Notices

I removed the sudo in front of the desktop file and it works like it should

Nokia-N900:~# cat /etc/sudoers | grep genwall
user ALL = NOPASSWD: /usr/bin/run-standalone.sh /opt/genwall/genwall
user ALL = NOPASSWD: /usr/bin/run-standalone.sh genwall

I guess the implementation of sudo in front of the desktop file requires sudser. I only have rootsh but I do NOT have sudser. AFAIK, madde also gives you root acces, not sure about this though. Also your application asks root/superuser acces after it is launched (that password prompt). And at that moment it gets it's rights, right???

So now it's launched as normal user and it does show the dialog more than milliseconds and it even allows me to get into the main application after entering the right root-password. Hope this will get you any further.

Will report back what happens if I install sudser and place sudo back in the desktop file

Interesting good that you solved your problem.

This password prompt is only there that nobody can use this program unless he knows the root password. It will not give you su rights. In principle it reads the encrypted password from the linux file and this can only be done when you start genwall with root rights. I think so... I will look into it.


This means your desktop file and the sudser.d seems to work together and you get root rights as normal user when you start genwall.

Okay, but after your try I would suggest to remove sudser again.
Sudser is creating a file in sudser.d that will grant super user rights for everything you are lunching.

Hmm, strange.

As said starting genwall as user works (passwd prompt stays until root pass entered and then runs), no sudo needed to start your app.

sudser has nothing to do with sudo in desktop file (afaik and experienced).
(what does 'sudo run-standalone.sh /opt/genwall/genwall' in x-term tell?) Output of sudoer looks correct. So something on your N900 goes berserk?
sudser may create /etc/sudoers.d/everybody.sudoers, but also in 01sudo you may find 'user all=nopasswd: all' (which I commented out after finding out and adding 'defaults targetpw').


/etc/passwd is readable by user, so genwall may read it without root rights.

and the GUI does/should not run as root, but only parts (outsorced as scripts) where root is needed. Just suggesting here ...

~ $ sudo run-standalone.sh /opt/genwall/genwall
Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
~ $ Root
Nokia-N900:~# passwd user
Changing password for user
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
Password changed.
Nokia-N900:~# exit
~ $ sudo run-standalone.sh /opt/genwall/genwall
Password:
Sorry, user user is not allowed to execute '/usr/bin/run-standalone.sh /opt/genwall/genwall' as root on Nokia-N900
Nokia-N900:~# root
Nokia-N900:~# apt-get install sudser
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libruby1.8
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
sudser
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 6670B of archives.
After this operation, 36,9kB of additional disk space will be used.
Get:1 http://repository.maemo.org fremantle-1.3/free sudser 0.2.0-4 [6670B]
Fetched 6670B in 7s (876B/s)
Selecting previously deselected package sudser.
(Reading database ... 40022 files and directories currently installed.)
Unpacking sudser (from .../sudser_0.2.0-4_all.deb) ...
Setting up sudser (0.2.0-4) ...
Password changed.
Now 'user' needs no password for sudo
If you need to log in via SSH as user,
you will have to set user password again
by running 'passwd user' as root
Please read and close the popup dialog
Nokia-N900:~# exit
~ $ sudo run-standalone.sh /opt/genwall/genwall





Edit: crucial part I forgot: The password that is needed is not known, as it doesn't accept my root password, so I set up a user passwd as I hadn't done that before. Still no luck. Then I installed sudser: It runs, so for the sudo command sudser IS needed, just what I thought... And I don't like that, for the same reason halftux warned me here above

This proves that the whole sudo in front of the command is useless as the GUI should run as user but the actual iptables commands should be run as root, ofcourse. Like Peterleinchen said ^^^ But I believe that's already done for a part if not for more. (Haven't looked at the sources)

Reading only first parts of your answer it came to my mind immediately.
I changed the pw behaviour to accept only root password (Defaults targetpw) as I did not like the ubuntu way of asking for user pw to run programs as root. So of course genwall could not be started as user with sudo, as user missed a passwd (as it is default on Maemo).
Sorry.
But again it has nothing to do with sudser. Just use bb-bower (or install adduser) and give user a password (something sudser does).
Btw, good find

Well I edited some parts to explain some more experimenting I did. Even if I did set user password, it couldn't be run unless I installed sudser. Now you say sudser only set user pw. I also set a user pw but: How the ..., why isn't genwall allowed to be executed as root by user, as it HAS sudoers file as proved in earlier posts

sudser not only give user a passwd but also adds an entry
user all nopassword: all
so every process may be run with sudo.

Why on your side it did not run after giving user a pw I really do not know
If you like remove sudser and change user pw again. If it again does not run, run update-sudoers after pw change and tell us result...

It seems that you can start genwall as an user and it will not working as excpected like you said.

So you mean adding every script to sudser.d and call the script with sudo?
So I will end up with many scripts and these can be easily run as root. When only genwall can run these scripts as root, it is more save because you need the password to run genwall.

Or how this should work? I can also pass the password with QProcess as a command line argument or I can write a password with QProcess if the process is asking for a password.
However I think it could be somehow visible and could be caught.

I can also work with setuid but don't know if this will work.

So I would leave it like it is, except changing the file permission to 754.

@mr_pingu
sorry I have really no clue
I have seen that you have rootsh installed, so you can create a script with gainroot and starting genwall. This script can be added to the desktop file. I was doing this some versions before.

Yes, that was my idea.
But I do see your point.

You could give those scripts only
user ALL = PASSWD: xxx
and hand over the root passwd in each call (echo rootme | sudo script) but I agree to leave it as it is and change permission of file to 754 (or even 750) will be sufficient. This change permission needs to be done in postinst script via chmod afaik.

--
Sorry, have to correct me.
Above will not work as default behaviour of N900 is that user passwd is requested on sudo (missing 'Defaults targetpw' which will request root passwd). So I tend even more to leave it as it is.

New update should be soon available version 1.0.6

Changelog:
* added blacklist in/out
* added dnsmasq domain filter
* removed bug from gate tab
* small layout changes
* added more info messages

So I added an IP-Blacklist function for the input and output chain. The lists from the listwidget must be saved before generating the script.
Lists blacklistin.txt and blacklistout.txt get saved in "/home/user/.genwall/", entries starting with an # or $ will get ignored during script generation.

For/Out-->Out-Black
Rules-->In-Black


Furthermore I added a tab with a domain filter (For/Out-->Block-Hosts). It works with dnsmasq.
Pushbutton "set dnsmasq conf" will append the dnsmasq.conf file with following entries and become green:
When you hit the button again the lines will get removed.
The save button will save the listed domains in the qlistwidget to the created file in /etc/dnsmasq.hosts.
For making the changes active you need to hit the pushbutton "restart dnsmasq".
The filtering will work only if the N900 is the dns server. When you on the phone itself the dns server must be localhost.

enjoy and have fun

And keep in mind that the N900 has no server capacity do not create to many entries and downloading huge blacklists.