Sorry for the late reply...
I've finally identified where the problem is.
It appears it's not related to Conky as I thought but to VeraCrypt
instead (1.24.23-1 is installed on my Debian 10).
Indeed, everytime I launch VeraCrypt, mount an encrypted volume and then
fill in the volume password, I get the following line in my systemd
journal along with a popup asking for my user password:
l0f4r0 : a password is required ; TTY=unknown ; PWD=/home/l0f4r0 ;
USER=root ; COMMAND=/usr/bin/uptime
Well done Marc with the "sudo -n" hint.
Actually, VeraCrypt invokes `sudo -n uptime` in order to check if the
user has an active 'sudo' session [1]:
// Test if the user has an active "sudo" session.
// This is only done under Linux / FreeBSD by executing the command
'sudo -n uptime'.
// In case a "sudo" session is active, the result of the command
contains the string 'load average'.
// Otherwise, the result contains "sudo: a password is required".
[...]
FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l",
"r");
I could add to my sudoers file something like the following:
l0f4r0 ALL= NOPASSWD: /usr/bin/uptime, /usr/bin/veracrypt
but I don't think that lower the security is a good idea.
Maybe using `sudo -n uptime` is simply not the best practice from
VeraCrypt as it trigers a priority 1 (alert) in my journal each time
whereas it's just an event/test from a software, not a real security
issue from my point of view.
I've seen some people recommending another approach [2] like `sudo -l
/actual/command/to/run ; echo $?` instead but I'm not sure it solves the
issue as this command only checks theoretical permissions, not if a sudo
session is already on-going.
While we are at it, would you have a personal advice to VeraCrypt on how
checking the latter case instead of a sudo on a dummy command please?
Thank you in advance :)
[1]:
https://www.veracrypt.fr/code/VeraCrypt/commit/?id=9463a628a6315ec89934f81dc9e5d838015ec5ce
[2]: https://dev1galaxy.org/viewtopic.php?pid=23102#p23102
