-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
linux: Fix saving file with root ownership #22045
base: main
Are you sure you want to change the base?
Conversation
@mikayla-maki moved it to a separate optional script, as you asked. Also added docs for it in |
@0xtimsb thanks for making that change That said, I think my suggestion has terrible UX… could we do something like detect if the user has Polkit installed, and then prompt them if they want to install our policy, and only then escalate the script’s permissions to su so we can do the installation? |
script/install.sh
Outdated
echo "Zed needs sudo access to improve root file editing experience." | ||
printf "Configure polkit? [Y/n] " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could potentially be more beginner-friendly if worded as something like "Configure polkit to allow Zed to request elevated permissions when editing system files?"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, not super accurate (since it’d still work even after saying no), but let’s just write it this way for simplicity's sake.
crates/fs/src/fs.rs
Outdated
let mut cmd = Command::new(pkexec_path); | ||
cmd.arg("--disable-internal-agent"); | ||
|
||
let script_path = PathBuf::from("/usr/libexec/zed/elevate.sh"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is also not going to work on NixOS. Would be nice to have a way to specify this as a command line flag or env variable while building so we don't have to resort to patching the code in the NixOS package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I’ve added the env variable which can be used in Nix installation. But, I'm not picking that in this PR as I'm not familiar with Nix yet. It should still work on NixOS as long as pkexec is in the PATH without custom message. I will create another PR after setting up NixOS VM and testing there.
Closes #13585
Currently, saving files with
root
ownership orroot
as the group throws aPermission denied (os error 13). Please try again.
error. This PR fixes the issue on Linux by prompting the user for a password and saving the file with elevated privileges.It uses
pkexec
(Polkit), which is by default available on GNOME, KDE, and most Linux systems. I haven't implemented this for macOS as I don't have a device to test it on.This implementation is similar to how Vscode handles it. Except, they don't show custom message.
Working:
When file saving fails due to a
PermissionDenied
error, we create a temporary file in the same directory as the target file and writes the data to this temporary file. After, the contents of this file are copied to the original file using thetee
command instead ofcp
ormv
. This ensures that the ownership and permissions of the original file are preserved. This command is executed usingpkexec
which will prompt user for their password.Custom Message:
The message displayed to the user in the prompt is automatically retrieved from the
org.zed.app.policy
file, which is located at/usr/share/polkit-1/actions/
. This file should be installed during the setup process. While the policy file is optional, omitting it will cause the user to see the underlying command being executed rather than a user-friendly message. Currently, VSCode does not display the user-friendly message.The policy file must specify a unique binary, ensuring that only that binary can use the policy file. It cannot be as generic as a
/bin/bash
, as any software using bash to prompt will end up showing Zed’s custom message. To address this, we will create a custom bash script, as simple as the following, placed in/usr/bin/zed/elevate.sh
. The script should have root ownership and should not reside in the home directory, since the policy file cannot resolve$HOME
.IMPORTANT NOTE
Since copying the policy file and our script requires sudo privileges, the installation script will now prompt for the password at very end. Only on Linux, if
pexec
is installed.Screenshots:
KDE with policy file:
![Screenshot from 2024-12-15 22-13-06](https://private-user-images.githubusercontent.com/37347831/395878647-b8bb7565-85df-4c95-bb10-82e50acf9b56.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzQ1MTI1MDQsIm5iZiI6MTczNDUxMjIwNCwicGF0aCI6Ii8zNzM0NzgzMS8zOTU4Nzg2NDctYjhiYjc1NjUtODVkZi00Yzk1LWJiMTAtODJlNTBhY2Y5YjU2LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEyMTglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMjE4VDA4NTY0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTdkNmVmMDI4MjExY2I3ZWEyMmFlYjMyYWIyMmFjNDA4ZGUwYWZjY2M1NWJkY2I0MzQxNzE4ODNhNDFhMDQxY2EmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.mJHSPcLLBJVthO5VA77auY0WCiVUjSwcAhg_quoH07s)
Gnome with policy file:
![Screenshot from 2024-12-15 22-21-48](https://private-user-images.githubusercontent.com/37347831/395878638-83d15056-a2bd-41d9-a01d-9b8954260381.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzQ1MTI1MDQsIm5iZiI6MTczNDUxMjIwNCwicGF0aCI6Ii8zNzM0NzgzMS8zOTU4Nzg2MzgtODNkMTUwNTYtYTJiZC00MWQ5LWEwMWQtOWI4OTU0MjYwMzgxLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEyMTglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMjE4VDA4NTY0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWZlMjJmOGYyZDNjYWZmNjYwNTQzNDliMDAyMjE4Njg5M2YxNjI1YmE2OTA4ZTM4OTkzZWU3ZGFkMjJjMTNhZjgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.pEP0NSaezmaWI1BDX1ZEALcd8Eo8tdIUy0S2LyhGve8)
Gnome without policy file:
![image](https://private-user-images.githubusercontent.com/37347831/395885936-66c39d02-eed4-4f09-886f-621b6d37ff43.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzQ1MTI1MDQsIm5iZiI6MTczNDUxMjIwNCwicGF0aCI6Ii8zNzM0NzgzMS8zOTU4ODU5MzYtNjZjMzlkMDItZWVkNC00ZjA5LTg4NmYtNjIxYjZkMzdmZjQzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEyMTglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMjE4VDA4NTY0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTdiNjgyZTc3YjgxYzY0OWFhYjU5OWY0YWE0ODQ2Y2JmNjRmNWFiZTc5ZDRkMzkzMzNlYzY4NmQ1NTcxYWYxYmUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.6GUZNGh_xdsmsGERqNYVlH1g6vQ0js6ElHJ2SwpAXiU)
VSCode:
![image](https://private-user-images.githubusercontent.com/37347831/395879173-949dc470-c3df-4e2f-8cc6-31babaee1d18.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzQ1MTI1MDQsIm5iZiI6MTczNDUxMjIwNCwicGF0aCI6Ii8zNzM0NzgzMS8zOTU4NzkxNzMtOTQ5ZGM0NzAtYzNkZi00ZTJmLThjYzYtMzFiYWJhZWUxZDE4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEyMTglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMjE4VDA4NTY0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTE1MTA4YzAzMmE5MzEyNjIxNGQ0MWMwZmRhY2U0NWZlZDViN2E2YTllMjY3MjE5YjkyZmI0NWZiOTU3MmJhMTYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.Tx2o1ifIvoakaPBn-S0-FNTxANuqg_OKVVmRAwXcvFI)
User declines the permission request:
![image](https://private-user-images.githubusercontent.com/37347831/395878552-c5cbf056-f6f9-43a8-8d88-f2b0597e14d6.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzQ1MTI1MDQsIm5iZiI6MTczNDUxMjIwNCwicGF0aCI6Ii8zNzM0NzgzMS8zOTU4Nzg1NTItYzVjYmYwNTYtZjZmOS00M2E4LThkODgtZjJiMDU5N2UxNGQ2LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEyMTglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMjE4VDA4NTY0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTUyZTBlMGI4N2Y0NmI0YmNiMTRiOTcyMzhmZjA0YTRjYzVhM2ZmMTQ1MTc5ZjYzYmFkYjE4OGJhMGI0ZDQ2MDUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.tMjtex8oPyEF-LHkLDfCD5-GLGAEHHydcf6YiEhRMW8)
Release Notes: