Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

no root term after upgrade deb 9-10

Linux Kernel, Network, and Services configuration.
Message
Author
User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: no root term after upgrade deb 9-10

#21 Post by Head_on_a_Stick »

djk44883 wrote:there's more to it than to protect me from myself
^ This.

Running a GUI application as root elevates the privileges of the entire set of libraries and programs required to run the X server and so exposes a massive attack surface to potential vulnerabilities.

To edit system files use

Code: Select all

sudoedit
Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html
deadbang

djk44883
Posts: 107
Joined: 2010-12-11 13:14
Has thanked: 2 times

Re: no root term after upgrade deb 9-10

#22 Post by djk44883 »

Head_on_a_Stick wrote:Running a GUI application as root elevates the privileges of the entire set of libraries and programs required to run the X server and so exposes a massive attack surface to potential vulnerabilities.
I did suggest developers knew something. I would have though just the libs dependent on the specific process as Xor is already run by root - in a non-Wayland environment.

I'll admit, I'm not overly secure with my single user home system. I know everything is a risk, but beyond "basics" and trying to be conscious of what I'm doing, I'm probably not as paranoid as I should be. (I avoid 'social' sites, won't use public open wifi, change my foil hat daily)
Head_on_a_Stick wrote:Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html
Thanks greatly for the info. I've gotten comfortable with what I've know. When gnome "redesigned" it's self, I tried, but needed a right-click context menu and couldn't wait to while I moved to a corner for tab to switch tasks... so I'm using mate-desktop. Has it's roots dating back to the mid 90s. It's not that I'm against change... it's the time I've invested knowing what I know to get done what I need to - right now.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: no root term after upgrade deb 9-10

#23 Post by Head_on_a_Stick »

djk44883 wrote:Xor[g] is already run by root
Not if you're running from GDM or startx:

https://www.debian.org/releases/stretch ... uires-root

That change happened for the stretch release :)
deadbang

djk44883
Posts: 107
Joined: 2010-12-11 13:14
Has thanked: 2 times

Re: no root term after upgrade deb 9-10

#24 Post by djk44883 »

Head_on_a_Stick wrote:To edit system files use

Code: Select all

    sudoedit
stat /usr/bin/sudoedit
File: /usr/bin/sudoedit -> sudo
Size: 4 Blocks: 0 IO Block: 4096 symbolic link
Device: 801h/2049d Inode: 543673 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-08-05 08:10:47.275353431 -0400
Modify: 2019-01-12 13:10:05.000000000 -0500
Change: 2019-01-24 05:19:49.937608537 -0500
Birth: -

sudoedit is just a link to sudo, they even share a man page. If adding -e there are security measures implemented. But straight up sudoedit vs sudo [pluma|gedit] on the surface just less typing? I'm sure it's deeper. The true old timers had su, then adjusted to sudo... and now admin:// debian and linux distributions grow and evolve. Aptitude, apt-get to just apt... that'll change someday

djk44883
Posts: 107
Joined: 2010-12-11 13:14
Has thanked: 2 times

Re: no root term after upgrade deb 9-10

#25 Post by djk44883 »

Head_on_a_Stick wrote:
djk44883 wrote:Xor[g] is already run by root
Not if you're running from GDM or startx:

https://www.debian.org/releases/stretch ... uires-root

That change happened for the stretch release :)
Thanks, as you point out, the reference notes the limited way this occurs is
Only the gdm3 display manager supports running X as a non-privileged user in stretch. Other display managers will always run X as root. Alternatively, you can also start X manually as a non-root user on a virtual terminal via startx.
I had vaguely recall something, thought it was systemd related... was way wrong. Since Wayland and GDM, gnome... ok, this kind of clears things a little. This is specific, the whole x-server having elevated privileges to this environment?

