I found a (lengthy) guide to doing this but it is for gksu which is gone. I have to imagine there’s an easy way. I am running Ubuntu. There is no specific use case, it is just a feature I miss from windows.
EDIT: I always expect a degree of hostility and talking-down from the desktop Linux community, but the number of people in this thread telling me I am using my own computer that I bought with my own money in a way they don’t prefer while ignoring my question is just absurd and frankly should be deeply embarrassing for all of us. I have strongly defended the desktop Linux community for decades, but this experience has left a sour taste in my mouth.
Thank you to the few of you who tried to assist without judgement or assumptions.
You don’t need to run any GUI programs as root.
Now this is actually wrong. Firewall gui for example requires root. There are similar sysadmin guis that need it too
Sysadmin GUI tools are designed to be secure by isolating GUI from privileged process. That is not true for a random GUI app.
deleted by creator
deleted by creator
No. It’s ”you probably shouldn’t run them with sudo” , many GUIs need root for certain tasks. I recommend using
pkexecinstead of sudo, you can add it to the .desktop file and when you launch the application it’ll give you a GUI authentication prompt.Probably? They won’t run with
sudonormally (in xorg at least). And only those explicitly allowed to be run withpkexecby maintainers will do. Of course it is possible to evade this restriction, but you definitely should not.There’s plenty of GUI applications that’ll run just fine with sudo. For example BleachBit.
The commonality between these applications is when they were written, what (outdated) toolkit they use, etc.
Sudo is just not made for use with GUI and can possibly lead to bad behavior.
pkexecleverages PAM & Polkit and is intended for GUIs.It’s not when app was written. Wayland apps probably work with sudo, x11 don’t because sudo does not pass the
$DISPLAYenvironment variable. It’s a correct behavior of sudo because running x11 apps with root permission you create a security hole.sudo -EI know. Don’t do this. Read the manual.
Polkit was created in 2009 & PAM was created in 1995. GNU dates back to 1984, so… There’s still quite a handful of programs that are likely still maintained to this day that don’t properly take advantage of them or other auth systems made to be able to handle GUIs in a secure fashion. BleachBit being released in 2008, predates Polkit and afaik, bleachbit doesn’t leverage polkit by default, at least not on Arch.
Idk what is bleachbit. But I know that “auth systems” can’t “handle GUIs in a secure fashion”. The app itself can be secure or not. By default they are not secure if they provide a GUI running in privileged process.
I’ve always run gparted as root because it never seems to integrate with polkit right. A bunch of other tools that require low level disk access have the same problem. I’ve even needed root access for a program under WINE at some point to work around some silly permission bug
You’re partially right, whatever can be accomplished by running nautilus as root can be done by using
admin://paths instead, but there are legitimate reasons to run GUI programs as root.Nope. Running GUI as root in the same X server as unprivileged apps is insecure because each of them can take control over privileged window. IDK if this issue has been addressed in Wayland, but anyway there are no wayland-only distros nowadays.
Any X window can control any other X window for sure, but I’m not sure why a malicious program would go through nautilus when they can just
aliassudo in .bashrc. It’s not like Linux users tend to do regular virus scans anyway.Wayland does prevent this flaw, but it also makes running GUI programs as root kind of messy.
Now i question why the whole GUI needs to run as root (even in working default config) instead of just the tool running the command with root.
Many GUIs were written before polkit was set up and having to enter your root password constantly is a pain. In theory these programs could spawn a long running shell and elevate privileges in there, but that’s just running the program as root with extra steps.
Also, most programs are more than wrappers around command line tools, so splitting them into a low and hig privilege component would be a pain. It would be much more secure, for sure, but there’s only so much effort you can expect from software given to you for free.
But not gparted.
Partially, for sure. But there are some operations that are done natively. Those could be spawned off into a
ddcommand, of course, but without rewriting that code, you need gparted to be elevated for copying (and I believe moving) partitions.There’s one in every thread.
I have no idea what you are talking about. The answer to your question is: this is impossible and this is done for purpose. Don’t try to work in linux like in windows.
Your attitude.
It’s not attitude they are giving you. It’s strong recommendation. It’s the strong recommendation of the entire Linux community.
Sudo is different than run as admin and is not intended to be used to do things the way Windows does them.