Camaleón wrote: > Bob Proulx wrote: > > Sthu Deus wrote: > >> I can not run two applications w/ gksu: > >> > >> chromium and > >> qbittorrent > > > > Why do you want to run those applications as root? You should not do > > this. Neither of those applications are designed for being run as root. > > Those should be run as a normal non-root user. > > (...) > > Just a comment on this. > > There are situations that require you to run GUI based apps as root.
Sure. For example Synaptic is in that category. Synaptic is a GUI and requires root and is designed to be run as root. A perfect match for gksu (or apparently the new policy kit layer) and no complaints from me about it. (I don't use Synaptic myself however.) > For instance, I have to run Firefox/Thunderbird with admin priviledges in > order to get them updated because they were installed system wide and > plain users do not have the rights to run the upgrade routine and apply > the delta patches. That is a much different case. You *have already* run it as root in order to install it that way and then are wanting to use the embedded software update mechanism to upgrade it. I disagree with it. But I can certainly respect you doing it that way for your system. Philosophically I completely disagree with doing things that way. For example with Firefox I will install it on Stable from the mozilla.debian.net site as a native Debian package and I will keep it updated from there as a native Debian package. That gives me a very repeatable install and deployment mechanism. Using a non-packaged "file splat installer" such as the embedded one doesn't agree with me. I feel that installing using the native Debian package manager gives me a better system cleanliness. Same for using the nVidia installer. Same for using the Adobe Flash installer. Same for [...] fill in the installer there. In those cases where I have no choice but to use a file splat installer I always create a new non-root user to hold the files. That way the files can be installed safely because I know that they cannot crawl out of the user security layer. Later when I can get away from the file splat installer then I can be assured of being able to completely clean up the files that were left behind. Sometimes I create the installation in a chroot so as to keep a containment layer around it. If I had run a file splat installer as root then I can never be completely sure that I have cleaned it up. Since for me being able to upgrade machines is an important value once I have dirtied the system with a root splat across the system then I would never know for sure if I had things back into a good state or not. I would be compelled to start again with a fresh installation at some point. The concept of throw-away systems chafes against my nervous system like the sound of fingernails on a chalkboard. Someone will certainly ask, "What about MS Windows where there is no other installer and updater?" On a MS Windows machine I would install and update Firefox using the Firefox updater simply because on Windows every system installation is already a throw-away installation. You know the saying about Windows. You can't install it just once. Windows doesn't have the capability of upgrades in any comparable way to Debian. And that is one of the reasons I am running Debian instead. > Of course, it does not mean I have to browse the web or keeping the MUA > using the root session, I update the programs and quit ;-) Good plan! > Also, running an application as root is usually the fastest way to debug > configurations issues with your current user. But if you are root then you can easily become the user you are wishing to debug. Then running as that user should enable you to debug that user issue. And running as root can create new problems that confounds the problem. And running those third person programs as root opens you up to social engineering attacks against root. If they are good then you will never know you were cracked. > Another example: My main system only has two users ("sm01" which is my > plain user and "root") so if a GUI application is behaving in the wrong > way it's quicker to run it with "gksu" than creating a new user and test > with it. I think that case description is lacking just enough details that you are "taking for granted" but not stating that I can't say one way or the other. You are smart enough to have reasonable judgment and I will trust you on it but I wouldn't recommend it. I will say that I often create test users specifically to test out something and then clean things up afterward. Of course that is very easy to do. And I also use Xephyr (faster xnest clone) to test GUI applications, other window managers, that type of thing. And there is always actually logging in using 'ssh -X' and throwing the display too. With the appropriate cautions there too. Bob
signature.asc
Description: Digital signature