Right now, I use LightDM and Xorg ...someday it'll catch up with me, so I best prepare now. I am greatful for the info! :D

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: no root term after upgrade deb 9-10

#26 Post by Head_on_a_Stick »

djk44883 wrote:But straight up sudoedit vs sudo [pluma|gedit] on the surface just less typing?
No, if sudo is called via the sudoedit symlink (or with the -e option) then the target file is copied to /tmp and edited there with root privileges only invoked after the temporary file has been edited for the operation to copy it back to the original location. This follows the POLP paradigm and so is considered best practice.
djk44883 wrote:Aptitude, apt-get to just apt... that'll change someday
https://packages.debian.org/buster/flatpak

Fedora & Ubuntu are both moving towards that...
deadbang

User avatar
phenest
Posts: 1702
Joined: 2010-03-09 09:38
Location: The Matrix

Re: no root term after upgrade deb 9-10

#27 Post by phenest »

Head_on_a_Stick wrote:Or if you must have a GUI then open the file in Gedit with the admin:// prefix: https://www.linuxuprising.com/2018/04/g ... heres.html
I didn't know about this myself.
One of my system prompts for a password twice, and the other reports:
Sorry, could not display all the contents of 'default'. The specified location is not supported.
('default' is /etc/default) ... and pressing Ok, it then tells me the "Folder is Empty". Which it isn't. Weird.
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D

shep
Posts: 423
Joined: 2011-03-15 15:22

Re: no root term after upgrade deb 9-10

#28 Post by shep »

2 pages of posts and no one remarked on the underlying change. In order to tighten security, the default users environment has a restricted PATH. If a command won't run, type the full path to the command

Code: Select all

$ poweroff -> command not found
$ /sbin/poweroff -> normal poweroff
An alternative to using sudo/different terminals/different DE's, would be either to set alisasis or export the needed paths to your environment.

User avatar
phenest
Posts: 1702
Joined: 2010-03-09 09:38
Location: The Matrix

Re: no root term after upgrade deb 9-10

#29 Post by phenest »

shep wrote:no one remarked on the underlying change. In order to tighten security, the default users environment has a restricted PATH. If a command won't run, type the full path
Does that fix the OP's issue? If not, it might be why no one remarked on it.
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: no root term after upgrade deb 9-10

#30 Post by Head_on_a_Stick »

phenest wrote:One of my system prompts for a password twice
Yeah, MX Linux does that as well, I think it's for gvfs and polkit but that's just a guess. I presume GNOME would rely on the keyring to handle that seamlessly.
deadbang

dblake2
Posts: 77
Joined: 2008-10-09 01:42

Re: no root term after upgrade deb 9-10

#31 Post by dblake2 »

based on shep's post i tried entering the command manually from a normal terminal as reg user (gksu /usr/bin/x-terminal-emulator).

this produced same result as clicking on 'root terminal' icon, ie, pw prompt where i am unable to enter characters (i type but nothing appears, click ok & get login failure msg).

went back to reg terminal & it showed the pw I had just entered.

i then entered 'su', became root & entered the /usr/bin/x.... command & a root terminal opened up, but i note it is called 'xfce terminal'.

does this provide any clues as to what is going on? i do wonder why xfce terminal is appearing when i'm using the gnome desktop.
---
ok, i just booted to the xfce desktop, ran the 'root terminal' & note that it is labeled 'gnome terminal'.

shep
Posts: 423
Joined: 2011-03-15 15:22

Re: no root term after upgrade deb 9-10

#32 Post by shep »

I use a simple xterm/uxterm but you can end up with mutiple terminals. lxterminal, xfce-terminal, gnome-terminal, sakura, urxvt, st and on.
To see what terminals you have installed
dpkg -l | grep term

/usr/bin/x-terminal-emulator is usually a soft link to your perfered terminal and is user specific. You should not need preface the command with gksu.
https://packages.debian.org/stretch/x-terminal-emulator

The other complicated aspect is that you can have mulitple shells, You are likely using Bash
https://wiki.debian.org/Shell

There is usually a configuration in your home directory that sets the default paths for your shell.

djk44883
Posts: 107
Joined: 2010-12-11 13:14
Has thanked: 2 times

Re: no root term after upgrade deb 9-10

#33 Post by djk44883 »

x-terminal-emulator can be most any terminal you want, to see some options

Code: Select all

sudo update-alternatives --list x-terminal-emulator
If you go back and read the part about gdm3 and wayland... and Xorg not allowing root privileges you'll find out what the deal may be.

