Idea #27102: "Auto-GKSUDO (Auto-KDESUDO) when using SUDO with specific programs"

Ubuntu QA:

Blog

Brainstorm

Package status

The Ubuntu community has contributed 22823 ideas, 138726 comments, 2639112 votes

All more
Projects more
Global categories more
- Accessibility
- Documentation
- Education
- Gaming
- Graphics
- Hardware support
- Installation
- Internet & Networking
- Look and Feel
- Marketing
- Multimedia
- Office
- Programming
- Quality
- Security
- Server
- System
- Usability
- Others

Idea sandbox

Popular ideas

Ideas in development

Implemented ideas

Idea #27102: Auto-GKSUDO (Auto-KDESUDO) when using SUDO with specific programs

Written by Blutkoete the 2 Feb 11 at 17:11. Category: Security. Related project: Nothing/Others. Status: New

Rationale

"You should never use normal sudo to start graphical applications as Root. You should use gksudo (kdesudo on Kubuntu) to run such programs."

This quote is from https://help.ubuntu.com/community/RootSudo .

Many "intermediate absolute beginners" start to use & like the terminal and the SUDO command, but might not know what might happen if you start e.g. GEDIT or KATE with sudo instead of GKSUDO or KDESUDO.

Tags: (none)

4
votes

Solution #1: Add a AUTO-GKSUDO (AUTO-KDESUDO) config file

Written by Blutkoete the 2 Feb 11 at 17:11.

Add a config file that is read by SUDO and specifies certain programs that should be run with GKSUDO (KDESUDO) instead of SUDO, e.g. GEDIT and KATE.

If the user types "SUDO GEDIT thisfile.ext" in the terminal, SUDO checks that config file, sees GEDIT in it and hands over the operation to GKSUDO.

A "--force-sudo" argument is added for power users who know what they are doing which ignores the config file.

Propose your solution

Attachments

No attachments.

Duplicates

[Report a duplicate and merge its votes to this idea]

Comments

Darwin Survivor (Brainstorm moderator) wrote on the 5 Feb 11 at 04:12

gksu fails when logged in via ssh. I will sometimes (with permission of course) log into someone's computer and run an application remotely that they are having trouble with. It is much easier than walking them through it via phone/email and uses a LOT less bandwidth than a full vnc session.

having a --force-sudo option does fix the problem, but would be very annoying.

I also fail to see how gedit could cause root files to appear in your home folder, but a terminal app (such as vim) couldn't. Having "sudo vim /etc/....." try to launch and X11 authentication window ever time would be PAINFUL for system administrators.

Blutkoete wrote on the 8 Feb 11 at 10:54

The config file should only list commands that use the graphical interface, so vim wouldn't launch a X11 authentication window.

gedit and kate are just examples, they never caused a problem for me. But I had some folders and config files owned by root in my personal folder once when I sudo-installed something which started as a terminal installation but then launched a graphical installer later. And I think they won't warn you about the problem in the wiki if the problem doesn't occur.

I'm not a system administrator and never launched graphical applications via ssh, so I don't know about that part of the problem.

Just for clarification: I don't propose that sudo ALWAYS calls kdesudo or gksudo; only if you try to sudo specific graphical programs that should better be run with gksudo or kdesudo.

Darwin Survivor (Brainstorm moderator) wrote on the 8 Feb 11 at 11:12

I still don't think I can vote either way until I find some examples of programs that cause problems with sudo. I've personally never heard of programs creating root-owned files in the home folder. I've run TONS of apps (both cli and gui) using sudo (gparted, nautilus, gedit, vim, etc) and never once run across such an issue. I'm not saying that it *never* happens, but if it's something that only occurs with 1 or 2 obscure apps, I don't think it's worth calling gksudo when users are INTENTIONALLY using sudo (since the gksudo prompt can be annoying and jolting when you are expecting to enter your password into the command line).

I actually find it kind of odd that there is such an explicit warning in the ubuntu wiki when A) I've NEVER come across or even heard of this issue before. B) They don't site any examples of apps that cause this C) They don't explain why the program being "graphical" has anything to do with it.

Just for kicks, what would "gvim" be classified under? As far as I know it is nothing but a gui wrapper for vim, so I can't see the gui part actually making and file alterations differently than regular vim.

Blutkoete wrote on the 9 Feb 11 at 09:45

I did some research and asked in the Ubuntu forum. Someone provided me with this link that explains the problem:

http://www.psychocats.net/ubuntu/graphicalsudo

Darwin Survivor (Brainstorm moderator) wrote on the 9 Feb 11 at 10:09

The discussion linked in the article you posted (http://www.mail-archive.com/arch@archlinux.org/msg04963.html) hints that the problem is caused by X running as root and THEN running sudo. I think this needs some clarification (of which I am not informed enough to give).

A) If X is not running as root, is this still an issue?
B) Does ubuntu still run X as root (many distros and DE's are moving away from that design)
C) What happens when you run an app remotely (ssh -X into a server without an X server but with a graphical app you wish to use)?

Assuming the problem *is* caused by running X as root: If Ubuntu isn't running X as root there's nothing that needs to be done (other than possibly updating the wiki). If ubuntu is still running X as root, maybe we need to work on *that* first as it not only fixes this problem, but closes some VERY serious security holes we have been warned about for years.

Post your comment

Submit your idea