FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 04-05-2008, 09:13 AM
Markus Schönhaber
 
Default sudo vs. gksu

Nils Kassube wrote:

> With sudo some applications access / modify the user's config files as
> root. From then on they are owned by root and the user can no longer
> access / modify them. That leads to unusual error messages which only
> long time users can trace back to the permission problem. With gksu (or
> kdesu if you use kde) this problem is avoided.

Thanks for the explanation, Nils, Mario.

Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-05-2008, 10:18 AM
Tony Arnold
 
Default sudo vs. gksu

Markus,

Markus Schönhaber wrote:
> Mario Vukelic wrote:
>
>> No, gksu _is the right tool to use. sudo should never be used to start
>> graphical applications, as this could cause problems:
>>
>> https://help.ubuntu.com/community/RootSudo (in the "Notes" section)
>
> Since the above page only says "don't do it!" but doesn't explain what
> might happen otherwise: what problems are to be expected if one starts a
> graphical application with sudo?

I don't think there is any difference. gksudo is just a graphical
front-end to sudo. Both end up running the application as root and thus
have all the access that root has. Users should only do this if they
really need such access.

Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold@manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-05-2008, 01:11 PM
Tony Arnold
 
Default sudo vs. gksu

Nils Kassube wrote:
> Markus Schönhaber wrote:
>> Mario Vukelic wrote:
>>> No, gksu _is the right tool to use. sudo should never be used to
>>> start graphical applications, as this could cause problems:
>>>
>>> https://help.ubuntu.com/community/RootSudo (in the "Notes" section)
>> Since the above page only says "don't do it!" but doesn't explain what
>> might happen otherwise: what problems are to be expected if one starts
>> a graphical application with sudo?
>
> With sudo some applications access / modify the user's config files as
> root. From then on they are owned by root and the user can no longer
> access / modify them. That leads to unusual error messages which only
> long time users can trace back to the permission problem. With gksu (or
> kdesu if you use kde) this problem is avoided.

Can you explain how this problem is avoided with gksu, or gksudo? So far
as I can see using one of these causes the application to run with UID
of 0, i.e., root. The app has no knowledge of how it was invoked, so any
files is creates will be owned by root.

Your explanation applies to running any app, not just graphical ones.

Regards,
Tony.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-05-2008, 01:28 PM
Mario Vukelic
 
Default sudo vs. gksu

On Sat, 2008-04-05 at 14:11 +0100, Tony Arnold wrote:
> Can you explain how this problem is avoided with gksu, or gksudo? So far
> as I can see using one of these causes the application to run with UID
> of 0, i.e., root. The app has no knowledge of how it was invoked, so any
> files is creates will be owned by root.
>
> Your explanation applies to running any app, not just graphical ones.

http://www.psychocats.net/ubuntu/graphicalsudo


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-05-2008, 03:36 PM
Markus Schönhaber
 
Default sudo vs. gksu

Tony Arnold wrote:

> Nils Kassube wrote:

>> With sudo some applications access / modify the user's config files as
>> root. From then on they are owned by root and the user can no longer
>> access / modify them. That leads to unusual error messages which only
>> long time users can trace back to the permission problem. With gksu (or
>> kdesu if you use kde) this problem is avoided.
>
> Can you explain how this problem is avoided with gksu, or gksudo? So far
> as I can see using one of these causes the application to run with UID
> of 0, i.e., root. The app has no knowledge of how it was invoked, so any
> files is creates will be owned by root.

AFAICS gksudo changes HOME to /root (or to the home directory of the
user it executes the command under). So, the files created will, in
fact, be owned by root. But if those files are created in $HOME they are
created in ~ of the user changed to, not in ~ of the user issuing gksudo.
Maybe, the same effect could be achieved by using sudo -H instead of gksudo.

> Your explanation applies to running any app, not just graphical ones.

Indeed. But as I understand it, it's the graphical apps which are
considered most likely to cause problems for the average user.

Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-05-2008, 05:31 PM
Karl Larsen
 
Default sudo vs. gksu

Mario Vukelic wrote:
> On Sat, 2008-04-05 at 14:11 +0100, Tony Arnold wrote:
>
>> Can you explain how this problem is avoided with gksu, or gksudo? So far
>> as I can see using one of these causes the application to run with UID
>> of 0, i.e., root. The app has no knowledge of how it was invoked, so any
>> files is creates will be owned by root.
>>
>> Your explanation applies to running any app, not just graphical ones.
>>
>
> http://www.psychocats.net/ubuntu/graphicalsudo
>
>
>
From what I have heard it appears that control files of the GUI
application can take on root privledge from using sudo. I am going to
run an experiment where I use nothing but sudo with gedit and pay
attention to the control files. I use joe as an editor in a terminal and
it has never had a problem when used in a root terminal.

