no root term after upgrade deb 9-10

[phenest]

I'm not sure how this is a problem for you. I use Gnome, and use Gnome Terminal. If I need root in a terminal, then I use Gnome Terminal and login as root.

If you're looking for a "global" solution that works with every DE... how about switching to a console?

[Head_on_a_Stick]

Are you saying there should be no root terminal icon in buster (monitor icon on applications menu with magenta face that sez 'root terminal')?

The menu entry will be there because of a .desktop file in /usr/share/applications/ but it won't work under Wayland.

[dblake2]

it's a problem because it's sitting/available on the menu & it doesn't work.

i'm very aware of sudo in a regular terminal.

[phenest]

Then Head_on_a_Stick has already given you a clue how to fix that.

[djk44883]

The GNOME desktop in buster uses Wayland by default and that will not allow GUI applications to run as root, which is entirely sane behaviour and should be regarded as a feature rather than a bug.

If you are foolish enough to want to run the entire terminal emulator as root rather than just the shell then use the X-based GNOME session instead.

It may be, expect in contrast to prior decades when it was... insane? and then a bug? If there's more to it than to protect me from myself, of course, developers know things.

I'm so foolish to execute ' gksudo caja ' (which ever file manager I'm using) to navigate around when configuring system files. It's a double-click to edit files, or check files locked otherwise... foolish insanity

[Head_on_a_Stick]

there's more to it than to protect me from myself

^ This.

Running a GUI application as root elevates the privileges of the entire set of libraries and programs required to run the X server and so exposes a massive attack surface to potential vulnerabilities.

To edit system files use

Code: Select all

sudoedit

Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html

[djk44883]

Running a GUI application as root elevates the privileges of the entire set of libraries and programs required to run the X server and so exposes a massive attack surface to potential vulnerabilities.

I did suggest developers knew something. I would have though just the libs dependent on the specific process as Xor is already run by root - in a non-Wayland environment.

I'll admit, I'm not overly secure with my single user home system. I know everything is a risk, but beyond "basics" and trying to be conscious of what I'm doing, I'm probably not as paranoid as I should be. (I avoid 'social' sites, won't use public open wifi, change my foil hat daily)

Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html

Thanks greatly for the info. I've gotten comfortable with what I've know. When gnome "redesigned" it's self, I tried, but needed a right-click context menu and couldn't wait to while I moved to a corner for tab to switch tasks... so I'm using mate-desktop. Has it's roots dating back to the mid 90s. It's not that I'm against change... it's the time I've invested knowing what I know to get done what I need to - right now.

[Head_on_a_Stick]

Xor[g] is already run by root

Not if you're running from GDM or startx:

https://www.debian.org/releases/stretch ... uires-root

That change happened for the stretch release

[djk44883]

To edit system files use

Code: Select all

    sudoedit

stat /usr/bin/sudoedit
File: /usr/bin/sudoedit -> sudo
Size: 4 Blocks: 0 IO Block: 4096 symbolic link
Device: 801h/2049d Inode: 543673 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-08-05 08:10:47.275353431 -0400
Modify: 2019-01-12 13:10:05.000000000 -0500
Change: 2019-01-24 05:19:49.937608537 -0500
Birth: -

sudoedit is just a link to sudo, they even share a man page. If adding -e there are security measures implemented. But straight up sudoedit vs sudo [pluma|gedit] on the surface just less typing? I'm sure it's deeper. The true old timers had su, then adjusted to sudo... and now admin:// debian and linux distributions grow and evolve. Aptitude, apt-get to just apt... that'll change someday

[djk44883]

Xor[g] is already run by root

Not if you're running from GDM or startx:

https://www.debian.org/releases/stretch ... uires-root

That change happened for the stretch release

Thanks, as you point out, the reference notes the limited way this occurs is

Only the gdm3 display manager supports running X as a non-privileged user in stretch. Other display managers will always run X as root. Alternatively, you can also start X manually as a non-root user on a virtual terminal via startx.

I had vaguely recall something, thought it was systemd related... was way wrong. Since Wayland and GDM, gnome... ok, this kind of clears things a little. This is specific, the whole x-server having elevated privileges to this environment?

Right now, I use LightDM and Xorg ...someday it'll catch up with me, so I best prepare now. I am greatful for the info!

[Head_on_a_Stick]

But straight up sudoedit vs sudo [pluma|gedit] on the surface just less typing?

No, if sudo is called via the sudoedit symlink (or with the -e option) then the target file is copied to /tmp and edited there with root privileges only invoked after the temporary file has been edited for the operation to copy it back to the original location. This follows the POLP paradigm and so is considered best practice.

Aptitude, apt-get to just apt... that'll change someday

https://packages.debian.org/buster/flatpak

Fedora & Ubuntu are both moving towards that...

[phenest]

Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html

I didn't know about this myself.
One of my system prompts for a password twice, and the other reports:

Sorry, could not display all the contents of 'default'. The specified location is not supported.

('default' is /etc/default) ... and pressing Ok, it then tells me the "Folder is Empty". Which it isn't. Weird.

