Talk:Running GUI apps as root

From ArchWiki
Jump to: navigation, search

/etc/X0.hosts

What about /etc/X0.hosts file ? It's descibed in Xserver manual, in section "GRANTING ACCESS".

xhost + security

Using xhost+ is insecure: http://www.ocf.berkeley.edu/help/X_Windows_Env_HTML/security.html Maybe adding:

HOST=`hostname`
XAUTH=`ps -C X f|sed -n 's/.*-auth *//p'`
XKEY=`xauth -f ${XAUTH} list | awk '{print $3}'`

xauth add ${HOST}/unix:0 MIT-MAGIC-COOKIE-1 ${XKEY}
xauth add ${HOST}:0 MIT-MAGIC-COOKIE-1 ${XKEY}

unset HOST
unset XAUTH
unset XKEY

to /root/.bashrc is a better solution ?

OK ... one more solution:
# xhost +SI:localuser:root
localuser:root being added to access control list
or saving it in a config file:
# cat /etc/X0.hosts
si:localuser:root

DISPLAY not set

I have problem with DISPLAY setting missing when using gksu. Even

gksu export DISPLAY=:0 gedit

won't work. I finally managed with

gksu env DISPLAY=:0 gedit

Gnome dev opinion

I changed the beginning of the article to remove precious opinion of gnome dev 'ebassi' on unrelated issue in gnome bugzilla. Opinion of some random persons is not important that much to be placed at the beginning of wiki article, also gnome does not represent whole X world (especially of gnome, which design choices are questioned). I changed vague quote to a less-wordy, arguments-only text. Please stop pollute wiki article with some quotes in bugzillas. Thanks. --Mxfm (talk) 17:08, 31 January 2018 (UTC)

You obviously hold a grudge against GNOME. A statement can be relevant even if the context in which it was issued is not directly relevant. You too are just a random person and wiki articles are collaboratively written by random persons. You don't have to represent whole X to make a statement about it. Please refrain from undoing the changes of a wiki maintainer. Thanks. --Larivact (talk) 18:55, 31 January 2018 (UTC)
I do not push my opinion on wiki article unlike you. I expressed many reasons to change the text to remove unneeded long quote just to state some technical arguments. 1) The quote is on unrelated bugzilla issue. 2) The quote is too long can be trimmed. 3) Gnome does not represent whole X word. 4) Gnome design choices are notorious, so I would be skeptical on them. In case you are new to gnome, its devs changed design in a such way, that several forks emerged: Cinnamon, Mate, etc. You are not providing any technical reasons why that quote should be presented fully.--Mxfm (talk) 19:03, 31 January 2018 (UTC)
1) The quote is relevant to the article. 2) The quote doesn't need to be trimmed as it is reasonably long. 3) That does not matter. 4) GNOME design choices have nothing to do with the quote. 5) It is relevant, well-written and has solid arguments. --Larivact (talk) 19:25, 31 January 2018 (UTC)
That's simply not true. The quote expresses 'ebassi' expressions more than technical issues. Why a reader would need a long 5 line quote of some 'ebassi' comment on gnome bugzilla issue from gnome background which is criticized for its design choices? Just leave technical arguments. Why do you want to specifically mention particular gnome dev and link to bugzilla issue? --Mxfm (talk) 19:35, 31 January 2018 (UTC)
I am done debating this with you, as you just keep repeating the same points, I have already addressed. --Larivact (talk) 20:01, 31 January 2018 (UTC)
It seems the discussion continues. By the way, why do you decide to stop the discussion? You claim yourself to be 'wiki maintainer' but I do not see that user group. Neither I see you in administrator group. Why you make decisions here remains unclear. --Mxfm (talk) 20:18, 31 January 2018 (UTC)
Please stop the personal attacks. Yes, Larivact is a maintainer. We'll keep the discussion open until we find a reasonable compromise, and everyone is free to participate or not. -- Lonaowna (talk) 20:23, 31 January 2018 (UTC)
I did not attack him, I questioned his right to moderate discussion.--Mxfm (talk) 03:41, 1 February 2018 (UTC)

I don't think we should mention the middle part of the quote: "you're also running code that will touch files inside your $HOME and may change their ownership on the file system; connect, via IPC, to even more running code, etc". This is also true when you don't run the code as root, but as a regular user. If we scrap that sentence, what remains is basically the same as what Mxfm is proposing, if I'm correct. -- Lonaowna (talk) 20:04, 31 January 2018 (UTC)

Of course it's also true if you run it as a regular user but with root it's an issue. --Larivact (talk) 20:11, 31 January 2018 (UTC)
Malicious code can be executed from user account and 'touch files inside your $HOME' without running as root. For example, this is sometimes mentioned when discussing security of AUR helpers. That quote is not even strictly true.--Mxfm (talk) 20:23, 31 January 2018 (UTC)
Having files owned by root in your home directory is an inconvenience.--Larivact (talk) 20:31, 31 January 2018 (UTC)
Yes, I merely propose to scrap the sentence to this. --Mxfm (talk) 20:23, 31 January 2018 (UTC)
You haven't scraped just this sentence, but most of the quote including the reference link. Technically the quote is correct so if you think that quoting a Gnome developer is not ethically appropriate, surely you can find another, more representative, random person sharing the same or similar opinion which we could quote instead. -- Lahwaacz (talk) 21:12, 31 January 2018 (UTC)
Remaining part of the quote is expressive, I left only technical arguements. I still believe that the quote can be scrapped to the sentences I proposed and provided reasons for doing so. In reply I hear only negations like 'no, the quote is relevant', 'no the quote is entirely techincal', 'no ebassi is important and his name and his opinion can be placed of the top of the article'. The whole discussion is turned into reverting my edits by Larivact and just saying 'no' to arguements. I think that this discussion is too big for the such issue whether to have full quote or to scrap it, since I didn't persuaded you, I see no point in insisting on my edit. --Mxfm (talk) 03:41, 1 February 2018 (UTC)
Since the whole thing boils down to personal gripes, please continue this issue privately via email. It serves no purpose for other wiki editors. Thanks. -- Alad (talk) 20:06, 1 February 2018 (UTC)

Rename article and restructure content to cover both Xorg and Wayland

After making a few edits to Wayland#Running_graphical_applications_as_root, I thought that it may make more sense to move this section here after:

  1. Renaming the article to something like "Running graphical applications as root"
  2. Restructuring its content to distinguish between:
    1. common methods between Xorg and Wayland (sudoedit, GVFS admin:// backend, xhost)
    2. server-specific ones (bashrun, kdesu, straight sudo...).

Any comments on this plan? -- Neitsab (talk) 21:56, 25 April 2018 (UTC)

Sounds good. Xhost can only be used with XWayland though, right? --Larivact (talk) 07:19, 26 April 2018 (UTC)
Thanks for your reply! Yes, I assume that the xhost trick is only for XWayland (but without certainty). This is also a distinction that should be made, between Wayland the protocol and its various compositors. Thanks. --Neitsab (talk) 17:08, 26 April 2018 (UTC)