Hi, I'm writing a GUI app that need root privileges to spawn some commands (iptables, etc.).

Going further to package it, I want to know if packages containing setuid binaries are possible/acceptable, works with the autobuilder and may enter the extras repository or should search for another solution.

Wouldn't it be better to package it as a normal program and instruct the user to start it as root? SUID binaries are not good to use which the sudo framework is there to handle.

Yes I agree, but I'm searching for a general solution to provide the package to the average user that should only install the application and enjoy it (suppose for example an app targeting extras/ovistore for mass usage).

Is there some form of "official" or well tested debian rule to auto add/remove sudoers lines on pre/postinstall and adjust the desktop entry?

I thinked about splitting the root/gui part in a daemon and a gui talking by dbus, but this seems a bit exagerate if I have only to launch iptables or write to the /proc filesystem.

I suggest that you do set of very limited helper scripts and launch them with sudo. You can enable sudo for your scripts via /etc/sudoers.d/ directory

In one of my apps I abuse ioctl and rtnetlink to change the network configuration just to avoid using helper scripts LOL

Anyway it's an extreme case that I'm planning to handle in a different way, in the general case you are totally right.

Thanks.