xorg also runs as user if you run it as user(fedors does)

you can use stdin even with long-running daemon

You can use socketpair to create an anonymous socket between processes that other processes cant interfer with. You can reuse that socket for new processes as long as the processes are parent/children

I may be wrong, but it sounds like you're still using QGuiApplication or QApplication for your helper's event loop, instead of QCoreApplication, which should be used for non-GUI stuff.

Don't reinvent the wheel. gvfsd-admin exists to allow altering system files as part of gnome and there is work to bring the same feature to kio. You will notice when you look at both of them they are using dbus and polkit.

Also you are wrong pkexec does work for non GUI/X11 applications. some case you do need to pkttyagent the bash/program you are running pkexec from you are using before you can use pkexec when running without X11 loaded but this is due to a bug. Reality is if pkexec does not work with terminal application this is a reportable bug.

Yes polkit pkexec uses to authenticate is meant to choose a suitable agent be you running pure text mode, X11 or Wayland.

Starting deamon yourself instead of using dbus has the problem that you cannot have clean start on demand. No using dbus means you miss out on a lot of stuff for setting up a safe and secure connection.

Final killer to your idea what if the user is not using a password but a token device or finger print scanner. You application will not be able get the authorisation from those to duplicate because your application is not pam. Yes polkit can be a pain in ass to deal with but its hooked up so it supports all forms of authorisation.

I just checked, it's QCoreApplication:
Though I'm not really sure it's blocking GUI apps, it just seems *to me* it's saying so (search for "X11"):

Who uses "token device or finger print scanner" on their PCs as root passwords?

I'm not sure what you're saying here because I was saying it doesn't want to run gui apps, at least here on my Plasma 5, e.g. dolphin fails to start:
There is a solution, but it only works from the command line and fails when executing programmatically:
pkexec env DISPLAY=:0 XAUTHORITY=/run/user/1000/gdm/Xauthority dolphin

if ain't working, don't fix it

More people than what you would think.

And that exactly what should happen. pk at the start of pkexec stands for policykit. You did not create a polkit rule did you.



You have never read the manual of pkexec or you did not read it completely.
Yes this section of text starts of saying pkexec will not run X11 applications then goes on to say set org.freedesktop.policykit.exec.allow_gui for legacy programs.

https://unix.stackexchange.com/quest...y-using-pkexec There is example here.

Note the two things you added by env will be added if you added a polkit policy for the application that you wish to run as graphical as root with org.freedesktop.policykit.exec.allow_gui set the values will be there. Of course this polkit policy file will not exist for dolphin out box.
lightweight daemon needing graphical is coded wrong.

Yes in future you will not be needing to run dolphin as root ever because some point in future kio will allow higher privillage access with the GUI of the application not as root. Same way gnome files by gvfs allows you to edit root files using admin:/// while files it self is running as your normal user right now.

Do note that I did write "Yes polkit can be a pain in ass to deal with" yes getting your head around what you need to set in polkit policy so everything works is a bit of a learning curve. There are a lot of things people think cannot be done that turn out to be you have not set policy.