LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-15-2015, 03:49 AM   #1
mangya
Member
 
Registered: Jul 2015
Distribution: CentOS
Posts: 84

Rep: Reputation: Disabled
Open browser as superuser every-time


Hello

I am using CentOS 7.1 Gnome. I want to open opera browser as root every-time. I added 'beesu' to 'Exec' line in .desktop file.

It works, but only first time. If I close and reopen again, it wont ask for password. Also all other programs with 'beesu' added wont ask for password either.

I want password to be asked every time I open program. How do i achieve that?

Here is opera's .desktop file contents:

Code:
cat /usr/share/applications/rfremix-opera-developer.desktop 

[Desktop Entry]
Version=1.0
Name=Opera Developer
GenericName=Web browser
Comment=Fast and secure web browser
TryExec=opera-developer
#Exec=opera-developer --force-native-window-frame=false %U
Exec=beesu 'opera-developer --force-native-window-frame=false %U'
Terminal=false
Icon=opera-developer
Type=Application
Categories=Network;WebBrowser;X-Fedora;
MimeType=text/html;text/xml;application/xhtml_xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;
Actions=NewWindow;NewPrivateWindow;

X-Desktop-File-Install-Version=0.21

[Desktop Action NewWindow]
Name=New Window
Exec=opera-developer --new-window
#TargetEnvironment=Unity

[Desktop Action NewPrivateWindow]
Name=New Private Window
Exec=opera-developer --private
#TargetEnvironment=Unity
Thanks
 
Old 07-15-2015, 04:10 AM   #2
cynwulf
Senior Member
 
Registered: Apr 2005
Location: The Black Country, UK
Posts: 1,741
Blog Entries: 1

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
Quote:
Originally Posted by mangya View Post
I want to open opera browser as root every-time.
Why?
 
1 members found this post helpful.
Old 07-15-2015, 04:28 AM   #3
mangya
Member
 
Registered: Jul 2015
Distribution: CentOS
Posts: 84

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by cynwulf View Post
Why?
Its a test server. I'm just experimenting. But what's wrong if I want to open software as root and not as regular user?
 
Old 07-15-2015, 03:55 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,374

Rep: Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198
Best practices are sets of programs and settings that prevent data issues. One of the most common ones used is to limit every user to the most minimal set of permissions needed to perform their work. I'm at a loss as to find any use for a root level user to run a browser.

If I were to play I think I'd just run gnomes sudo. Something like gtksudo or such

Last edited by jefro; 07-18-2015 at 05:09 PM.
 
1 members found this post helpful.
Old 07-15-2015, 04:08 PM   #5
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by mangya View Post
But what's wrong if I want to open software as root and not as regular user?
Because it's a horrible security vulnerability. Web browsers are about the least secure part of your computer - malicious code can be injected through flash or java vulnerabilities, popups can trigger downloads that might get executed, etc. At least when you run it as a regular user any damage will be limited to those files/dirs your user has access to (likely just their home directory). When you run it as root it can do anything to your machine that it wants.
 
1 members found this post helpful.
Old 07-15-2015, 05:10 PM   #6
gcc-c++
LQ Newbie
 
Registered: Jul 2015
Posts: 3

Rep: Reputation: Disabled
to: mangya
root should be used only for administrative tasks on the system or where root privileges is required.

If you still want to use root when web browsing. You can do something like Selinux sandboxing. Here is an excerpt from the article.

Quote:
It is hard to keep your browser away from untrusted web scripts and applications. The SELinux Sandbox locks those untrusted apps into a safe place where they cant do mischief.
http://people.redhat.com/tscherf/art...en_selinux.pdf

I've never done sandboxing before, but you can create policies for apps with restrictions to the system. Centos/Redhat/Fedora have selinux.

Last edited by gcc-c++; 07-15-2015 at 05:15 PM.
 
1 members found this post helpful.
Old 07-17-2015, 03:19 AM   #7
mangya
Member
 
Registered: Jul 2015
Distribution: CentOS
Posts: 84

Original Poster
Rep: Reputation: Disabled
Thank you all very much.

I was just trying to figure it out how to open a program as a superuser in shared Linux PC/Server, so that when I'm away, regular users cannot reopen the program/app I had just closed. I am assuming here I don't have an account as regular user, I'm just a admin. Opera was just a object of my experimentation. It could be any gui program, say a vlc player and I want to play a video that is stored in /root. The problem I'm facing was, when I open any program with 'beesu' prefixed, first time it will ask password, second time if i reopen again, it will not ask password. As a matter of fact, it will not ask password for any 'beesu' prefixed program. I'm trying to solve just this.

I never knew opening a browser as a root is asking for trouble. In fact, I always opened firefox browser as root without knowing the consequence of it. Thanks for insight.

@gcc-c++, thanks for pdf file. sandbox is really an interesting idea. I installed 'policycoreutils-sandbox' package and everything working perfectly fine.

Thank you all.
 
