killall gksudo: Stop running GTK as root!

Registered by Allison Ryan Lortie on 2007-10-29

This blueprint has been superseded. See the newer blueprint "Do not require sudo for default Desktop" for updated plans.

We current have a bunch of "administration" functions on the desktop that run under gksudo for various reasons. This typically comes down to requiring root access to do some very small thing (like write to a config file).

Unfortunately, when we run the entire settings application under gksudo we're running hundreds of thousands of lines of code (GTK, image loaders, etc) as root with an extremely rich and confusing (ie: X11) interface between the root-running code and the user.

Further, the process of requiring the user to enter a password before they even open the dialog is a bit disruptive.

In general, we should examine methods of how we can leverage the system dbus and PolicyKit to provide extremely thin and simple interfaces between the user interface (GTK application running as user) and the privileged code (as little code with as few features as possible).

Blueprint information

Scott James Remnant (Canonical)
Martin Pitt
Needs approval
Martin Pitt
Series goal:
Not started
Milestone target:
Completed by
Martin Pitt on 2009-05-27

Related branches



pitti, 2007-11-22: split spec into policykit-integration (which we will do for Hardy in any case), and converting apps to use it (this spec).

pitti, 2008-05-26: Hardy started using PK for many things already; remaining big thing is to move applications which need to install packages -> Software Sources, Synaptic, gnome-app-install, Language Selector, Hardware Drivers. The latter three can be converted by fixing and moving to PackageKit.

kov, 2008-10-22: as gksu author I highly approve of this move, and I would like to point out that I am writing a policykit-based version of gksu to support applications which are not properly written (i.e. to use PolicyKit); see


Work Items

Dependency tree

* Blueprints in grey have been implemented.