links are handled by the operating system, it's not the program that decides how they are opened
I skimmed the code again today & gained some new insight. The cause of the problem, and its solution, seems pretty straightforward.
Any app which invokes an mx-viewer subprocess, e.g. MX-live-usb-maker
https://github.com/AdrianTM/mx-live-usb ... w.cpp#L322
should
not be concatenating "su" into the string used for the system() call
(or should not trust that "user.toUft8()" returns SUDO_USER, vs result of "whoami")
If, someday, a need arises to open a document residing in path readable only by root, mx-viewer is probably the wrong tool for the task.
In the meantime, across all the MX Tools, every call involving mx-viewer or xdg-open (
not just the call from within on_buttonAbout_clicked() )
could be using
sudo -u somenonpriviledgeduser
Code: Select all
void MainWindow::on_buttonAbout_clicked() {
. . .
. . .
QString user = c.getOutput("logname");
if (system("command -v mx-viewer") == 0) { // use mx-viewer if available
system("su " + user.toUtf8() + " -c \"mx-viewer file:///usr/share/doc/CUSTOMPROGRAMNAME/license.html 'Custom_Program_Name " + tr("License").toUtf8() + "'\"&");
} else {
system("su " + user.toUtf8() + " -c \"xdg-open file:///usr/share/doc/CUSTOMPROGRAMNAME/license.html\"&");
}
}
this->show();
}