如何使用pkexec以root用户身份运行GUI应用程序？

我正在使用Trisquel GNU / Linux-Libre，它随Gnome3闪回桌面环境一起提供。

我知道我可以通过sudo＆以root身份运行GUI应用程序，gksudo但是我想知道如何在...的帮助下以root身份运行GUI应用程序pkexec？

当我尝试运行gedit（或像任何其他应用程序：nautilus）由pkexec gedit然后，它会提示输入密码进行验证： -

输入密码后，错误退出：

$ pkexec gedit
error: XDG_RUNTIME_DIR not set in the environment.

(gedit:6135): Gtk-WARNING **: cannot open display:

因此，显示环境似乎出了问题。

我也尝试过DISPLAY=:0 pkexec gedit但不起作用。

以下信息可从以下网站获得man pkexec：

为了避免通过LD_LIBRARY_PATH或类似机制注入代码，将PROGRAM运行它的环境设置为最小的已知和安全环境。另外，PKEXEC_UID环境变量设置为调用pkexec的进程的用户ID。结果，由于未设置$ DISPLAY和$ XAUTHORITY环境变量，pkexec将不允许您以其他用户身份运行X11应用程序。如果将动作上的org.freedesktop.policykit.exec.allow_gui批注设置为非空值，则将保留这两个变量；否则，将保留这两个变量。但是不建议这样做，并且仅应将其用于旧版程序。

现在，我不知道该怎么做才能完成此任务。

因此，帮助我找出如何通过来以root身份运行GUI应用程序pkexec。还是有可能吗？

顺便说一句，受gparted-pkexec命令启发，效果很好。如何gparted使用pkexec？

可以通过将自定义操作添加到Policykit来完成。如果要以root用户身份运行gedit，pkexec则必须创建新文件/usr/share/polkit-1/actions/org.freedesktop.policykit.gedit.policy，例如：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
    <action id="org.freedesktop.policykit.pkexec.gedit">
    <description>Run gedit program</description>
    <message>Authentication is required to run the gedit</message>
    <icon_name>accessories-text-editor</icon_name>
    <defaults>
        <allow_any>auth_admin</allow_any>
        <allow_inactive>auth_admin</allow_inactive>
        <allow_active>auth_admin</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gedit</annotate>
    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
    </action>
</policyconfig>

最后pkexec gedit应能按预期工作。

请访问手册页或参考手册，其中以“ EXAMPLE” 为例进行解释，例如：

$ man pkexec | grep -i ^Example -A 60
EXAMPLE
       To specify what kind of authorization is needed to execute the program /usr/bin/pk-example-frobnicate as
       another user, simply write an action definition file like this

           <?xml version="1.0" encoding="UTF-8"?>
           <!DOCTYPE policyconfig PUBLIC
            "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
            "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
           <policyconfig>

             <vendor>Examples for the PolicyKit Project</vendor>
             <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>

             <action id="org.freedesktop.policykit.example.pkexec.run-frobnicate">
               <description>Run the PolicyKit example program Frobnicate</description>
               <description xml:lang="da">Kør PolicyKit eksemplet Frobnicate</description>
               <message>Authentication is required to run the PolicyKit example program Frobnicate (user=$(user), program=$(program), command_line=$(command_line))</message>
               <message xml:lang="da">Autorisering er påkrævet for at afvikle PolicyKit eksemplet Frobnicate (user=$(user), program=$(program), command_line=$(command_line))</message>
               <icon_name>audio-x-generic</icon_name>
               <defaults>
                 <allow_any>no</allow_any>
                 <allow_inactive>no</allow_inactive>
                 <allow_active>auth_self_keep</allow_active>
               </defaults>
               <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate>
             </action>

           </policyconfig>

       and drop it in the /usr/share/polkit-1/actions directory under a suitable name (e.g. matching the namespace of
       the action). Note that in addition to specifying the program, the authentication message, description, icon
       and defaults can be specified. Note that occurences of the strings $(user), $(program) and $(command_line) in
       the message will be replaced with respectively the user (of the form "Real Name (username)" or just "username"
       if there is no real name for the username), the binary to execute (a fully-qualified path, e.g.
       "/usr/bin/pk-example-frobnicate") and the command-line, e.g. "pk-example-frobnicate foo bar". For example, for
       the action defined above, the following authentication dialog will be shown:

           [IMAGE][2]

               +----------------------------------------------------------+
               |                     Authenticate                     [X] |
               +----------------------------------------------------------+
               |                                                          |
               |  [Icon]  Authentication is required to run the PolicyKit |
               |          example program Frobnicate                      |
               |                                                          |
               |          An application is attempting to perform an      |
               |          action that requires privileges. Authentication |
               |          is required to perform this action.             |
               |                                                          |
               |          Password: [__________________________________]  |
               |                                                          |
               | [V] Details:                                             |
               |  Command: /usr/bin/pk-example-frobnicate                 |
               |  Run As:  Super User (root)                              |
               |  Action:  org.fd.pk.example.pkexec.run-frobnicate        |
               |  Vendor:  Examples for the PolicyKit Project             |
               |                                                          |
               |                                  [Cancel] [Authenticate] |
               +----------------------------------------------------------+