Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Elevated Privileges Comparisons and Differences


  • Please log in to reply
68 replies to this topic

#1 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 21 August 2015 - 02:40 AM

Al, just an update (perhaps), or may be OS and (sub) version-specific, you be the judge.

 

The following is from an environment where I have added to my collection (via multi-boot) Linux Mint Cinnamon 17.2 codenamed Rafaela, just the 32-bit edition for now as I help another user or two.

 

The gksudo option for firing up a GUI (graphical user interface) application from Terminal is not required here. Rafaela uses the Nemo File Manager.

 

Witness below

 

scJjvjK.png

 

 

Press enter and outcome is:

 

nmhmwZy.png

 

Then, as Root:

 

4xTCWyY.png

 

 

and outcome is

 

Hyzxa6E.png

 

Note the differences.

 

Members and Users passing by, please note Al1000's warning

 

 

 

For security reasons, do not start applications with root permissions unless it is necessary to do so.

 

 

It's a bit of "Kids, don't try this at home"

 

I only use Root because I am always installing OSes under a multi-boot setup, and need to be able to change permissions globally in order to access files and folders on my other OSes and external HDD.

 

I still think about 3 times before I use it, if an alternative is available to me.

 

Ask questions about root privileges, administrator privileges, and sudo, and you will likely be answered.

 

Thanks Al1000 for a good Topic!

 

:wizardball: Wizard


Edited by Chris Cosgrove, 20 November 2015 - 06:05 PM.
Topic title edited at OP's request


BC AdBot (Login to Remove)

 


#2 Al1000

Al1000

  • Global Moderator
  • 7,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:04 AM

Posted 22 August 2015 - 12:17 AM

The gksudo option for firing up a GUI (graphical user interface) application from Terminal is not required here.


All applications can be started as root, but for security purposes it's best to not use root unless you have to.

I still think about 3 times before I use it, if an alternative is available to me.


The (safer) alternative in Linux Mint is gksudo.

#3 wizardfromoz

wizardfromoz
  • Topic Starter

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 22 August 2015 - 03:30 AM

 

The gksudo option for firing up a GUI (graphical user interface) application from Terminal is not required here.


All applications can be started as root, but for security purposes it's best to not use root unless you have to.

 

Al, you've missed a little of my point. With Nemo, if not with others, gksudo not required, from Terminal, to start the app. Screenshots 1 and 2 above were effected, non-root.

 

Linux Mint Qiana's Caja File Manager (writing this from Qiana) - ditto

 

Cheers

 

:wizardball: Wiz



#4 Al1000

Al1000

  • Global Moderator
  • 7,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:04 AM

Posted 22 August 2015 - 03:47 AM

Al, you've missed a little of my point. With Nemo, if not with others, gksudo not required, from Terminal, to start the app.


I fully understand your point. I think you may have missed mine though. It's not just Nemo, all applications can be started as root.

Consider that sudo is not required to start terminal based applications with root privileges, because they can all be started as root too. For example instead of using "sudo apt-get," you could use "apt-get" as root.

But the point of using sudo, gksudo and kdesudo, is that it's safer than using root.

Edited by Al1000, 22 August 2015 - 03:48 AM.


#5 wizardfromoz

wizardfromoz
  • Topic Starter

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 22 August 2015 - 04:09 AM

Mate no offence, you should know me  by now. We could debate this until the cows come home, but I've gotta go soon.

 

Topic Title

 

 

Starting applications from the terminal in Ubuntu based distributions

 

Also

 

 

To start GUI applications from the terminal with root permissions, sudo must not be used. Using sudo to start GUI applications has the potential to change file ownership permissions. On most desktops the command used in place of sudo to start GUI applications, is gksudo. For example to start Nautilus from the terminal with root permissions, type: gksudo nautilus

On KDE, it's kdesudo. For example to start Dolphin on KDE with root permissions, type:

kdesudo dolphin

 

And finally

 

 

The (safer) alternative in Linux Mint is gksudo.

 

You DON'T need gksudo, in the examples I have quoted from Linux Mint, the apps can be fired up using normal (superuser) privileges.

 

Just

caja

... for Qiana, and

nemo

... for Rafaela.

 

I am not trying to pick holes in your Tutorial, but wishing to add to it with current information. I know you would want that.

 

And as said above, I don't advocate using Root unless you are experienced.

 

Keep smilin'

 

:wizardball: Wizard



#6 Al1000

Al1000

  • Global Moderator
  • 7,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:04 AM

Posted 22 August 2015 - 04:20 AM

You DON'T need gksudo


I know you don't need gksudo.

You don't need sudo either.

But it is advisable to use gksudo and sudo rather than using root.

I will see if I can move these posts to a different thread where the issue can be debated.

Edited by Al1000, 22 August 2015 - 04:20 AM.


#7 Al1000

Al1000

  • Global Moderator
  • 7,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:04 AM

Posted 22 August 2015 - 04:25 AM

This thread is for discussion regarding starting applications using sudo, gksudo and kdesudo, versus starting applications as root.

EDIT: Apologies for the typo in the thread title. That was my fault.

Edited by Al1000, 22 August 2015 - 04:35 AM.


#8 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:04 PM

Posted 22 August 2015 - 05:44 PM

If you want to run as root get Puppy Linux.

 

 

 

For security reasons, do not start applications with root permissions unless it is necessary to do so.

I do not think you should be showing novice users this.

 

I could show you some tricks with vim too but I wont.,



#9 paul88ks

paul88ks

  • Members
  • 1,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas,Texas
  • Local time:10:04 PM

Posted 22 August 2015 - 07:49 PM

Hey - all i know for right now is sudo- and thats good enough for me until I get as smart as you guys!



#10 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:11:04 PM

Posted 22 August 2015 - 09:49 PM

There really isn't ever much need to drop directly to the root shell. Anything that needs root privileges can be run using "sudo", and is usually the better way to do things. Keeps you from accidentally messing things up. I drop to the root shell on occasion to do certain things that need root access, but mostly cause I am lazy and don't feel like typing in the password a bunch of times. But I also know (mostly) what I am doing and how to undo things. At work we actually have user groups that have certain sudo rights they can perform. Can be kind of frustrating at times when it would be really helpful to have root rights...( only admins have them) but I know that wouldn't be viable option since there is no way to track what is being dove via root. Anyway, in the long about way, I agree with Nick and AI.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#11 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:04 PM

Posted 22 August 2015 - 10:50 PM

If you are going to be running your applications as root you might as well just load up Windows as your primary OS and be done with it.... lol



#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:04 PM

Posted 22 August 2015 - 10:53 PM

I only use Root because I am always installing OSes under a multi-boot setup, and need to be able to change permissions globally in order to access files and folders on my other OSes and external HDD.

 

I still think about 3 times before I use it, if an alternative is available to me.

chmod



#13 wizardfromoz

wizardfromoz
  • Topic Starter

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 22 August 2015 - 11:45 PM

Hello, Northern One, long time no "see". Trust you to slip by when there is a bit of controversy going on. :hysterical:

 

I am quite familiar with

chmod

and

chown

... but thanks.

 

Let me first say make this disclaimer:

 

This Topic was not started by me, although it bears my name, witness:

 

 

Thanks Al1000 for a good Topic!

 

I started the comments at Al's Post in Tutorials, initially bringing to his attention that any number of graphical applications could be started FROM the Terminal, but WITHOUT having to use

gksu

or

gksudo

File Managers (Caja, Nemo, Nautilus) and Browsers (Firefox, Sea Monkey) are just two examples I can name. There are many more.

 

The environment I am writing this Post from is LXLE 14.04 live, trying out for alamanjani, and Sea Monkey is the default browser.

