Why should users never use normal sudo to start graphical applications?

1

Graphical applications often store settings and other user-specific data in configuration files written inside the user's home folder. The main mechanism applications use to determine what they should use as the user's home folder is the HOME environment variable. (You can inspect it yourself with echo $HOME).

Suppose you're running gedit (a graphical text editor) as root. If you run sudo gedit, HOME will continue to point toward your home directory, even though the program is running as root. Consequently, gedit will write configuration files as root into your home directory. This will sometimes result in the configuration files being owned by root and thus inaccessible to you (when you later run the program as yourself and not as root). This mainly happens when the application has to create a new configuration file. Newly created files, by default, are owned by the user who creates them (who in this case is root, not you).

That's the primary reason why you should...

0 0
2

I've read the comunity "RootSudo" documentation and am interested in this line:

You should never use normal sudo to start graphical applications as Root.

Why? What is the difference? Please provide a simple explanation, as I'm just a normal desktop user.

Graphical applications often store settings and other user-specific data in configuration files written inside the user's home folder. The main mechanism applications use to determine what they should use as the user's home folder is the HOME environment variable. (You can inspect it yourself with echo $HOME).

Suppose you're running gedit (a graphical text editor) as root. If you run sudo gedit, HOME will continue to point toward your home directory, even though the program is running as root. Consequently, gedit will write configuration files as root into your home directory. This will sometimes result in the configuration files being owned by root and thus inaccessible to you (when you later run the...

0 0
3

Note: For help with configuring sudo privileges via its configuration file /etc/sudoers, please see Sudoers.

In Linux (and Unix in general), there is a SuperUser named root. The Windows equivalent of root is the Administrators group. The SuperUser can do anything and everything, and thus doing daily work as the SuperUser can be dangerous. You could type a command incorrectly and destroy the system. Ideally, you run as a user that has only the privileges needed for the task at hand. In some cases, this is necessarily root, but most of the time it is a regular user.

By default, the root account password is locked in Ubuntu. This means that you cannot login as root directly or use the su command to become the root user. However, since the root account physically exists it is still possible to run programs with root-level privileges. This is where sudo comes in - it allows authorized users (normally "Administrative" users; for further information please refer to...

0 0
4

sudo

To use sudo on the command line, preface the command with sudo, as below: Example #1

sudo chown bob:bob /home/bob/*

Example #2

sudo /etc/init.d/networking restart

To repeat the last command entered, except with sudo prepended to it, run:

sudo !!

Graphical sudo

You should never use normal sudo to start graphical applications as Root. You should use gksudo (kdesudo on Kubuntu) to run such programs. gksudo sets HOME=~root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by Root. (AFAICT, this is all that’s special about the environment of the started process with gksudo vs. sudo).

Recent versions of some flavours might not have gksu installed.

If necessary install and set gksu-properties to sudo.

Examples:

gksudo gedit /etc/fstab

or

kdesudo kate /etc/X11/xorg.conf

Drag & Drop sudo

This is a trick from this thread on the Ubuntu Forums.

Create a...

0 0
5
Now if i want to log into my openVPN or install it i have to use "sudo /etc/init.d/openpvpn start"

But if i do this with another user than the adminuser i installed openVPN with, it only says i need root previligies and that this will be reported, blablabla...

Is this(I read it in a sticky topic) mayb a "sollusion to the problem:

"Graphical sudo

You should never use normal sudo to start graphical applications as Root. You should use gksudo (kdesudo on Kubuntu) to run such programs. gksudo sets HOME=~root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by Root. (AFAICT, this is all that's special about the environment of the started process with gksudo vs. sudo).
Examples:
gksudo gedit /etc/fstabor
kdesudo kate /etc/X11/xorg.conf

To run the graphical configuration utilities, simply launch the application via the Administration menu.gksudo and kdesudo simply link to the commands gksu...
0 0
6

by

DrKenobi

Last Updated March 07, 2017 22:02 PM

I've been using gksudo nautilus and sudo nautilus through Alt+F2.

