Share via:

The Problem with Sudo and GUI Applications

About the problem with using sudo with graphical programs in Linux.

1584 views
d

By. Jacob

Edited: 2017-12-16 16:08

Disable Ubuntu guest session

There has been a lot of confusion about running GUI applications in Linux using the sudo command, so this article will attempt to clear up some of this mess.

Running graphical programs using sudo in Ubuntu is basically fine – in many cases. However, in some freak cases it might cause problems!

Traditionally some Linux users would recommend the use of gksudo instead, but this has been removed in recent versions of Ubuntu, and will need to be installed before we can use it. This is a problem, because it seems we have no other alternative.

To install gksudo simply run this in a terminal:

sudo apt install gksu
gksu-properties

Running graphical (GUI) programs as root

The problem with using plain sudu is that you are running the program as your own user with elevated privileges, which means that your $home directory will still be your own, while you will be running the program with root privileges. Obviously, it is not hard to imagine that this could cause problems in some cases. It could in worst case change the ownership of your personal files to root and prevent you from booting up the system.

Running graphical applications with root privileges is not bad in itself, the problem is that it is poorly supported in Linux. In fact, you might find yourself in many situations where it is more convenient to using the terminal.

It is very common for desktop users to run the file manager (Nautilus in Ubuntu) as root when installing programs and performing system tasks, because it is usually faster and easier than typing commands in the terminal. Desktop users, in particular, prefer using GUIs, and there is nothing wrong with that. What is a very serious problem, however, is the fact that Linux does not yet offer a decent desktop experience due to multiple "tiny" missing features and bugs related to GUIs.

I really hope that Linux developers will be more smart about this in the future, so that users will not accidentally mess up their systems. Maybe one way to improve Ubuntu, would be to use Nemo instead of Nautilus, since it comes with a open as root feature, and also includes compact view. Both are features which a veteran desktop user would likely expect out-of-the-box.

Since gksudo is no longer available, what should you use instead? The answer is simple. Currently the official recommendation seems to be that you use gksudo (Ubuntu) or kdesudo (Kubuntu). But, confident users may also use normal sudo or sudo -i.

Using sudo -i or sudo -H

You will often see recommendations to either use sudo -i or sudo -H. For the most part, these seem to be safe. However, while they correctly set the $home and $PATH variables, they will leave out $XAUTHORITY. So, this sadly appears to be a very complex issue. It makes me wonder why anyone would want to remove gksudo, without creating an alternative. It degrades the desktop experience significantly.

Instead of using those, it might be better to install gksudo.

If you are confident that nothing will happen as a result as using sudo with your particular application, you may do like below:

sudo -i [program name]

The -i ensures that the program will be run as root in the root environment, including using the $home directory of root rather than the environment of your user. I have personally never run into problems while using sudo -i. However, it is worth considering alternative solutions.

Tip: The Nemo file manager has a Open as root right-click feature, which you can use instead of working with the Terminal.

You should make sure to close any applications and terminal windows with root access once you are done using them, but this is likely most relevant for system administrators, and if you are worried that someone with physical access to the system might take advantage of the situation.

The problem is also with developers of certain applications, such as Nautilus and gedit. They should include a root option out of the box. Or, distributions, such as Ubuntu, should shift to another app that includes it, since desktop users expect such basic features.

Dangers in using plain sudo

As mentioned earlier, the problem with using plain sudo is that you will be running the application with your own users environment. The problem can be seen when checking the $HOME and $PATH variables after running the different variants of sudo. I.e.:

k@DreamMachine:~$ sudo -i
[sudo] password for k: 
root@DreamMachine:~# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/snap/bin
root@DreamMachine:~# echo $HOME
/root
root@DreamMachine:~# 

In this case the $HOME path was correctly set to /root which is what we want for GUI applications. This avoids the problem where some programs might change the ownership of your own users files to root, and thereby potentially ruining something.

Potentially, it can also compromise the security of the system, since you are running code as root that might not have been tested for security problems.

Sources

  1. https://help.ubuntu.com/community/RootSudo#Graphical_sudo

Comments