 

Witness

 

RPMGRDk.png

 

... Enter is pressed and voila

 

iwUp3SE.png

 

a (second instance, in my case, of) Sea Monkey session starts.

 

No need for gksu, nor gksudo.

 

To cut a long story short, my comments were upped and moved here, no input from me. So be it.

 

Now that I am here, we can have a spirited debate. Lively, but no name calling.

 

:wizardball: Wizard



#14 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:04 PM

Posted 22 August 2015 - 11:52 PM

From a security perspective, this is a bad idea for newcomers to Linux to run across & implement globally. 

 

Sure, it can be done, yet only in an environment where the ones performing these actions are Linux users with experience & fully understands the consequences should anything go wrong. There is a reason 'why' we have to type in that sudo password when called for, and I'm not about to do what it stands for, bypassing a huge part of our robust inbuilt security to gain a few seconds here & there. 

 

If one really needs to shave some time to make thing faster, a small investment in a SSD will go a long ways, w/out placing one's security in jeopardy. 

 

Am an 100% agreeance with this post by TsVk!

 

 

 

If you are going to be running your applications as root you might as well just load up Windows as your primary OS and be done with it.... lol

 

Since it was the OS most of us came from, then the ground will become familiar fast, including all of the needed maintenance, and forking cash every year for a license to a security suite, plus MBAM to catch the nasties that the security doesn't catch. Oh, and our privacy, for those who has ran Linux exclusively for a year or more, it's became worse, a new Microsoft Services Agreement took place beginning August 01, 2015 & another is on the way, though can't seem to find that at the moment, will edit when I do. 

 

Here's the MSA effective 08/01/2015. 

 

http://www.microsoft.com/en-us/servicesagreement/

 

Have fun!

 

EDIT: Though I can't find the other at the moment, it has to do with OneDrive & was a popup when I opened my email this morning. Any content on the site in 'Groups' will be deleted. Here's a link with the info & another to correct the issue before content becomes permanently deleted on 09/30/2015. 

 

http://www.engadget.com/2015/08/21/microsoft-onedrive-groups-has-an-official-expiration-date/

 

https://support.office.com/en-us/article/Move-files-from-a-group-to-your-own-OneDrive-0c35298e-14e6-4d27-a38f-b72dbf151678?ui=en-US&rs=en-US&ad=US

 

The bottom line is, Microsoft isn't going to let everyone the free ride they've provided for years. 

 

Cat


Edited by cat1092, 23 August 2015 - 12:17 AM.

Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#15 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 23 August 2015 - 12:50 AM

I prefer root to Sudo for regular system administration tasks, as I see no security benifit to Sudo usage in that senario. Sudo can be a highly useful tool for performing tasks as another user, but when it comes to Sudo versus Root security, I find Sudo is most useful in situations where one wishes to do something insecure. I think the main reason why some distros enforce Sudo usage is to prevent beginners from staying in root, much like many Windows users stay in Administrative accounts. I think helping the user become more knowledgable about safe practices is a better defense.

Examples of Sudo being useful for insecure actions:

Piping passwords.

example1@example ~ $ su -c "whoami" root
Password:
root
example1@example ~ $ echo "12" | su -c "whoami" root
su: must be run from a terminal
example1@example ~ $ sudo -u root whoami
[sudo] password for example1:
root
example1@example ~ $ echo "1234" | sudo -u root -S whoami
[sudo] password for example1: root

Giving other users the ability to run select elevated programs.
(Either you can trust someone, or you can't. Not sure? That's what VMs are for.)
example2@example ~ $ sudo ping --help
[sudo] password for example2:
ping: invalid option -- '-'
Usage: ping [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface]
            [-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos]
            [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option]
            [-w deadline] [-W timeout] [hop1 ...] destination
example2@example ~ $ sudo tar --help
[sudo] password for example2:
Sorry, user example2 is not allowed to execute '/bin/tar --help' as root on example.computer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users