no root term after upgrade deb 9-10

Kernels & Hardware, configuring network, installing services

Re: no root term after upgrade deb 9-10

Postby phenest » 2019-08-04 19:16

I'm not sure how this is a problem for you. I use Gnome, and use Gnome Terminal. If I need root in a terminal, then I use Gnome Terminal and login as root.

If you're looking for a "global" solution that works with every DE... how about switching to a console?
Last edited by phenest on 2019-08-04 20:26, edited 1 time in total.
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D
User avatar
phenest
 
Posts: 1704
Joined: 2010-03-09 09:38
Location: The Matrix

Re: no root term after upgrade deb 9-10

Postby Head_on_a_Stick » 2019-08-04 19:38

dblake2 wrote:Are you saying there should be no root terminal icon in buster (monitor icon on applications menu with magenta face that sez 'root terminal')?

The menu entry will be there because of a .desktop file in /usr/share/applications/ but it won't work under Wayland.
Don't break DebianHow to report bugs

SharpBang — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10522
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: no root term after upgrade deb 9-10

Postby dblake2 » 2019-08-05 00:29

it's a problem because it's sitting/available on the menu & it doesn't work.

i'm very aware of sudo in a regular terminal.
dblake2
 
Posts: 77
Joined: 2008-10-09 01:42

Re: no root term after upgrade deb 9-10

Postby phenest » 2019-08-05 08:04

Then Head_on_a_Stick has already given you a clue how to fix that.
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D
User avatar
phenest
 
Posts: 1704
Joined: 2010-03-09 09:38
Location: The Matrix

Re: no root term after upgrade deb 9-10

Postby djk44883 » 2019-08-05 11:27

Head_on_a_Stick wrote:
dblake2 wrote:The GNOME desktop in buster uses Wayland by default and that will not allow GUI applications to run as root, which is entirely sane behaviour and should be regarded as a feature rather than a bug.

If you are foolish enough to want to run the entire terminal emulator as root rather than just the shell then use the X-based GNOME session instead.


It may be, expect in contrast to prior decades when it was... insane? and then a bug? If there's more to it than to protect me from myself, of course, developers know things.

I'm so foolish to execute ' gksudo caja ' (which ever file manager I'm using) to navigate around when configuring system files. It's a double-click to edit files, or check files locked otherwise... foolish insanity :shock: :roll:
djk44883
 
Posts: 80
Joined: 2010-12-11 13:14

Re: no root term after upgrade deb 9-10

Postby Head_on_a_Stick » 2019-08-05 14:44

djk44883 wrote:there's more to it than to protect me from myself

^ This.

Running a GUI application as root elevates the privileges of the entire set of libraries and programs required to run the X server and so exposes a massive attack surface to potential vulnerabilities.

To edit system files use
Code: Select all
sudoedit

Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html
Don't break DebianHow to report bugs

SharpBang — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10522
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: no root term after upgrade deb 9-10

Postby djk44883 » 2019-08-05 15:32

Head_on_a_Stick wrote:Running a GUI application as root elevates the privileges of the entire set of libraries and programs required to run the X server and so exposes a massive attack surface to potential vulnerabilities.


I did suggest developers knew something. I would have though just the libs dependent on the specific process as Xor is already run by root - in a non-Wayland environment.

I'll admit, I'm not overly secure with my single user home system. I know everything is a risk, but beyond "basics" and trying to be conscious of what I'm doing, I'm probably not as paranoid as I should be. (I avoid 'social' sites, won't use public open wifi, change my foil hat daily)

Head_on_a_Stick wrote:Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html


Thanks greatly for the info. I've gotten comfortable with what I've know. When gnome "redesigned" it's self, I tried, but needed a right-click context menu and couldn't wait to while I moved to a corner for tab to switch tasks... so I'm using mate-desktop. Has it's roots dating back to the mid 90s. It's not that I'm against change... it's the time I've invested knowing what I know to get done what I need to - right now.
djk44883
 
Posts: 80
Joined: 2010-12-11 13:14

Re: no root term after upgrade deb 9-10

Postby Head_on_a_Stick » 2019-08-05 15:36

djk44883 wrote:Xor[g] is already run by root

Not if you're running from GDM or startx:

https://www.debian.org/releases/stretch ... uires-root

That change happened for the stretch release :)
Don't break DebianHow to report bugs

SharpBang — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10522
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: no root term after upgrade deb 9-10

Postby djk44883 » 2019-08-05 15:49

Head_on_a_Stick wrote:To edit system files use

Code: Select all
    sudoedit


stat /usr/bin/sudoedit
File: /usr/bin/sudoedit -> sudo
Size: 4 Blocks: 0 IO Block: 4096 symbolic link
Device: 801h/2049d Inode: 543673 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-08-05 08:10:47.275353431 -0400
Modify: 2019-01-12 13:10:05.000000000 -0500
Change: 2019-01-24 05:19:49.937608537 -0500
Birth: -

sudoedit is just a link to sudo, they even share a man page. If adding -e there are security measures implemented. But straight up sudoedit vs sudo [pluma|gedit] on the surface just less typing? I'm sure it's deeper. The true old timers had su, then adjusted to sudo... and now admin:// debian and linux distributions grow and evolve. Aptitude, apt-get to just apt... that'll change someday
djk44883
 
Posts: 80
Joined: 2010-12-11 13:14

Re: no root term after upgrade deb 9-10

Postby djk44883 » 2019-08-05 16:05

Head_on_a_Stick wrote:
djk44883 wrote:Xor[g] is already run by root

Not if you're running from GDM or startx:

https://www.debian.org/releases/stretch ... uires-root

That change happened for the stretch release :)


Thanks, as you point out, the reference notes the limited way this occurs is
Only the gdm3 display manager supports running X as a non-privileged user in stretch. Other display managers will always run X as root. Alternatively, you can also start X manually as a non-root user on a virtual terminal via startx.


I had vaguely recall something, thought it was systemd related... was way wrong. Since Wayland and GDM, gnome... ok, this kind of clears things a little. This is specific, the whole x-server having elevated privileges to this environment?

Right now, I use LightDM and Xorg ...someday it'll catch up with me, so I best prepare now. I am greatful for the info! :D
djk44883
 
Posts: 80
Joined: 2010-12-11 13:14

Re: no root term after upgrade deb 9-10

Postby Head_on_a_Stick » 2019-08-05 16:08

djk44883 wrote:But straight up sudoedit vs sudo [pluma|gedit] on the surface just less typing?

No, if sudo is called via the sudoedit symlink (or with the -e option) then the target file is copied to /tmp and edited there with root privileges only invoked after the temporary file has been edited for the operation to copy it back to the original location. This follows the POLP paradigm and so is considered best practice.

djk44883 wrote:Aptitude, apt-get to just apt... that'll change someday

https://packages.debian.org/buster/flatpak

Fedora & Ubuntu are both moving towards that...
Don't break DebianHow to report bugs

SharpBang — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10522
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: no root term after upgrade deb 9-10

Postby phenest » 2019-08-05 17:17

Head_on_a_Stick wrote:Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html

I didn't know about this myself.
One of my system prompts for a password twice, and the other reports:
Sorry, could not display all the contents of 'default'. The specified location is not supported.

('default' is /etc/default) ... and pressing Ok, it then tells me the "Folder is Empty". Which it isn't. Weird.
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D
User avatar
phenest
 
Posts: 1704
Joined: 2010-03-09 09:38
Location: The Matrix

Re: no root term after upgrade deb 9-10

Postby shep » 2019-08-05 18:41

2 pages of posts and no one remarked on the underlying change. In order to tighten security, the default users environment has a restricted PATH. If a command won't run, type the full path to the command
Code: Select all
$ poweroff -> command not found
$ /sbin/poweroff -> normal poweroff


An alternative to using sudo/different terminals/different DE's, would be either to set alisasis or export the needed paths to your environment.
shep
 
Posts: 315
Joined: 2011-03-15 15:22

Re: no root term after upgrade deb 9-10

Postby phenest » 2019-08-05 18:54

shep wrote:no one remarked on the underlying change. In order to tighten security, the default users environment has a restricted PATH. If a command won't run, type the full path

Does that fix the OP's issue? If not, it might be why no one remarked on it.
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D
User avatar
phenest
 
Posts: 1704
Joined: 2010-03-09 09:38
Location: The Matrix

Re: no root term after upgrade deb 9-10

Postby Head_on_a_Stick » 2019-08-05 20:02

phenest wrote:One of my system prompts for a password twice

Yeah, MX Linux does that as well, I think it's for gvfs and polkit but that's just a guess. I presume GNOME would rely on the keyring to handle that seamlessly.
Don't break DebianHow to report bugs

SharpBang — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10522
Joined: 2014-06-01 17:46
Location: /dev/chair

PreviousNext

Return to System configuration

Who is online

Users browsing this forum: techsavvy and 11 guests

fashionable