What's the difference? They look very similar!

Answers 8

If you choose gksudo nautilus, You ask your password graphically. With sudo, you ask it in a terminal

winniemiel05
November 06, 2010 14:58 PM

Taken from here:

You should never use normal sudo to start graphical applications as root. You should use gksudo (kdesudo on Kubuntu) to run such programs. gksudo sets HOME=/root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by root.

Please note that this is primarily about configuration files. If you run Nautilus as root, even with gksu/gksudo, and you create a file or folder anywhere with it (including in your home directory), that file or folder will be owned by root. But if you run Nautilus (or most other graphical applications) as root...

0 0
7

gksudo is a GTK-based frontend of sudo(BTW, kdesudo is a Qt-based frontend), however it (by default) handles more environmental variables(HOME, XAUTHORITY, etc.) than sudo thus making running commands as root safer.

As far as I can see only @Logics answer is correct enough (@Ignacio Vazquez-Abrams's is not complete). Here is the try-to-avoid clarification to @Davros @knitti answer/comments (Please kindly remove/edit them when it's not needed):

Although both commands are indeed represents sudo, the UI used is NOT the only difference of the two commands. Running GUI program is NOT the only situation when you should use gk/kdesudo, instead you should use gk/kdesudo whenever you can't determine whether the command will create/write files to your home directory (which the HOME environment variable points to in the sudo command in some system and situations). Not all GUI apps writes to your home directory and not all CLI apps don't, so the type of command isn't the key point....
0 0
8

sudo: Executing Commands with Elevated Privileges

Most of the following commands will need to be prefaced with the sudo command. This elevates privileges to the root-user administrative level temporarily, which is necessary when working with directories or files not owned by your user account. When using sudo you will be prompted for your password. Only users with sudo (administrative) privileges will be able to use this command. You should never use normal sudo to start graphical applications as Root (Please see RootSudo for more information on using sudo correctly.)

File & Directory Commands

The tilde (~) symbol stands for your home directory. If you are user, then the tilde (~) stands for /home/user pwd: The pwd command will allow you to know in which directory you’re located (pwd stands for “print working directory”). Example: “pwd” in the Desktop directory will show “~/Desktop”. Note that the Gnome Terminal also displays this information in the title bar of its...
0 0
9
Gksudo running graphical commands as root on Ubuntu

.

Gksudo

is a frontend to sudo to start graphical applications (edit and modify) as root, For example to edit the configuration file using Gedit graphical text editor remommded to use

gksudo gedit /etc/default/sourcesfile

instead of

sudo gedit /etc/default/sourcesfile

Why using

gksudo

is recommended then

sudo

in this case?. see explanation

here You should never use normal sudo to start graphical applications as root. You should use gksudo (kdesudo on Kubuntu) to run such programs.

Run graphical applications as root with

sudo

, they may save their configuration files in home directory and these files may be owned by root and this causes inaccessible when you're not running as root.

Installation & Use
Gksu not installed by default to use gksudo command install gksu first using this command:

sudo apt-get install gksu

As mention above

gksudo

running...

0 0
10

On 05/02/2012 07:00 AM, Kevin O'Gorman wrote:

> I guess I don't understand access permissions to my display.

>

> If I become root via "sudo su -", I cannot use gedit or gvim because

> they are unable to open the display.

Works for me:

$ sudo -i
# gedit
# gvim

(Unbuntu 11.04, 11.10, 12.04)

>
> If I start them as "sudo gedit somefile" it works, but when I'm doing
> serious admin work, I consider this tedious.

Ummm, in standard user you should be using gksudo or kdesudo instead:

https://help.ubuntu.com/community/RootSudo
http://ubuntuforums.org/showpost.php?p=6188826&postcount=4

You've been notified about this before & I consider reminding you of
this tedious.

For new users to this list/Ubuntu, I'll quote from
:


Graphical sudo

You should *never* use normal sudo to start graphical applications as
Root. You should use gksudo (kdesudo...

