YARARQ

If none of the more specific forums is the right place to ask

YARARQ

Postby millpond » 2019-01-05 19:41

Yet Another Root Account Relate Question

First of all, to make perfectly clear:
This is not about how to logn as Root.
I already know how to do that, and to get GTK working, and even to recompile recalcitrant software like VLC.

As a root account I need to know how to run web faced software under USER credentials.
ie. I want to run one browser as root on a few selected sites, but want Firefox and others to run as the user account.

As a user account sudo, sudo -H, and all that other gibberish does not work for what I need and want to do.

I am reconstituting a massive development system that had crashed a while back.
I did not particularly like Jessie, so I pretty much ignored Linux for about two years.

I took a shot at Buster/Sid, and seem to like it a lot better, and it suits my needs for up to date Perl, Python, Ruby, etc - and I dont really care about the occasional bug. This is a SINGLE USER system where I dont give a rats butt about local network security. There is no wireless on it, so there should be minimal security risks, as it is behind two NAT firewalls.

I can switch sessions, but that puts a notable drag on system performance. As would VM as this older system is C2Q.

System is LightDM running SDDM with Wayland disabled.

Looking for something like : sudo user appname : sudo xxx firefox (keeping in mind that this is FROM a rooted terminal).
Dunno if the fact that all passwords here are the same would affect anything.
millpond
 
Posts: 634
Joined: 2014-06-25 04:56

Re: YARARQ

Postby Head_on_a_Stick » 2019-01-05 22:18

Just curious...
millpond wrote:As a root account I need to know how to run web faced software under USER credentials.

Why?
"French riots get results! U lot are instagram zzzombies" — graffiti over Euston underpass
User avatar
Head_on_a_Stick
 
Posts: 8590
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: YARARQ

Postby millpond » 2019-01-06 07:57

Why not?

I prefer system management as superuser.

And for certain apps like p2p I have my own traditional directory structure. That does not get along with file based security on a user level.

MY idea of security is to deny a user account ALL access to system utilities, and only permit consumption apps. SU in reverse.
In this manner SeLinux can work as its supposed to, and if some vermin do sneak in regardless - its no big deal. Theres no personal info on this machine. Or servers running.

I have no qualms about switching to a user account when simply browsing, but have no intenion of reaching for keyboard when not absolutely necessary. Its dark in here when the lil lady is asleep.

This is SID.
I am more concerned about slipshod software than evil hackers here. And prepared for both.
millpond
 
Posts: 634
Joined: 2014-06-25 04:56

Re: YARARQ

Postby Head_on_a_Stick » 2019-01-06 12:33

How about
Code: Select all
su -c 'firefox' - $user

Replace $user with the actual user name.

Untested :)
"French riots get results! U lot are instagram zzzombies" — graffiti over Euston underpass
User avatar
Head_on_a_Stick
 
Posts: 8590
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: YARARQ

Postby millpond » 2019-01-06 17:40

With $user , spawns another root terminal
with user:
Error: no DISPLAY environment variable specified
(yes, $user, user replaced by actual account name!)

I have no qualms about running multiple copies in /opt.
Is there a reverse SUID to allow a program to start off under the superuser, and then immediately drop to the owner/user account privelidges?

-
millpond
 
Posts: 634
Joined: 2014-06-25 04:56

Re: YARARQ

Postby Bulkley » 2019-01-06 19:04

millpond, what about using one of the minimalist browsers such as Dillo, Lynx or Min? If you find one that does what you need you could use it exclusively for that purpose, never exposing it to the Internet.
Bulkley
 
Posts: 5704
Joined: 2006-02-11 18:35

Re: YARARQ

Postby Head_on_a_Stick » 2019-01-06 19:47

millpond wrote:Error: no DISPLAY environment variable specified

Try
Code: Select all
DISPLAY=:0 su -c 'firefox' - $user

Check if the DISPLAY variable is correct first:
Code: Select all
echo $DISPLAY

EDIT: or maybe
Code: Select all
su -c 'DISPLAY=:0 firefox' - $user
"French riots get results! U lot are instagram zzzombies" — graffiti over Euston underpass
User avatar
Head_on_a_Stick
 
Posts: 8590
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: YARARQ

Postby millpond » 2019-01-08 01:13

su -c 'DISPLAY=:0 firefox' - $user

Seems to work, many thanks.

But the problem for me now is logging in as root....

I decided I didnt need to do a backup when installing something as simple as Haskell.
Big mistake.
Something snuck through and updated some key files - which while now i can login as root from the greeter renders the session useless most of the time because plasmasession and/or kwin go nuts, at 100% CPU. Oddly ant ALL the time, but enough to put me back into the user login with a dozen rooted tabs in an Xterm. Fortunately I dont need to type in passwords there. Fixed that.

Ahh, the joys of SID

As far as the browser goes,I do need a modern one, as the ancient ones are only useful for local servers with simple HTML.
millpond
 
Posts: 634
Joined: 2014-06-25 04:56


Return to General Questions

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable