Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

My solution to gksu being deprecated/Buster.

Here you can discuss every aspect of Debian. Note: not for support requests!
Message
Author
Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: My solution to gksu being deprecated/Buster.

#31 Post by Deb-fan »

Here, here NFT5 ! :) For real, it's your OS, we're all free to setup and config in a way that works best for each of us. One of the many great things about Debian and gnu/Linux period. How many years did all these people who are flipping out and self righteously strutting around shaking fingers at people use gksu/do ? How many times did it blow up their computer(s) or kill them etc ? :D

Like I said some folks here clearly need to get over themselves. Don't remember any vote in which any of these dudes were elected the grand imperial poobah or high mucky muck over anyone else on this forum.

Also just for the record Bulkley and NFT5, what Wizard10k if referring too is the fact that every display manager other than GDM = (gnome display manager of course)starts the X process as root. Pop open a terminal on your system and watch in "top". It'll show who owns the process, if its root, it'll say it.
Note: I know lightdm does, I don't even have a DM anyway, really don't care if the X process is running as root regardless. Though w/o a DM, the Xorg process is running under my user. It's been awhile so not 100% all DM's other than GDM do so either. Oh well, life goes on fellow nixers. :)
Last edited by Deb-fan on 2019-11-01 05:39, edited 1 time in total.
Most powerful FREE tech-support tool on the planet * HERE. *

User avatar
NFT5
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 597
Joined: 2014-10-10 11:38
Location: Canberra, Australia
Has thanked: 10 times
Been thanked: 43 times

Re: My solution to gksu being deprecated/Buster.

#32 Post by NFT5 »

pcalvert wrote:What about using su-to-root instead of gksu, like this?:

Code: Select all

su-to-root -X -c <application>
Nope.

Code: Select all

chris@BOSSDESK:~$ su-to-root -X -c dolphin
kdesu(13194)/kdesu (kdelibs) KDESu::PtyProcess::exec: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/process.cpp : 293 ]  Running "/usr/bin/su"
kdesu(13194)/kdesu (kdelibs) KDESu::SuProcess::ConverseSU: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/su.cpp : 259 ]  Read line "Password: "
kdesu(13194)/kdesu (kdelibs) KDESu::PtyProcess::exec: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/process.cpp : 293 ]  Running "/usr/bin/su"
kdesu(13194)/kdesu (kdelibs) KDESu::SuProcess::ConverseSU: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/su.cpp : 259 ]  Read line "Password: "
kdesu(13194)/kdesu (kdelibs) KDESu::PtyProcess::WaitSlave: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/process.cpp : 379 ]  Child pid 13199
kdesu(13194)/kdesu (kdelibs) KDESu::SuProcess::ConverseSU: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/su.cpp : 259 ]  Read line ""
kdesu(13194)/kdesu (kdelibs) KDESu::SuProcess::ConverseSU: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/su.cpp : 259 ]  Read line "kdesu_stub"
kdesu(13194)/kdesu (kdelibs) KDESu::PtyProcess::exec: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/process.cpp : 293 ]  Running "/usr/bin/su"
kdesu(13194)/kdesu (kdelibs) KDESu::SuProcess::ConverseSU: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/su.cpp : 259 ]  Read line "Password: "
kdesu(13194)/kdesu (kdelibs) KDESu::PtyProcess::WaitSlave: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/process.cpp : 379 ]  Child pid 13202
kdesu(13194)/kdesu (kdelibs) KDESu::SuProcess::ConverseSU: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/su.cpp : 259 ]  Read line ""
kdesu(13194)/kdesu (kdelibs) KDESu::SuProcess::ConverseSU: [ /build/kde4libs-5CvfXW/kde4libs-4.14.38/kdesu/su.cpp : 259 ]  Read line "kdesu_stub"

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: My solution to gksu being deprecated/Buster.

#33 Post by Deb-fan »

Public apology, sorry Sunrat, have no idea why I read what you'd said and interpreted it so harshly. What you'd typed was nowhere near as big a reprimand as I was taking it to be and so ended up lashing out. Sorry fellow nixer ...