Karl



--

Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-05-2008, 05:38 PM
Tony Arnold
 
Default sudo vs. gksu

Markus,

Markus Schönhaber wrote:
> Tony Arnold wrote:
>
>> Nils Kassube wrote:
>
>>> With sudo some applications access / modify the user's config files as
>>> root. From then on they are owned by root and the user can no longer
>>> access / modify them. That leads to unusual error messages which only
>>> long time users can trace back to the permission problem. With gksu (or
>>> kdesu if you use kde) this problem is avoided.
>> Can you explain how this problem is avoided with gksu, or gksudo? So far
>> as I can see using one of these causes the application to run with UID
>> of 0, i.e., root. The app has no knowledge of how it was invoked, so any
>> files is creates will be owned by root.
>
> AFAICS gksudo changes HOME to /root (or to the home directory of the
> user it executes the command under). So, the files created will, in
> fact, be owned by root. But if those files are created in $HOME they are
> created in ~ of the user changed to, not in ~ of the user issuing gksudo.
> Maybe, the same effect could be achieved by using sudo -H instead of gksudo.

OK, I understand what s going on now. Mario's URL he posted earlier was
very helpful.

It's a shame the man page for gksudo does not appear to explain this; it
says is a GUI front-end for sudo!

>> Your explanation applies to running any app, not just graphical ones.
>
> Indeed. But as I understand it, it's the graphical apps which are
> considered most likely to cause problems for the average user.

Yes, that's probably true.

As is quite often the case, the reasons behind a simple instruction
turns out to be quite complicated!

Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold@manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-06-2008, 07:37 AM
"Michael R. Head"
 
Default sudo vs. gksu

On Sat, 2008-04-05 at 15:28 +0200, Mario Vukelic wrote:
> On Sat, 2008-04-05 at 14:11 +0100, Tony Arnold wrote:
> > Can you explain how this problem is avoided with gksu, or gksudo? So far
> > as I can see using one of these causes the application to run with UID
> > of 0, i.e., root. The app has no knowledge of how it was invoked, so any
> > files is creates will be owned by root.
> >
> > Your explanation applies to running any app, not just graphical ones.
>
> http://www.psychocats.net/ubuntu/graphicalsudo

That page says that "sudo nano /etc/apt/sources.list" is a good idea.
It isn't, and for the same reason graphical apps shouldn't be run
through sudo -- nano will create/edit extra files in your home
directory. In fact, there's a command called "sudoedit" which solves the
problem.

>
--
Michael R. Head <burner@suppressingfire.org>
http://www.cs.binghamton.edu/~mike/
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-06-2008, 11:40 AM
Karl Larsen
 
Default sudo vs. gksu

Michael R. Head wrote:
> On Sat, 2008-04-05 at 15:28 +0200, Mario Vukelic wrote:
>
>> On Sat, 2008-04-05 at 14:11 +0100, Tony Arnold wrote:
>>
>>> Can you explain how this problem is avoided with gksu, or gksudo? So far
>>> as I can see using one of these causes the application to run with UID
>>> of 0, i.e., root. The app has no knowledge of how it was invoked, so any
>>> files is creates will be owned by root.
>>>
>>> Your explanation applies to running any app, not just graphical ones.
>>>
>> http://www.psychocats.net/ubuntu/graphicalsudo
>>
>
> That page says that "sudo nano /etc/apt/sources.list" is a good idea.
> It isn't, and for the same reason graphical apps shouldn't be run
> through sudo -- nano will create/edit extra files in your home
> directory. In fact, there's a command called "sudoedit" which solves the
> problem.
>
>
I tried "sudoedit" and it brought up "joe" to edit a root file. I
have joe set up as my default edit. So what comes up depends on what you
set.


Karl


--

Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 04-06-2008, 12:57 PM
Mario Vukelic
 
Default sudo vs. gksu

On Sat, 2008-04-05 at 11:31 -0600, Karl Larsen wrote:
> I am going to run an experiment where I use nothing but sudo with
> gedit and pay attention to the control files. I use joe as an editor
> in a terminal and it has never had a problem when used in a root
> terminal.

1. Joe is not an X application, and the linked site explains that
mainly those are affected
2. Why run the risk or, even worse, guide newbies into taking this
risk? gksu has just as many characters to type as sudo and is
safe for X apps, so why not use it?


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 06:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org