L_V
Posts: 1477
Joined: 2007-03-19 09:04
Been thanked: 11 times

Re: no root term after upgrade deb 9-10

#34 Post by L_V »

For the 2 comics (page 1) who feeled allowed to treat people as "crazy", "insane" or even more people using "sudo su", instead of 'sudo -i", to switch from user to root in a terminal, they should definitely share their experience with FreeBSD and CentOS users.

How to Use Sudo on Debian, CentOS, and FreeBSD
https://www.vultr.com/docs/how-to-use-s ... nd-freebsd
Any of the below commands will allow the sudo user to become root.
sudo su -
sudo -i
sudo -S
If Debian considered that "sudo su" was so "crazy/insane" compared to "sudo -i", "sudo su" would have been forbidden by default in visudo (managing sudoers permissions).
I've started using Linux with a Netinstall of Morphix I think it was in 2002/3, and never seen people treating people "crazy/insane" without any valid argumentation. Even not sure this is compliant with forum rules.
Well, to not frustrate some people and avoid pointless discussions, let's say "sudo -i" here. This will calm them down.

Now, as I said before, I see a real confusion between starting a root session from a user terminal, then, to execute some administration tasks, and trying to launch graphical applications as root.
This is the point.
dblake2 wrote:based on shep's post i tried entering the command manually from a normal terminal as reg user (gksu /usr/bin/x-terminal-emulator).
You still have some Stretch packages in your Buster.
I think what you do is wrong simply because "gksu/gksudo,kdesu,kdesudo" commands do not exist in Buster, and what you try is not clean.
The only administrative graphical application I use is Gparted.
The Gparted launcher command is simply..... "/usr/sbin/gparted", but when launching the program, a password will be requested because permissions are managed by policykit-1 which content is:

/usr/share/polkit-1/actions/org.gnome.gparted.policy

Code: Select all

<defaults>
    <allow_any>auth_admin</allow_any>
    <allow_inactive>auth_admin</allow_inactive>
    <allow_active>auth_admin</allow_active>
</defaults>
Then, if you have old application launchers which Exec command contain "gksu", you should progressively forget them, to avoid coming difficulties with Buster.
I do not have any problem in KDE opening Konsole (terminal) as user, and open a new Tab, with a profile defined to open a root session, even with a "RED Tab icon" to clearly identify this special session.
I must say I practically never need to open a root session (mainly to manage deboostrap installations, and chroot).

Then some practices need to be changed from Stretch to Buster.

dblake2
Posts: 77
Joined: 2008-10-09 01:42

Re: no root term after upgrade deb 9-10

#35 Post by dblake2 »

i decided to try ALL of my desktop choices available after entering username & the root term access works in all of them except 'gnome'.

they all work by entering user pw, not root pw.

the choices are:

gnome classic-works ok
gnome on xorg=works ok
default x session=works ok (this is xfce)
xfce session=works ok
system x11 default=works ok (also xfce)
gnome=don't work (the one this post has been about)

any comments-other than too many choices? (which I agree with).

dblake2
Posts: 77
Joined: 2008-10-09 01:42

Re: no root term after upgrade deb 9-10

#36 Post by dblake2 »

i decided to try all the available desktops in debian 9 & made 2 discoveries.

1) there are 8 choices & root term access works in all of them (with root pw, not user pw like deb10) except 'gnome on wayland' which acts exactly like 'gnome' on deb 10, sounds like what head-on-a -stick was talking about.

so it seems the 'gnome' on deb10 is 'gnome wayland' on deb9. they are both hosed as far as running the root term goes. Can anyone give a definitive answer on whether there should even be a root term icon in gnome wayland?

i would say it carried over by mistake from the upgrade from deb9 except deb9 has one also (that don't work).

i also discovered i have to reboot to switch between gnome & xfce desktops in deb 9 but thats a different subject, not that big a deal.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: no root term after upgrade deb 9-10

#37 Post by Head_on_a_Stick »

dblake2 wrote:Can anyone give a definitive answer on whether there should even be a root term icon in gnome wayland?
The presence of the icon is determined by the .desktop file in accordance with the desktop menu specification. The fact that Wayland doesn't allow it to function is irrelevant in respect of the actual specification as it stands.