Had just gotten done successfully following a tute to do something I was wanting and was popping in to report it and share a link about it. Seen this thread and went cyber berserk ! Though do stand by some of what I'd typed, not directed @ you/Sunrat. Some folks do come off as pretty friggin arrogant in how they treat others, it's belittling in the way they seem to assume oh you're new, therefor you're stupid, can't read, couldn't possibly know how to do competent research etc etc etc. So you just be a good widdle dumbarse and don't touch anything or push any buttons kay ? :D

It's friggin software, wish life were like gnu/Linux, take a few precautions, enter a few commands and it's fresh start, do over. Not like the world hangs in the balance if someone newbish to gnu/Nix breaks an install. Personally think breaking stuff can be a great learning tool. Though saving time and CYB = covering your butt by learning a working backup/restore method can definitely help. You get to break more stuff, in less time thataway. :D
Most powerful FREE tech-support tool on the planet * HERE. *

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: My solution to gksu being deprecated/Buster.

#34 Post by sunrat »

Apology accepted.
Over the years we've had possibly hundreds of posts where people have added the wrong repos and hacked things they shouldn't have hacked. It's very hard to support and best not to encourage it.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: My solution to gksu being deprecated/Buster.

#35 Post by Deb-fan »

^ Nn worries definitely see where you're coming from fellow nixer. The gnu/Nix gawds punished me for being an overly sensitive ahole, the project I'd thought had succeeded, while works is not right. So it's back to the drawing board. Dratz ! Running on coffee fumes here. :)
Most powerful FREE tech-support tool on the planet * HERE. *

User avatar
wizard10000
Global Moderator
Global Moderator
Posts: 557
Joined: 2019-04-16 23:15
Location: southeastern us
Has thanked: 76 times
Been thanked: 85 times

Re: My solution to gksu being deprecated/Buster.

#36 Post by wizard10000 »

Bulkley wrote:Not me. I don't even use sudo. I still use su (although I have added the -) when I need to use access root.
Are you running X using a display manager that's not GDM? If so, X is running under the root account. This is the reason I quit using display managers :)
we see things not as they are, but as we are.
-- anais nin

anticapitalista
Posts: 428
Joined: 2007-12-14 23:16
Has thanked: 12 times
Been thanked: 13 times

Re: My solution to gksu being deprecated/Buster.

#37 Post by anticapitalista »

wizard10000 wrote:
... If so, X is running under the root account. This is the reason I quit using display managers :)
Why is that so 'wrong' now in buster, but was perfectly acceptable in all previous Debian releases?
antiX with runit - lean and mean.
https://antixlinux.com

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: My solution to gksu being deprecated/Buster.

#38 Post by Bulkley »

wizard10000 wrote:Are you running X using a display manager that's not GDM? If so, X is running under the root account. This is the reason I quit using display managers :)
I don't use a display manager. I log in with sx (alias for startx). That's one more thing I haven't been able to do with Buster.

BTW, I use Openbox with Tint2 and keep this thing as simple as possible. I get to listen to music or radio, watch video, play games and do any office stuff I need. It all works so I see no pressing need to change it. I suppose this is the good enough syndrome that frustrates those who make new stuff.

User avatar
wizard10000
Global Moderator
Global Moderator
Posts: 557
Joined: 2019-04-16 23:15
Location: southeastern us
Has thanked: 76 times
Been thanked: 85 times

Re: My solution to gksu being deprecated/Buster.

#39 Post by wizard10000 »

Bulkley wrote:BTW, I use Openbox with Tint2 and keep this thing as simple as possible.
Same. openbox just works :)
we see things not as they are, but as we are.
-- anais nin

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: My solution to gksu being deprecated/Buster.

#40 Post by Head_on_a_Stick »

anticapitalista wrote:
wizard10000 wrote:
... If so, X is running under the root account. This is the reason I quit using display managers :)
Why is that so 'wrong' now in buster, but was perfectly acceptable in all previous Debian releases?
It was never acceptable, rootless X is a major improvement.
deadbang

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: My solution to gksu being deprecated/Buster.

