> > gksudo -u user2 /usr/bin/links2 -g # does not work > > Needs a terminal. How can it work without one? It can't. Right at > this point is where thing went wrong for you. links2 reads stdin and > writes stdout and expects TERM to tell it what type of terminal escape > sequences to use. But you have asked gksudo to launch it into the > background. That can't work. You will end up with both your shell > and the links2 program reading from your keyboard at the same time. Contrary to sudo behavior, gksudo understood -g option as itself option and not, as I expected, as option for links2 to enable graphics mode. This works: gksudo -u user2 "/usr/bin/links2 -g" > The above all suffer from the problem of running the text browser as > root. Why are you trying to do this? I don't understand any benefit > from doing so. And I see some problems with doing so. Please say a > few words about what led you to doing it that way. Since it is a web > browser it doesn't benefit you by running it as root. I am not running it as root, user2 != root. There are many advantages of running every task with separate user account. In general, you have better control, because you can differentiate various tasks based on running user. For example, you can tell iptables to allow port 80 from web browser and not from other apps: iptables -P OUTPUT DROP iptables -A OUTPUT -p tcp --dport 80 -m owner --uid-owner web -j ACCEPT Another example, if an attacker gets your web user account, he won't be able to read your emails. So you will force him to get root privileges :) . In fact, your question sounds like you asked: "Why we have all those user accounts in /etc/passwd since only root and normal user are necessary" :) > > Bob Thanks
Attachment:
signature.asc
Description: PGP signature