If you don't like the icon and you're using the Wayland desktop then copy the offending .desktop file to ~/.local/share/applications and add Hidden=true to the end of the file.
deadbang

shep
Posts: 423
Joined: 2011-03-15 15:22

Re: no root term after upgrade deb 9-10

#38 Post by shep »

Some desktop entries have entries as mimetypes in which case NoDisplay=true should be used.

https://standards.freedesktop.org/deskt ... nized-keys

For xterm, uxterm, rxvt and urxvt you can allow root login in your ~/.Xresources or ~/.Xdefaults flle.

Code: Select all

! $Crux: dot.Xdefaults,v 1.3 2019/07/10 10:22:59 jsh Exp $
! XTerm
XTerm*loginShell: true
XTerm*background: #292929
XTerm*foreground: white
XTerm*scrollBar: true
XTerm*rightScrollBar: true
XTerm*multiScroll: on
XTerm*jumpScroll: on
!XTerm*locale: true
XTerm*faceName: Monospace
XTerm*faceSize: 10
XTerm*eightBitInput: true
XTerm*pointerShape: left_ptr
XTerm*showBlinkAsBold: true
XTerm*colorBDMode: true
XTerm*ActiveIcon: true
XTerm*scrollbar.foreground: #212121
XTerm*scrollbar.background: #393F3F
XTerm*scrollbar.thumb: black
XTerm*VT100.scrollbar.translations:  #override \n\
        <Btn5Down>:     StartScroll(Forward) \n\
        <Btn1Down>:     StartScroll(Continuous) MoveThumb() NotifyThumb() \n\
        <Btn4Down>:     StartScroll(Backward) \n\
        <Btn1Motion>:   MoveThumb() NotifyThumb() \n\
        <BtnUp>:        NotifyScroll(Proportional) EndScroll()
XTerm*VT100.color1: #2F4F4F
Another option to perform administration from the command line is to open a VT <ctl>+<alt>+<F*> and login as root. The F* keys depends on the number of TTY's that have been allocated.
Last edited by shep on 2019-08-06 12:30, edited 1 time in total.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: no root term after upgrade deb 9-10

#39 Post by Head_on_a_Stick »

I've just tried the live ISO image for the GNOME desktop and there is no "root terminal" icon there at all. I even installed the XFCE desktop (task) and that doesn't show a "root terminal" option either.

It must be a remnant from stretch, see if you can find the .desktop file and just delete it.
deadbang

djk44883
Posts: 107
Joined: 2010-12-11 13:14
Has thanked: 2 times

Re: no root term after upgrade deb 9-10

#40 Post by djk44883 »

L_V wrote:For the 2 comics (page 1) who feeled allowed to treat people as "crazy", "insane" or even more people using "sudo su", instead of 'sudo -i", to switch from user to root in a terminal, they should definitely share their experience with FreeBSD and CentOS users.

How to Use Sudo on Debian, CentOS, and FreeBSD
https://www.vultr.com/docs/how-to-use-s ... nd-freebsd
The article you referenced was not for end users or a desktop system...
Using a sudo user to access a server and execute commands at root level is a very common practice among Linux and Unix Systems Administrator.
Note: "access a server" and "practice among Linux and Unix Systems Administrator" That's not what's going on here.

Try this Debian Wiki page https://wiki.debian.org/sudo
..."allow some users to execute some commands as root"...
So you don't need to become root with sudo -as noted in Debian's Wiki-
For the reasons above, switching to root using sudo -i (or sudo su) is usually deprecated because it cancels the above features.
Some things really are just insanely crazy :idea: :|

Post Reply