[shep]

2 pages of posts and no one remarked on the underlying change. In order to tighten security, the default users environment has a restricted PATH. If a command won't run, type the full path to the command

Code: Select all

$ poweroff -> command not found
$ /sbin/poweroff -> normal poweroff

An alternative to using sudo/different terminals/different DE's, would be either to set alisasis or export the needed paths to your environment.

[phenest]

no one remarked on the underlying change. In order to tighten security, the default users environment has a restricted PATH. If a command won't run, type the full path

Does that fix the OP's issue? If not, it might be why no one remarked on it.

[Head_on_a_Stick]

One of my system prompts for a password twice

Yeah, MX Linux does that as well, I think it's for gvfs and polkit but that's just a guess. I presume GNOME would rely on the keyring to handle that seamlessly.

[dblake2]

based on shep's post i tried entering the command manually from a normal terminal as reg user (gksu /usr/bin/x-terminal-emulator).

this produced same result as clicking on 'root terminal' icon, ie, pw prompt where i am unable to enter characters (i type but nothing appears, click ok & get login failure msg).

went back to reg terminal & it showed the pw I had just entered.

i then entered 'su', became root & entered the /usr/bin/x.... command & a root terminal opened up, but i note it is called 'xfce terminal'.

does this provide any clues as to what is going on? i do wonder why xfce terminal is appearing when i'm using the gnome desktop.
---
ok, i just booted to the xfce desktop, ran the 'root terminal' & note that it is labeled 'gnome terminal'.

[shep]

I use a simple xterm/uxterm but you can end up with mutiple terminals. lxterminal, xfce-terminal, gnome-terminal, sakura, urxvt, st and on.
To see what terminals you have installed
dpkg -l | grep term

/usr/bin/x-terminal-emulator is usually a soft link to your perfered terminal and is user specific. You should not need preface the command with gksu.
https://packages.debian.org/stretch/x-terminal-emulator

The other complicated aspect is that you can have mulitple shells, You are likely using Bash
https://wiki.debian.org/Shell

There is usually a configuration in your home directory that sets the default paths for your shell.

[djk44883]

x-terminal-emulator can be most any terminal you want, to see some options

Code: Select all

sudo update-alternatives --list x-terminal-emulator

If you go back and read the part about gdm3 and wayland... and Xorg not allowing root privileges you'll find out what the deal may be.

[L_V]

For the 2 comics (page 1) who feeled allowed to treat people as "crazy", "insane" or even more people using "sudo su", instead of 'sudo -i", to switch from user to root in a terminal, they should definitely share their experience with FreeBSD and CentOS users.

How to Use Sudo on Debian, CentOS, and FreeBSD
https://www.vultr.com/docs/how-to-use-s ... nd-freebsd

Any of the below commands will allow the sudo user to become root.
sudo su -
sudo -i
sudo -S

If Debian considered that "sudo su" was so "crazy/insane" compared to "sudo -i", "sudo su" would have been forbidden by default in visudo (managing sudoers permissions).
I've started using Linux with a Netinstall of Morphix I think it was in 2002/3, and never seen people treating people "crazy/insane" without any valid argumentation. Even not sure this is compliant with forum rules.
Well, to not frustrate some people and avoid pointless discussions, let's say "sudo -i" here. This will calm them down.

Now, as I said before, I see a real confusion between starting a root session from a user terminal, then, to execute some administration tasks, and trying to launch graphical applications as root.
This is the point.

based on shep's post i tried entering the command manually from a normal terminal as reg user (gksu /usr/bin/x-terminal-emulator).

You still have some Stretch packages in your Buster.
I think what you do is wrong simply because "gksu/gksudo,kdesu,kdesudo" commands do not exist in Buster, and what you try is not clean.
The only administrative graphical application I use is Gparted.
The Gparted launcher command is simply..... "/usr/sbin/gparted", but when launching the program, a password will be requested because permissions are managed by policykit-1 which content is:

/usr/share/polkit-1/actions/org.gnome.gparted.policy

Code: Select all

<defaults>
    <allow_any>auth_admin</allow_any>
    <allow_inactive>auth_admin</allow_inactive>
    <allow_active>auth_admin</allow_active>
</defaults>

Then, if you have old application launchers which Exec command contain "gksu", you should progressively forget them, to avoid coming difficulties with Buster.
I do not have any problem in KDE opening Konsole (terminal) as user, and open a new Tab, with a profile defined to open a root session, even with a "RED Tab icon" to clearly identify this special session.
I must say I practically never need to open a root session (mainly to manage deboostrap installations, and chroot).

Then some practices need to be changed from Stretch to Buster.

[dblake2]

i decided to try ALL of my desktop choices available after entering username & the root term access works in all of them except 'gnome'.

they all work by entering user pw, not root pw.

the choices are:

gnome classic-works ok
gnome on xorg=works ok
default x session=works ok (this is xfce)
xfce session=works ok
system x11 default=works ok (also xfce)
gnome=don't work (the one this post has been about)

any comments-other than too many choices? (which I agree with).