Hello

I am using CentOS 7.1 Gnome. I want to open opera browser as root every-time. I added 'beesu' to 'Exec' line in .desktop file.

It works, but only first time. If I close and reopen again, it wont ask for password. Also all other programs with 'beesu' added wont ask for password either.

I want password to be asked every time I open program. How do i achieve that?

Here is opera's .desktop file contents:

Thanks

Why?

1 members found this post helpful.

Its a test server. I'm just experimenting. But what's wrong if I want to open software as root and not as regular user?

Best practices are sets of programs and settings that prevent data issues. One of the most common ones used is to limit every user to the most minimal set of permissions needed to perform their work. I'm at a loss as to find any use for a root level user to run a browser.

If I were to play I think I'd just run gnomes sudo. Something like gtksudo or such

1 members found this post helpful.

Because it's a horrible security vulnerability. Web browsers are about the least secure part of your computer - malicious code can be injected through flash or java vulnerabilities, popups can trigger downloads that might get executed, etc. At least when you run it as a regular user any damage will be limited to those files/dirs your user has access to (likely just their home directory). When you run it as root it can do anything to your machine that it wants.

1 members found this post helpful.

to: mangya
root should be used only for administrative tasks on the system or where root privileges is required.

If you still want to use root when web browsing. You can do something like Selinux sandboxing. Here is an excerpt from the article.

http://people.redhat.com/tscherf/art...en_selinux.pdf

I've never done sandboxing before, but you can create policies for apps with restrictions to the system. Centos/Redhat/Fedora have selinux.

1 members found this post helpful.

Thank you all very much.

I was just trying to figure it out how to open a program as a superuser in shared Linux PC/Server, so that when I'm away, regular users cannot reopen the program/app I had just closed. I am assuming here I don't have an account as regular user, I'm just a admin. Opera was just a object of my experimentation. It could be any gui program, say a vlc player and I want to play a video that is stored in /root. The problem I'm facing was, when I open any program with 'beesu' prefixed, first time it will ask password, second time if i reopen again, it will not ask password. As a matter of fact, it will not ask password for any 'beesu' prefixed program. I'm trying to solve just this.

I never knew opening a browser as a root is asking for trouble. In fact, I always opened firefox browser as root without knowing the consequence of it. Thanks for insight.

@gcc-c++, thanks for pdf file. sandbox is really an interesting idea. I installed 'policycoreutils-sandbox' package and everything working perfectly fine.

Thank you all.

Admins generally only elevate their privileges to root when required using either (Red Hat Linux and derivatives) or in Debian derivatives.

In commercial organisations you may well have to apply to your line manager, the Business user or some higher authority before being granted authorisation to elevate your privilege to carry out the operation.

I come from a hardware background rather than a software one so hope my illustrations above are OK.

(Whu? Upgrade your OS? Not me Chiefy, I'm engines!)

Play bonny!

1 members found this post helpful.

Perhaps the OP is nostalgic for Windows and misses the system becoming riddled with malware and corrupted?

You should always be a normal user rather than root, because it protects you from a lot of accidents, especially if you are in the habit of using the CLI.

What would be the problem with someone else using a browser? They can't see your history, for it's in your $HOME. You could always alter the permissions for the binary so that only members of a specific group (of which you are the sole member) can use it, and delete it from their menus (to stop them wondering why it won't run).

1 members found this post helpful.

I assume you already have an account or are you using the same account as used by another user? If so, create yourself a user account and set the permissions on (chmod(1)) your $HOME directory to make it private to you (i.e. chmod it to 700). Use su(1) to become root rather than logging in directly as root.

As a general rule, do not run any graphical programmes as root (there is also no real need for root file managers or root terminals).

2 members found this post helpful.

You'll never solve this. if you read the documentation for beesu it says "while the session is active beesu can run any application as root without asking you to enter your root password."

If that isn't what you want to do, don't use beesu.

Furthermore, as others have said, the only things you should ever do as root are where it is absolutely necessary to have root privileges. You definitely should not store videos etc. in the /root directory.

All of the above advice, plus
If you've got admin privs, then CREATE a personal non-privileged acct....

Switch to Debian and do it with "gksudo". In CentOs you will have to do it with policykit. Good luck. May the force be with you.

But really, to be serious. I can't see any kind of valid reason to do it.