Camaleón wrote: > Bob Proulx wrote: > > Sthu Deus wrote: > >> I can not run two applications w/ gksu: > >> > >> chromium and > >> qbittorrent > > > > Why do you want to run those applications as root? You should not do > > this. Neither of those applications are designed for being run as root. > > Those should be run as a normal non-root user. > > (...) > > Just a comment on this. > > There are situations that require you to run GUI based apps as root.
Sure. For example Synaptic is in that category. Synaptic is a GUI
and requires root and is designed to be run as root. A perfect match
for gksu (or apparently the new policy kit layer) and no complaints
from me about it. (I don't use Synaptic myself however.)
> For instance, I have to run Firefox/Thunderbird with admin priviledges in
> order to get them updated because they were installed system wide and
> plain users do not have the rights to run the upgrade routine and apply
> the delta patches.
That is a much different case. You *have already* run it as root in
order to install it that way and then are wanting to use the embedded
software update mechanism to upgrade it. I disagree with it. But I
can certainly respect you doing it that way for your system.
Philosophically I completely disagree with doing things that way. For
example with Firefox I will install it on Stable from the
mozilla.debian.net site as a native Debian package and I will keep it
updated from there as a native Debian package. That gives me a very
repeatable install and deployment mechanism. Using a non-packaged
"file splat installer" such as the embedded one doesn't agree with me.
I feel that installing using the native Debian package manager gives
me a better system cleanliness. Same for using the nVidia installer.
Same for using the Adobe Flash installer. Same for [...] fill in the
installer there.
In those cases where I have no choice but to use a file splat
installer I always create a new non-root user to hold the files. That
way the files can be installed safely because I know that they cannot
crawl out of the user security layer. Later when I can get away from
the file splat installer then I can be assured of being able to
completely clean up the files that were left behind. Sometimes I
create the installation in a chroot so as to keep a containment layer
around it.
If I had run a file splat installer as root then I can never be
completely sure that I have cleaned it up. Since for me being able to
upgrade machines is an important value once I have dirtied the system
with a root splat across the system then I would never know for sure
if I had things back into a good state or not. I would be compelled
to start again with a fresh installation at some point. The concept
of throw-away systems chafes against my nervous system like the sound
of fingernails on a chalkboard.
Someone will certainly ask, "What about MS Windows where there is no
other installer and updater?" On a MS Windows machine I would install
and update Firefox using the Firefox updater simply because on Windows
every system installation is already a throw-away installation. You
know the saying about Windows. You can't install it just once.
Windows doesn't have the capability of upgrades in any comparable way
to Debian. And that is one of the reasons I am running Debian
instead.
> Of course, it does not mean I have to browse the web or keeping the MUA
> using the root session, I update the programs and quit ;-)
Good plan!
> Also, running an application as root is usually the fastest way to debug
> configurations issues with your current user.
But if you are root then you can easily become the user you are
wishing to debug. Then running as that user should enable you to
debug that user issue. And running as root can create new problems
that confounds the problem. And running those third person programs
as root opens you up to social engineering attacks against root. If
they are good then you will never know you were cracked.
> Another example: My main system only has two users ("sm01" which is my
> plain user and "root") so if a GUI application is behaving in the wrong
> way it's quicker to run it with "gksu" than creating a new user and test
> with it.
I think that case description is lacking just enough details that you
are "taking for granted" but not stating that I can't say one way or
the other. You are smart enough to have reasonable judgment and I
will trust you on it but I wouldn't recommend it.
I will say that I often create test users specifically to test out
something and then clean things up afterward. Of course that is very
easy to do. And I also use Xephyr (faster xnest clone) to test GUI
applications, other window managers, that type of thing. And there is
always actually logging in using 'ssh -X' and throwing the display too.
With the appropriate cautions there too.
Bob
signature.asc
Description: Digital signature