0 0
11

Security

Skip to questions, Wiki by user kees-cook

Ubuntu has many Security Features, and a Security Team dedicated to keeping users safe and up to date. Please feel free to get involved, or read through the Ubuntu Security FAQ.

Questions

Q: What is the difference between "gksudo nautilus" and "sudo nautilus"?

Tags: security (Next Q), sudo (Next Q), gksu (Next Q)

I've been using gksudo nautilus and sudo nautilus through Alt+F2.

What's the difference? They look very similar!

Tags: security (Next Q), sudo (Next Q), gksu (Next Q)

User: drkenobi

Answer by chris-wilson

Taken from here:

You should never use normal sudo to start graphical applications as root. You should use gksudo (kdesudo on Kubuntu) to run such programs. gksudo sets HOME=/root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by root.

Please note that this is primarily about...

0 0
12
...
0 0
13

As you may know, sudo is the command that allows you to get root access when running a command that needs it.

Example: sudo apt-get install nmap

Because the normal user is not allowed to install packages, it invokes the root priviledges by sudo and does the job.

gksudo for Gnome or kdesudo for KDE does the same thing as sudo, but for the graphical applications (like gEdit).

You should never use sudo to start graphical apps as root, because some files from your home directory may become owned by root.

For example., if you run sudo nautilus, any files that were created in your home directory will get owned by root. The propper command is gksudo nautilus.

All the gksudo or kdesudo do is setting your HOME=~root and copying .Xauthority to a tmp directory, this preventing files getting owned by root accidentally.

To fix stuff after running sudo nautilus, you have to find all the files owned accidentally by root and set the ownership back...

0 0
14

Before I begin, feel free to suggest a better title for this question.

I've registered on Digitalocean and installed a LEMP stack. This is my first time configuring a server from scratch. Even though I picked the LEMP option, I want to host node apps too.

My main concern is, I'm not sure what users should I create, and which of those should have admin priviliges. Also, I want to rely on SSH keys whenever is possible.

For file uploading/dowloading, I'm using Filezilla. When I installed the LEMP stack, I was asked if I wanted to generate a password for root, or use SSH keys. I chose the later option. Right now, I can ssh [email protected] and use my SSH password. Installed ProFTPd and enabled SFTP. /etc/proftpd/authorized_keys/root contains the SSH keys that I use to connect via ssh or Filezilla, to the server. Neither ssh nor Filezilla ask for root's password.

Since I'm the only one who is going to access via SFTP, I think I can get away with this method. If I...

0 0
15

Yes, gksudo or kdesudo were meant to open graphical applications, but sudo-prompt tries to mimic sudo itself (except for the graphical prompt) and I would like for it to provide the same guarantees as sudo as far as possible.

If we were to support graphical applications, there would be a few more things beyond ENV we might need to do, and it would be difficult to handle all the edge cases for different applications running as root, see: http://askubuntu.com/questions/270006/why-should-users-never-use-normal-sudo-to-start-graphical-applications

We did look into only providing elevation when necessary, however had trouble forking an elevated Electron process in a packaged application given that when packaged, the Electron executable seems to be locked in to running a specific application (the one that is has been packaged with). Do you know a solution to this problem?

By packaged application, do you mean a Linux package, e.g. something distributed through...

0 0
16


This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

What's the Issue?
Since most Ubuntu documentation asks you to use sudo even with graphical applications, I often get asked by Ubuntu users why I recommend gksudo or kdesudo for graphical applications instead of sudo.

For example, a lot of guides (including the first book ever published about Ubuntu) will ask you to type this sort of command:

sudo gedit /etc/apt/sources.list

I will always recommend, however, that people use instead this sort of command:

gksudo gedit /etc/apt/sources.list

And reserve sudo for command-line applications, like so:

sudo nano /etc/apt/sources.list

Why is it an issue?
Well, to be perfectly honest, most of the time it isn't. For a lot of applications, you can run them the improper way—using sudo for graphical applications and see no adverse side effects.

1. There...

0 0