FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 02-14-2011, 07:33 AM
Roberto Ragusa
 
Default concurrent users (was: how to run kdesu without asking password?)

On 02/12/2011 02:29 PM, Tim wrote:
> On Sat, 2011-02-12 at 01:19 -0800, erikmccaskey64 wrote:
>
>> I just need it for "bigger security". i don't only want to run
>> transmission-gtk with another user, i want to run e.g.: Google Chrome
>> too. [run application with a user that has low permissions results in
>> bigger sec.]
>
> I'm curious to know in what way have you made this other user more
> restricted.

That is simple. If a program runs as a different user, it simply
does not have access to your main user data (e.g. firefox bookmarks
or cookies, saved email, and all your documents).

I personally use this method to separate high importance stuff
(dedicated user for online banking) or throw-away stuff
(another dedicated user).

It is also a very good way to have more sets of settings for a single
applications: you have your independent personal firefox and pidgin and
your "work" firefox and pidgin. (yes, I know about firefox profiles,
but this way is better)

I used to run things with kdesu but got into problems (environment handling?).

I take the opportunity to share how I currently do that.
I have this script, called xroot:

echo "echo "`xauth nextract - :${DISPLAY#*:}`" | xauth nmerge -"

So I open a terminal and run xroot, the output is something like (xxx as placeholder):

echo "0100 0008 7xxx4 0001 30 0012 4xxx1 0010 fxxxc" | xauth nmerge -

I copy this text into the clipboard.
Then I run:

su -l secondaryuser

and then paste the text.

Now, you can run applications (xclock if you want to check that X is ok).

This is more efficient than the "ssh localhost" way and more secure than
the "xhost +" way.

Only issues are pulseaudio and all the "session-aware" things which are so
fashionable nowadays.

--
Roberto Ragusa mail at robertoragusa.it
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 10:06 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org