#41 Post by Head_on_a_Stick »

Deb-fan wrote:
^ That will open a copy of the file in gedit as your normal user and only invoke root (via gvfs) to save the file.
Keep having to ask myself, what the hades am I missing here ?!?!?
Using a graphical editor with sudo, gksu{,do} or su-to-root runs the whole application with root privileges for the entire time it is open, that's why it's such a bad idea. Any bugs in the program or the underlying graphics stack will be exposed with elevated permissions.
deadbang

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: My solution to gksu being deprecated/Buster.

#42 Post by Deb-fan »

^ Don't get me wrong I get that, that aspect of it is perfectly clear. Still don't really see much of a benefit and plenty of possible gotcha's and doors left open regardless of what they try to implement. Folks can still run anything as root, truth be told using sudo seldom caused any issues when was new to gnu/Nix and never would if someone used the right flags, at least I don't think it would.

The couple times I did end up messing up file ownership, took all of 20mins to learn what the problem was and the simple fix of chown'ing it back. Another reason newbish folks may want to keep a root account around. Obviously I've elected to keep using gksu, thing will likely remain working fine for the life of Buster if I want to use it and for now I do. Mentioned in previous posts, I've used the dang thing for 8 or so years now without problems. Figure doing so awhile longer isn't going to cause harm. :)

More pointless observations about this nonsense: How long do people tend to leave file-managers running as root normally ? I mean generally if I've launched thunar/etc with priv's it means I'm actively doing something which requires priv's to get done. Not like people just leave one running 24/7 and if they do that's their preference and risk. Though keeping it real, someone could easily enough set things up to login as root or visudo blahblah all commands no password if they please. Which of course was the bane of window$ for a long time, nixers can still do so in mere minutes if that's their decision. Edit: Goes without saying it'd be a bad decision though, shrugs.
Most powerful FREE tech-support tool on the planet * HERE. *

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: My solution to gksu being deprecated/Buster.

#43 Post by pcalvert »

wizard10000 wrote: Are you running X using a display manager that's not GDM? If so, X is running under the root account.
Who the heck thought that was a good idea? It looks like I'll be dumping LightDM soon and going back to using xinit.

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: My solution to gksu being deprecated/Buster.

#44 Post by Deb-fan »

Lol ... this thread, as pretty much every gnu/Linux forum thread ... EVER, has jumped the topic track and headed off into let's talk about anything/everything territory. :D Also as usual I contributed more than my share of off-topicness too. :D

So shall continue, I speculate and wonder, with X running under a user process, not as root, is Xorg no longer vulnerable to the processes snooping on each that I've read about ? I mean user processes likely still but could they snoop on root ones too ? Yeppers xinit = startx, don't have a display manager either. Shameless self promotion goes > here. The snippet about using the .profile file in your users home directory automatically runs startx for someone. Though the stuff for that used in Head_on's tute appears better than what I used for it. Still have it setup the way it is in my stupe tute but meaning to getting around to using his for it (.profile edit.) :)
Edit: @Bulkley what isn't working under Buster ? Method for autologin + startx w/o display manager linked above is confirmed working in Buster. Also 100% sure Head_on's will too, guy knows his gnu/Nix. Of course like my way of doing it, well not so much mine ... Was just grabbed from varied info online but has been very well tested on Stretch, using it in Buster too.
Most powerful FREE tech-support tool on the planet * HERE. *

User avatar
wizard10000
Global Moderator
Global Moderator
Posts: 557
Joined: 2019-04-16 23:15
Location: southeastern us
Has thanked: 76 times
Been thanked: 85 times

Re: My solution to gksu being deprecated/Buster.

#45 Post by wizard10000 »

pcalvert wrote:Who the heck thought that was a good idea? It looks like I'll be dumping LightDM soon and going back to using xinit.
Quite a few people aren't going to be able to do this as X without a display manager requires a modesetting video driver. root has to launch the driver if the kernel can't.

GDM starts X as root and then passes ownership to the user who just logged in.
we see things not as they are, but as we are.
-- anais nin

trinidad
Posts: 290
Joined: 2016-08-04 14:58
Been thanked: 14 times

Re: My solution to gksu being deprecated/Buster.

