Yet Another Root Account Relate Question
First of all, to make perfectly clear:
This is not about how to logn as Root.
I already know how to do that, and to get GTK working, and even to recompile recalcitrant software like VLC.
As a root account I need to know how to run web faced software under USER credentials.
ie. I want to run one browser as root on a few selected sites, but want Firefox and others to run as the user account.
As a user account sudo, sudo -H, and all that other gibberish does not work for what I need and want to do.
I am reconstituting a massive development system that had crashed a while back.
I did not particularly like Jessie, so I pretty much ignored Linux for about two years.
I took a shot at Buster/Sid, and seem to like it a lot better, and it suits my needs for up to date Perl, Python, Ruby, etc - and I dont really care about the occasional bug. This is a SINGLE USER system where I dont give a rats butt about local network security. There is no wireless on it, so there should be minimal security risks, as it is behind two NAT firewalls.
I can switch sessions, but that puts a notable drag on system performance. As would VM as this older system is C2Q.
System is LightDM running SDDM with Wayland disabled.
Looking for something like : sudo user appname : sudo xxx firefox (keeping in mind that this is FROM a rooted terminal).
Dunno if the fact that all passwords here are the same would affect anything.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
YARARQ
-
Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: YARARQ
Just curious...
Why?millpond wrote:As a root account I need to know how to run web faced software under USER credentials.
deadbang
Re: YARARQ
Why not?
I prefer system management as superuser.
And for certain apps like p2p I have my own traditional directory structure. That does not get along with file based security on a user level.
MY idea of security is to deny a user account ALL access to system utilities, and only permit consumption apps. SU in reverse.
In this manner SeLinux can work as its supposed to, and if some vermin do sneak in regardless - its no big deal. Theres no personal info on this machine. Or servers running.
I have no qualms about switching to a user account when simply browsing, but have no intenion of reaching for keyboard when not absolutely necessary. Its dark in here when the lil lady is asleep.
This is SID.
I am more concerned about slipshod software than evil hackers here. And prepared for both.
I prefer system management as superuser.
And for certain apps like p2p I have my own traditional directory structure. That does not get along with file based security on a user level.
MY idea of security is to deny a user account ALL access to system utilities, and only permit consumption apps. SU in reverse.
In this manner SeLinux can work as its supposed to, and if some vermin do sneak in regardless - its no big deal. Theres no personal info on this machine. Or servers running.
I have no qualms about switching to a user account when simply browsing, but have no intenion of reaching for keyboard when not absolutely necessary. Its dark in here when the lil lady is asleep.
This is SID.
I am more concerned about slipshod software than evil hackers here. And prepared for both.
-
Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: YARARQ
With $user , spawns another root terminal
with user:
Error: no DISPLAY environment variable specified
(yes, $user, user replaced by actual account name!)
I have no qualms about running multiple copies in /opt.
Is there a reverse SUID to allow a program to start off under the superuser, and then immediately drop to the owner/user account privelidges?
-
with user:
Error: no DISPLAY environment variable specified
(yes, $user, user replaced by actual account name!)
I have no qualms about running multiple copies in /opt.
Is there a reverse SUID to allow a program to start off under the superuser, and then immediately drop to the owner/user account privelidges?
-
Re: YARARQ
millpond, what about using one of the minimalist browsers such as Dillo, Lynx or Min? If you find one that does what you need you could use it exclusively for that purpose, never exposing it to the Internet.
-
Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: YARARQ
Trymillpond wrote:Error: no DISPLAY environment variable specified
Code: Select all
DISPLAY=:0 su -c 'firefox' - $userCode: Select all
echo $DISPLAYCode: Select all
su -c 'DISPLAY=:0 firefox' - $userdeadbang
Re: YARARQ
su -c 'DISPLAY=:0 firefox' - $user
Seems to work, many thanks.
But the problem for me now is logging in as root....
I decided I didnt need to do a backup when installing something as simple as Haskell.
Big mistake.
Something snuck through and updated some key files - which while now i can login as root from the greeter renders the session useless most of the time because plasmasession and/or kwin go nuts, at 100% CPU. Oddly ant ALL the time, but enough to put me back into the user login with a dozen rooted tabs in an Xterm. Fortunately I dont need to type in passwords there. Fixed that.
Ahh, the joys of SID
As far as the browser goes,I do need a modern one, as the ancient ones are only useful for local servers with simple HTML.
Seems to work, many thanks.
But the problem for me now is logging in as root....
I decided I didnt need to do a backup when installing something as simple as Haskell.
Big mistake.
Something snuck through and updated some key files - which while now i can login as root from the greeter renders the session useless most of the time because plasmasession and/or kwin go nuts, at 100% CPU. Oddly ant ALL the time, but enough to put me back into the user login with a dozen rooted tabs in an Xterm. Fortunately I dont need to type in passwords there. Fixed that.
Ahh, the joys of SID
As far as the browser goes,I do need a modern one, as the ancient ones are only useful for local servers with simple HTML.