Old 07-17-2015, 01:09 PM   #8
Soadyheid
Senior Member
 
Registered: Aug 2010
Location: Near Edinburgh, Scotland
Distribution: Cinnamon Mint 17.0 at present.
Posts: 1,167

Rep: Reputation: 201Reputation: 201Reputation: 201
Quote:
I am assuming here I don't have an account as regular user, I'm just a admin.
Admins generally only elevate their privileges to root when required using either
Code:
$su
<root password>
#
(Red Hat Linux and derivatives) or
Code:
$ sudo <command required>
password: <user's password>
$
in Debian derivatives.

In commercial organisations you may well have to apply to your line manager, the Business user or some higher authority before being granted authorisation to elevate your privilege to carry out the operation.

I come from a hardware background rather than a software one so hope my illustrations above are OK.

(Whu? Upgrade your OS? Not me Chiefy, I'm engines!)

Play bonny!

 
1 members found this post helpful.
Old 07-17-2015, 06:56 PM   #9
normanlinux
Member
 
Registered: Apr 2013
Distribution: Arch and SuSE
Posts: 135

Rep: Reputation: Disabled
Nostalgia?

Perhaps the OP is nostalgic for Windows and misses the system becoming riddled with malware and corrupted?
 
Old 07-18-2015, 12:18 PM   #10
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,164

Rep: Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223
Quote:
Originally Posted by mangya View Post
I was just trying to figure it out how to open a program as a superuser in shared Linux PC/Server, so that when I'm away, regular users cannot reopen the program/app I had just closed. I am assuming here I don't have an account as regular user, I'm just a admin.
You should always be a normal user rather than root, because it protects you from a lot of accidents, especially if you are in the habit of using the CLI.

What would be the problem with someone else using a browser? They can't see your history, for it's in your $HOME. You could always alter the permissions for the binary so that only members of a specific group (of which you are the sole member) can use it, and delete it from their menus (to stop them wondering why it won't run).
 
1 members found this post helpful.
Old 07-21-2015, 10:07 AM   #11
cynwulf
Senior Member
 
Registered: Apr 2005
Location: The Black Country, UK
Posts: 1,741
Blog Entries: 1

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
Quote:
Originally Posted by mangya View Post
Thank you all very much.

I was just trying to figure it out how to open a program as a superuser in shared Linux PC/Server, so that when I'm away, regular users cannot reopen the program/app I had just closed. I am assuming here I don't have an account as regular user, I'm just a admin.
I assume you already have an account or are you using the same account as used by another user? If so, create yourself a user account and set the permissions on (chmod(1)) your $HOME directory to make it private to you (i.e. chmod it to 700). Use su(1) to become root rather than logging in directly as root.

Quote:
Originally Posted by mangya View Post
Opera was just a object of my experimentation. It could be any gui program, say a vlc player and I want to play a video that is stored in /root. The problem I'm facing was, when I open any program with 'beesu' prefixed, first time it will ask password, second time if i reopen again, it will not ask password. As a matter of fact, it will not ask password for any 'beesu' prefixed program. I'm trying to solve just this.
As a general rule, do not run any graphical programmes as root (there is also no real need for root file managers or root terminals).
 
2 members found this post helpful.
Old 07-21-2015, 11:42 AM   #12
normanlinux
Member
 
Registered: Apr 2013
Distribution: Arch and SuSE
Posts: 135

Rep: Reputation: Disabled
Quote:
Originally Posted by mangya View Post
Thank you all very much.

The problem I'm facing was, when I open any program with 'beesu' prefixed, first time it will ask password, second time if i reopen again, it will not ask password. As a matter of fact, it will not ask password for any 'beesu' prefixed program. I'm trying to solve just this.
You'll never solve this. if you read the documentation for beesu it says "while the session is active beesu can run any application as root without asking you to enter your root password."

If that isn't what you want to do, don't use beesu.

Furthermore, as others have said, the only things you should ever do as root are where it is absolutely necessary to have root privileges. You definitely should not store videos etc. in the /root directory.
 
Old 07-22-2015, 06:09 AM   #13
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
All of the above advice, plus
Quote:
I'm just a admin
If you've got admin privs, then CREATE a personal non-privileged acct....
 
Old 07-22-2015, 07:19 AM   #14
tweaklinux
LQ Newbie
 
Registered: Jul 2015
Posts: 11

Rep: Reputation: Disabled
Switch to Debian and do it with "gksudo". In CentOs you will have to do it with policykit. Good luck. May the force be with you.

But really, to be serious. I can't see any kind of valid reason to do it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to open application and after some time(time delay) automatically it should close santosh vyduyla Linux - Newbie 4 05-28-2013 12:09 AM
LXer: Proprietary Browser vs. Open Source Browser | Market Share Analysis LXer Syndicated Linux News 0 11-01-2012 08:21 PM
First post after being a long time browser. User\ Name=`echo $USER` LinuxQuestions.org Member Intro 3 10-01-2012 05:20 PM
Long time lurker, first time poster - suggested open source projects? gsjones Programming 7 08-17-2010 08:05 AM


All times are GMT -5. The time now is 12:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration