Privilege Escalation and File Removal

Say we'd like to alter the filesystem in an area owned by root, but we're running as a user. Should we...

...escalate ahead of time via the sudo package?

sudo::escalate_if_needed()?;

...or use polkit somehow via zbus_polkit?

...or avoid std::fs::remove_file and instead make a manual shell call via Command?

Command::new("sudo").arg("rm").args(...)

...or something else I haven't thought of?

Cheers, and thanks in advance for your thoughts.

The sudo crate runs the current command in another command (it calls /usr/bin/sudo under the hood), but that means the whole subcommand is running with sudo privileges, which can be a risk -- unintentionally doing other things as root.

I'm not sure how zbus_polkit works.

The third option scopes the sudo to just the rm, which means the rest of the command can run as user, which is nice.

Would be nice to have API like the first method, but scoped like the 3rd, and not assuming Linux-like environment so that it can escalate privileges on Windows as well just for that operation.

Precisely my thought. Does anyone know of such a thing?

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.