Delete file - enter password - [the file gets deleted]
  Is a lot more straightforward of a process for some people than navigating file permissions system and entering the correct commands into the terminal just to be rid of a file you didn't want in the first place.
  
  See? This is why I've been asking this question several times. You caused a lot of headache on yourself and now you think running things as sudo is the solution when it's what put you in a pickle to begin with.
  Let's deconstruct what you said:
  The first thing I tried to do was delete a file off of a network share.
  If you couldn't do that it's because you were connecting to the share using your user, but for some reason on whatever program you used might have tried the admin busier when you ran the program as root. For the network share it doesn't matter what user is on your local machine, so this is an issue on how you're accessing the share on your user, not with needing to run the program as root
  Also, editing the name of a file copied from a network share.
  Of course, if you ran the above with sudo any file copied over will be owned by root, so now your regular user can't edit them
  Also, editing text files
  I imagine you mean files copied over with the above problem, so same thing applies.
  also, formatting a thumb drive.
  Formatting thumb drives can absolutely be done without running the while program on root, why do you think you need this? How are you trying to do that?
  It has been a frequent headache.
  I can imagine, I've seen people run things like sudo npm install and now they have issues because their node folder is owned by root, it's very similar to what you're experiencing, a small issue at the beginning triggered an avalanche of issues because you ran one program with sudo. Do you see why everyone is very cautiously asking why do you think you need this?
  See how this was an XY problem? You're asking how to add a "run as administrator" but what you actually want is to access a network share with your user. I don't mean any of this in a bad tone, but there's a reason people keep asking you why, it's because what you're asking is almost never a good idea and leads to problems such as this, imagine if you had been able to create that menu item? You would start using it and getting more and more files owned as root that would cause you to need this more and more until you end up just running everything on root.
  
  That's a permissions problem not a run as root problem.
  
  Just saw your edit. One thing you should be doing is taking ownership of directories you plan to be working in. So for an external drive for example, you'd want to make sure your user(s) have r/w/x permission recursively (granting permission for all files and folders underneath using the same command) on the root folder of the drive then you can move stuff on and off freely.
  I agree it could be more straightforward, but ideally you'd only have to do it one time when you first use the drive with that machine
  
  The permissions problem was likely created by running something as root. You have a chicken and the egg problem my friend.

You don't need to run any GUI programs as root.
- Now this is actually wrong. Firewall gui for example requires root. There are similar sysadmin guis that need it too
  
  Sysadmin GUI tools are designed to be secure by isolating GUI from privileged process. That is not true for a random GUI app.
- No. It's ”you probably shouldn't run them with sudo” , many GUIs need root for certain tasks. I recommend using pkexec instead of sudo, you can add it to the .desktop file and when you launch the application it'll give you a GUI authentication prompt.
  
  Probably? They won't run with sudo normally (in xorg at least). And only those explicitly allowed to be run with pkexec by maintainers will do. Of course it is possible to evade this restriction, but you definitely should not.
- There's one in every thread.
  
  I have no idea what you are talking about. The answer to your question is: this is impossible and this is done for purpose. Don't try to work in linux like in windows.

There is a lot of advice in this thread warning you about doing this. Please heed it. Instead, read more about how permissions and file ownership works.
- I appreciate the absolute mountains of concern that I am using my own computer incorrectly, but I've been doing it this way for more than a decade and have never once broken anything, lost data or exposed myself to a security risk so I think I'm doing ok.
  
  I've gone swimming in specifically man eating shark infested waters for years and nothing bad has happened. So surely nothing bad will ever happen, and my actions have no risk tied to them. Think about why so many people have discouraged the actions you propose, safety rules are written in blood after all. You can, in fact do whatever you want, just keep it in mind when you are doing something risky.
  
  You are absolutely not. It really bad practice. I can not state that enough.
  Practice least privilege
  I'm not trying to offend you. I just want to help.

Thunar has 'custom actions'. Add one using pkexec %f. Other FM have similiar functionality.
- Thank you for providing an actual answer. Most of the comments in this thread are condescending as hell.

Don't know about gnomes default file manager, but dolphin has this ability. You'll have to install the addons and enable it in the context menu however.
To repeat others opinion though, I haven't actually needed this feature outside of very specific situations (that I create myself). Linux operates a bit different and shouldn't need this for anything outside of some poorly made, or potentially malicious apps and scripts. I agree though it's still nice to have the option

It depends on the file browser you are using.
- The default, nautilus.
  "Run as Adminstrator" in the context menu is a default feature in Windows. It seems odd I'm the first person to want this in Linux.
  
  It is rare that you would want to run an entire GUI program as root, and if it is needed, the program should prompt you for it. Do you have a specific use case where you need to do that regularly?
  