#46 Post by trinidad »

Using a graphical editor with sudo, gksu{,do} or su-to-root runs the whole application with root privileges for the entire time it is open, that's why it's such a bad idea. Any bugs in the program or the underlying graphics stack will be exposed with elevated permissions
It was never acceptable, rootless X is a major improvement
Two good answers. As far as GDM it is very configurable, and coupled with rootless X it also makes the installation of badly supported video cards and chips easier to get to. When I do new installs on newer hardware by default GDM loads but pauses at the cursor prompt during boot. This allows ctrl+alt+F2 to console and login from either root or user. GDM is well thought out and designed for the adoption of but not forced usage of wayland. You can start whichever you like with or without the GUI. I think Buster has done a good job with GDM for going forward toward modern hardwares where support can be sketchy. This is not to say that old timey desktop users are going to be happy with it. I have never used GKSU (though I was using SUSE enterprise until Jesse came out) and on my personl Stretches I use gnome-commander. I have one Buster configured and running now and it was selectively installed from the CLI with no problems at all other than normal firefox glitches. I use SSH X11 forwarding a lot and so far it transitions from wayland to X without a puff of smoke. I think Debian has done a nice bit of work with Buster and widened the playing field, rather than shrunk it. Where I live every couple of years they change the routes and numbers of major highways, so much so that GPSs and OnStar can't keep up. I travel a lot so I keep an old state map in the glovebox just in case. Combining new and old is sometimes neccessary, but actually ill advised for GKSU.

TC
You can't believe your eyes if your imagination is out of focus.

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1388
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 65 times

Re: My solution to gksu being deprecated/Buster.

#47 Post by None1975 »

wizard10000 wrote: Wonder how many folks here are running X as root?:D
Maybe they came from windows word?
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: My solution to gksu being deprecated/Buster.

#48 Post by Deb-fan »

Hey Trinidad no worries is good to hear people's opinions. Mine here is obvious though will eventually very likely embrace polkit and policy files but for now gksu/do suits me. Mentioned it was used forever without problems. The lack of maintenance and any security issues were present for quite awhile without any incident. Still can't discount them as trivial and will have to find a better and more approved of practice after while. Until then am fine with gksu and any risk use of it entails, shrugs.

HOWEVER ... AM NOT SAYING ANYONE ELSE SHOULD DO THIS. Was never the intent of starting the thread, only wanted to share some info about it being possible and an option for those who might feel the same as myself about graphical apps + privs. :)
Most powerful FREE tech-support tool on the planet * HERE. *

printereverbd
Posts: 1
Joined: 2020-02-28 08:13

Re: My solution to gksu being deprecated/Buster.

#49 Post by printereverbd »

Thanks for sharing this

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: My solution to gksu being deprecated/Buster.

#50 Post by Deb-fan »

Welcome, of course still working fine in Buster, no reason it shouldn't. Not like gksu/do hadn't forever. Still believe many of these changes are aimed at enterprise gnu/nix applications rather than overly relevant to avg desktop nixer's. Not griping, have to be grateful for access to all this open source kickbuttness. Still just haven't gotten around to messing with policy files, still will and may as well. Clearly staying current and using what's considered best practice, is the best practice, shrugs. Though this isn't a have to do right now, this very instant type of thing. Despite whatever upstream changes come down I'm still going to pick and choose as I deem fit. If want to continue using Xorg long after Wayland goes default, then I will. End of story.

Edit: Still don't overly care or see the harm in the X process running as root. I don't bother using a display manager because it's unneeded, too many ways to select whichever or combo of de's/wm's on a system and switch between them w/o a DM. In a shared hardware + multi-user environment, yeah more so cause for concern. Only don't care all that much on a trusted user personal system. Anyone care to elaborate or link as to why having the X process running as root is practically certain doom? :)

HEY I GOT IT! Let's cgroup all hades out of root, then even root can't run as root. Bulletproof security, I'mma friggin genius! :P Root user goes to do anything some mystical algo considers shady, msg pops up, "permission denied ... please contact the system administrator." I AM THE SYSTEM ADMIN YOU PIECE OF *CENSORED*!!!
Most powerful FREE tech-support tool on the planet * HERE. *

Post Reply