IM Ivan Morgillo
June 16, 2026 AIProgrammingTech

How I Let My AI Coding Agent Run sudo on My Linux Box Without Pasting Into a Terminal

Letting an AI coding agent run root commands on Linux without pasting sudo into a terminal — a tiny reusable asroot helper built on pkexec and polkit's graphical password dialog.

June 16, 2026 5 min read

AI assistant robot hand reaching toward a polkit password dialog over a Linux terminal — an AI coding agent requesting root via pkexec

It started as a clipboard bug. It ended with a five-line script that quietly changed how my AI coding agent works on this machine.

Here’s the short version: if you run an AI coding agent on Linux and you’ve ever watched it try to install a package, you know the awkward dance. The agent needs root. It can’t type your password. So it either prints a sudo command and asks you to paste it into a terminal, or it gives up. Pasting from the agent’s output into a console is exactly the kind of fragile, copy-the-wrong-thing step that goes wrong at the worst moment.

I wanted something better. This is it.

The problem with sudo and AI agents

An autonomous agent and sudo are a bad match by design: the agent can’t (and shouldn’t) know your password; piping a password into sudo -S is a security smell that breaks under any sane policy; and “paste this into your terminal” defeats the point of having an agent do the work.

What I actually want: the agent runs the command, and I get a normal, native password prompt — the same dialog I’d get clicking “Install” in a GUI app. The password never touches the chat, the agent never sees it, and I explicitly approve each elevation.

The insight: pkexec already does this

On a desktop Linux box you almost certainly have polkit running, with a graphical authentication agent (on my XFCE setup it’s polkit-mate). That’s the thing that pops up “Authentication is required” with a password field. You can drive it directly:

pkexec apt-get install -y copyq

pkexec runs the command as root after the graphical polkit dialog authenticates you. The agent fires the command; I get the native prompt; I type my password into the OS dialog, not into a text box an LLM can read. Clean.

The naive way to use this from an agent is to write a temp script and pkexec it:

cat > /tmp/do.sh <<'EOF'
apt-get update && apt-get install -y copyq
EOF
chmod +x /tmp/do.sh
pkexec /tmp/do.sh

That works, but writing a throwaway script for every single root command is clunky — and it’s exactly the kind of repetitive scaffolding you don’t want your agent regenerating ten times a day.

The fix: a reusable asroot helper

So I gave it a name. ~/.local/bin/asroot:

#!/usr/bin/env bash
# asroot — run a command as root via pkexec's graphical (polkit) dialog.
# No pasting sudo into a terminal, no throwaway scripts.
#
#   asroot apt-get install -y copyq      # single command
#   asroot bash -c "cmd1 && cmd2"         # pipes / && / redirects
#   asroot -s < script.sh                 # run a whole script from stdin
set -euo pipefail

usage() {
  echo "asroot <command> [args...]   |   asroot bash -c \"a && b\"   |   asroot -s < script.sh" >&2
  exit 2
}

[ "$#" -eq 0 ] && usage

# Explicit stdin mode — so it can never hang waiting for input by accident.
if [ "$1" = "-s" ]; then
  exec pkexec /bin/bash -s
fi

# Run argv exactly as given: no re-quoting, no shell interpretation of
# metacharacters. For pipes/&& use "asroot bash -c ..." on purpose.
exec pkexec /bin/bash -c 'exec "$@"' _ "$@"

Now my agent just runs asroot apt-get install -y <whatever>. One graphical prompt, zero temp files, and the password stays where it belongs.

The last step is to tell the agent this is the house rule. I added one line to whatever instructions file my agent reads on startup — CLAUDE.md, AGENTS.md, a Cursor rule, your pick: “When you need root, use asroot; never ask me to paste a sudo command.” Codex, Cursor, Claude Code — whatever I’m driving that day, they all do the right thing once they know the rule.

One gotcha worth mentioning

My first version auto-detected stdin: “no arguments and stdin isn’t a terminal → read a script from stdin.” That seemed clever until the agent invoked it with no args from a non-interactive shell, and it sat there blocking on pkexec forever, waiting for input that would never come. Lesson: make dangerous modes explicit. The -s flag fixed it, and a no-arg call now just prints usage and exits.

Why this is safe

This isn’t a way to hand an AI agent root. It’s the opposite. Every elevation goes through the OS’s own authentication dialog — the same gate as any GUI installer. Nothing runs as root until I type my password into a trusted system prompt. The agent proposes; polkit (and I) dispose. If I walk away, nothing escalates.

The side quest was the real upgrade

The funny part: I wasn’t trying to build any of this. I sat down to fix Flameshot screenshots that kept “vanishing” from my clipboard (an X11 clipboard-ownership thing — a story for another post). Somewhere in that session the agent needed to install a clipboard manager, hit the sudo wall, and asroot was born to get past it.

That’s the pattern I keep seeing with AI tooling: you go in to fix one annoyance and walk out with a small, sharp tool that removes a whole category of friction. The clipboard bug is fixed. But asroot is the thing I’ll use every week.

If you run an agent on a Linux desktop, drop those five lines in ~/.local/bin/asroot, tell your agent to use it, and never paste a sudo command again.