  That's not how that should work. You also shouldn't need that in Windows either.
  Programs that need Admin rights will ask for it. There are a fee limited cases but most of the time it creates more problems than it solves.
  From your comments I've read it sounds like there is more to this story. Can you share what you are trying to do? On gnome gnome disks can run fine under the user. It will elevate when it needs to and it is designed with least privilege.
  For file shares root is pretty much meaningless in most contexts. If you don't have access you don't have access as authentication is handled server side. If you setup a automatic mount check your mount options as you can set it to be owned by the local user. Also if you mounted the share in a graphical file utility such as nautilus it will be mounted for the local user so you will not need root.
  Root should be used very sparingly. It is not the same as Admin on Windows. It is almost equivalent to the SYSTEM user on Windows.
  
  You have no idea what that would do in Linux. First read some documentation, then decide if you really need it. I guess you can see by the number of people trying to put you on the right path that what you want is not a good idea.

That's not a good idea as root isn't the same as an Administer account. Also, you might want to consider why you are running programs as root. You may have a chicken and the egg problem.
Maybe step back and give us some more context.

For context, I answered this after your edit. First, I don't know how to add another context menu on a file manager, but I imagine if there is a way to do that, there is a command to be run when doing it. Hence, what I will answer is only the command.
For editing a file, you absolutely don't need to open the editor as root. You can however, make a temporary copy of a file that your own user has access to, edit those temporary files, and when you are done editing it just replace the old file. This is what sudoedit FILE does.
Secondly, for manipulating a file, I agree with the other commenter that it still is a bad practice to run the file manager as root. Instead, try to add a context menu for taking ownership of a file/folder recursively. chown does exactly that. Of course chown won't save you if that file is a network mount with some form of other access control.
Third and last, yes I agree that if a user wanted to nuke their installation it is their right to do so. However, do remember that this is also a forum and that we always remind each other the best practice since maybe another user will stumble upon this and think "oh, this is how it is in Linux". We do not have the equivalent of "Run as Administrator" here in linux as that would mess up a lot of assumptions for other programs and easily make the system unstable or outright unusable.

Other threads:
You are free to do anything and everything with Linux!
ITT:
YOU CAN'T DO THAT

This is very easy in KDE but Desktop entries work the same on all Desktops.
See this post where I mentioned how to do this with running Konsole with root.
In general, use polkit instead of sudo, every desktop has a GUI dialog that pops up.
undefined

pkexec APPNAME
And add this as a desktop action, following the guide.
undefined

[Desktop Entry] Type=Application Exec=konsole Icon=utilities-terminal Categories=System;TerminalEmulator; Actions=root Name=Konsole GenericName=Terminal Comment="$GenericName" [Desktop Action root] Name=root Icon=folder-root-symbolic Exec=pkexec konsole
In the specific case of Konsole you could use a profile instead.
Be aware that nearly no program should be ran as root. Also not Konsole. The program is ran as the user, and can enter a root shell, but never run random apps as root. Not even many terminal apps are made to be ran as root, for example use sudoedit instead of sudo nano for editing files.
To view and change system files in KDE, type admin:/ into the location bar.
Running apps as root doesnt work with Wayland, and for a good reason.
- Thanks for this, but I have a question:
  Running apps as root doesnt work with Wayland, and for a good reason.
  Are you sure about this? I run GUI apps as root all the time and have Wayland.
  
  Not sure if all apps, maybe some work, maybe they use XWayland. Dont do this.

something like this? creating custom context menu options
https://www.howtogeek.com/116807/how-to-easily-add-custom-right-click-options-to-ubuntus-file-manager/

I'm assuming you're using the nautilus file manager. I found this post in adding right click actions to nautilus: https://askubuntu.com/questions/210192/how-can-you-add-an-item-to-the-right-click-menu-in-nautilus-without-nautilus-ac#672553 You could make a bash script like shown in the post and use polkit to open the password prompt and run a command as root.

Emacs can let you edit root files using TRAMP
There's also YaST , but that's an OpenSUSE thing.

I see no "hostility" and "talking down" here. You shouldn't be running GUI programs with sudo, and the fact that you've been using Linux for X amount of years doesn't change that.
- I think the talking down aspect comes from phrases like "you shouldn't be doing X", especially when these statements are made as absolutes, rather than contextualised with actual reasons.
  Running GUI programs as root might cause security problems, or it might cause software problems. And while you might find these issues important, others might not.
  In my opinion, saying something like "it's not a good idea if you care about security" or "doing so might make your PC burst into flames" gives helpful warnings for OP and future readers without talking down to them by making decisions for them what they should and should not do.

I think you can run like this:
$ pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY <yourapp>
For example, if I wanna open kgx (a.k.a. Gnome Console), I would run:
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY kgx
- Don't do this. I'm unsure if this works in any distro, but if it does, this is unsecure.
- Don't do this. I'm unsure if this works in any distro, but if it does, this is unsecure.

106 comments