Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using CentOS 7.1 Gnome. I want to open opera browser as root every-time. I added 'beesu' to 'Exec' line in .desktop file.
It works, but only first time. If I close and reopen again, it wont ask for password. Also all other programs with 'beesu' added wont ask for password either.
I want password to be asked every time I open program. How do i achieve that?
Best practices are sets of programs and settings that prevent data issues. One of the most common ones used is to limit every user to the most minimal set of permissions needed to perform their work. I'm at a loss as to find any use for a root level user to run a browser.
If I were to play I think I'd just run gnomes sudo. Something like gtksudo or such
But what's wrong if I want to open software as root and not as regular user?
Because it's a horrible security vulnerability. Web browsers are about the least secure part of your computer - malicious code can be injected through flash or java vulnerabilities, popups can trigger downloads that might get executed, etc. At least when you run it as a regular user any damage will be limited to those files/dirs your user has access to (likely just their home directory). When you run it as root it can do anything to your machine that it wants.
to: mangya
root should be used only for administrative tasks on the system or where root privileges is required.
If you still want to use root when web browsing. You can do something like Selinux sandboxing. Here is an excerpt from the article.
Quote:
It is hard to keep your browser away from untrusted web scripts and applications. The SELinux Sandbox locks those untrusted apps into a safe place where they cant do mischief.
I was just trying to figure it out how to open a program as a superuser in shared Linux PC/Server, so that when I'm away, regular users cannot reopen the program/app I had just closed. I am assuming here I don't have an account as regular user, I'm just a admin. Opera was just a object of my experimentation. It could be any gui program, say a vlc player and I want to play a video that is stored in /root. The problem I'm facing was, when I open any program with 'beesu' prefixed, first time it will ask password, second time if i reopen again, it will not ask password. As a matter of fact, it will not ask password for any 'beesu' prefixed program. I'm trying to solve just this.
I never knew opening a browser as a root is asking for trouble. In fact, I always opened firefox browser as root without knowing the consequence of it. Thanks for insight.
@gcc-c++, thanks for pdf file. sandbox is really an interesting idea. I installed 'policycoreutils-sandbox' package and everything working perfectly fine.
In commercial organisations you may well have to apply to your line manager, the Business user or some higher authority before being granted authorisation to elevate your privilege to carry out the operation.
I come from a hardware background rather than a software one so hope my illustrations above are OK.
(Whu? Upgrade your OS? Not me Chiefy, I'm engines!)
I was just trying to figure it out how to open a program as a superuser in shared Linux PC/Server, so that when I'm away, regular users cannot reopen the program/app I had just closed. I am assuming here I don't have an account as regular user, I'm just a admin.
You should always be a normal user rather than root, because it protects you from a lot of accidents, especially if you are in the habit of using the CLI.
What would be the problem with someone else using a browser? They can't see your history, for it's in your $HOME. You could always alter the permissions for the binary so that only members of a specific group (of which you are the sole member) can use it, and delete it from their menus (to stop them wondering why it won't run).
I was just trying to figure it out how to open a program as a superuser in shared Linux PC/Server, so that when I'm away, regular users cannot reopen the program/app I had just closed. I am assuming here I don't have an account as regular user, I'm just a admin.
I assume you already have an account or are you using the same account as used by another user? If so, create yourself a user account and set the permissions on (chmod(1)) your $HOME directory to make it private to you (i.e. chmod it to 700). Use su(1) to become root rather than logging in directly as root.
Quote:
Originally Posted by mangya
Opera was just a object of my experimentation. It could be any gui program, say a vlc player and I want to play a video that is stored in /root. The problem I'm facing was, when I open any program with 'beesu' prefixed, first time it will ask password, second time if i reopen again, it will not ask password. As a matter of fact, it will not ask password for any 'beesu' prefixed program. I'm trying to solve just this.
As a general rule, do not run any graphical programmes as root (there is also no real need for root file managers or root terminals).
The problem I'm facing was, when I open any program with 'beesu' prefixed, first time it will ask password, second time if i reopen again, it will not ask password. As a matter of fact, it will not ask password for any 'beesu' prefixed program. I'm trying to solve just this.
You'll never solve this. if you read the documentation for beesu it says "while the session is active beesu can run any application as root without asking you to enter your root password."
If that isn't what you want to do, don't use beesu.
Furthermore, as others have said, the only things you should ever do as root are where it is absolutely necessary to have root privileges. You definitely should not store videos etc. in the /root directory.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.