[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gksu: Couldn't set environment variable...

On Sat, 26 Nov 2011 17:00:13 -0700, Bob Proulx wrote:

> Camaleón wrote:
>> Bob Proulx wrote:
>> > Sthu Deus wrote:
>> >> I can not run two applications w/ gksu:
>> >> 
>> >> chromium and
>> >> qbittorrent
>> > 
>> > Why do you want to run those applications as root?  You should not do
>> > this.  Neither of those applications are designed for being run as
>> > root.
>> >  Those should be run as a normal non-root user.
>> (...)
>> Just a comment on this.
>> There are situations that require you to run GUI based apps as root.
> Sure.  For example Synaptic is in that category.  Synaptic is a GUI and
> requires root and is designed to be run as root.  A perfect match for
> gksu (or apparently the new policy kit layer) and no complaints from me
> about it.  (I don't use Synaptic myself however.)

That's a good example. So let's no demonize "per se" that someone runs a 
GUI based application as root. Different user-cases, programs and 
situations do need it.

>> For instance, I have to run Firefox/Thunderbird with admin priviledges
>> in order to get them updated because they were installed system wide
>> and plain users do not have the rights to run the upgrade routine and
>> apply the delta patches.
> That is a much different case.  You *have already* run it as root in
> order to install it that way and then are wanting to use the embedded
> software update mechanism to upgrade it.  I disagree with it.  But I can
> certainly respect you doing it that way for your system.


I *had* to do it. Icedove (at least, it is not clear if Iceweasel did it 
also) dropped security patches for Lenny months ago (see DSA-2273) so I 
had no chance but going to the upstream packages ;-(

And I preferred to have it installed both applications system wide so 
others users can benefit from it without having to have the binaries 
replicated in every /home.

>> Also, running an application as root is usually the fastest way to
>> debug configurations issues with your current user.
> But if you are root then you can easily become the user you are wishing
> to debug.  Then running as that user should enable you to debug that
> user issue.  And running as root can create new problems that confounds
> the problem.  And running those third person programs as root opens you
> up to social engineering attacks against root.  If they are good then
> you will never know you were cracked.


That's not the case for the kind of problems I am talking about which are 
by far more simple that you think ;-). 

For instance, one time I messed up my user's Firefox profile so badly 
that tool bars dissapeared. By launching it with "gksu" I could see that 
this was not happening for the root's Firefox profile (that was almost 
empty because it is not used) so by making a deep inspection of my user's 
profile I finally discovered the problem was generated because some files 
had bad perms. Restoring them solved the issue.

What I want to say is that there is no problem for running GUI (or non-
GUI) applications as root if you now what you are doing. I always avoid 
saying users "hey, do not do that!" but instead explain to them the 
reasons (risks) for such action so they can decide with confidence and 
not based on unfounded tales.



Reply to: