trinidad » 2019-11-01 13:46

Using a graphical editor with sudo, gksu{,do} or su-to-root runs the whole application with root privileges for the entire time it is open, that's why it's such a bad idea. Any bugs in the program or the underlying graphics stack will be exposed with elevated permissions

It was never acceptable, rootless X is a major improvement

Two good answers. As far as GDM it is very configurable, and coupled with rootless X it also makes the installation of badly supported video cards and chips easier to get to. When I do new installs on newer hardware by default GDM loads but pauses at the cursor prompt during boot. This allows ctrl+alt+F2 to console and login from either root or user. GDM is well thought out and designed for the adoption of but not forced usage of wayland. You can start whichever you like with or without the GUI. I think Buster has done a good job with GDM for going forward toward modern hardwares where support can be sketchy. This is not to say that old timey desktop users are going to be happy with it. I have never used GKSU (though I was using SUSE enterprise until Jesse came out) and on my personl Stretches I use gnome-commander. I have one Buster configured and running now and it was selectively installed from the CLI with no problems at all other than normal firefox glitches. I use SSH X11 forwarding a lot and so far it transitions from wayland to X without a puff of smoke. I think Debian has done a nice bit of work with Buster and widened the playing field, rather than shrunk it. Where I live every couple of years they change the routes and numbers of major highways, so much so that GPSs and OnStar can't keep up. I travel a lot so I keep an old state map in the glovebox just in case. Combining new and old is sometimes neccessary, but actually ill advised for GKSU.

None1975 » 2019-11-01 13:51

wizard10000 wrote: Wonder how many folks here are running X as root?:D

Maybe they came from windows word?
Deb-fan » 2019-11-01 14:02

Hey Trinidad no worries is good to hear people's opinions. Mine here is obvious though will eventually very likely embrace polkit and policy files but for now gksu/do suits me. Mentioned it was used forever without problems. The lack of maintenance and any security issues were present for quite awhile without any incident. Still can't discount them as trivial and will have to find a better and more approved of practice after while. Until then am fine with gksu and any risk use of it entails, shrugs.

HOWEVER ... AM NOT SAYING ANYONE ELSE SHOULD DO THIS. Was never the intent of starting the thread, only wanted to share some info about it being possible and an option for those who might feel the same as myself about graphical apps + privs. :)
