Lars Noodén via Dng wrote: > On 11/8/21 05:12, tempforever wrote: > [snip]> Lars Noodén via Dng wrote: >>> You could consider running sudoedit instead. That will allow you to >>> edit a file as root (or any other designated account) while still >>> running the editor itself under the unprivileged account. One should >>> not run graphical programs as root, if it can be avoided. >>> >> Thank you for the help also. sudoedit requires user "a" to be in sudo >> group, which I'd prefer not to do. A non-gui text editor invoked with >> su -c will work for now. > > Please take another look at /etc/sudoers because the system is allowed > to have more than one group and users may be in more than one group at a > time. Also, there can be more than one single line in /etc/sudoers or > in any of the files beneath /etc/sudoers.d/ > > Thus you can have a group for account "a" which allows it to run > sudoedit but nothing else, and it doesn't even have to be a new group: > > %a ALL=(ALL:ALL) sudoedit > > See "man sudoers" for that. sudo is certanly one of the most > misunderstood and misused utilities around, in part because of the > tragic default settings spread by the Ubuntu distros, an affliction it > gets from Debian's default settings. > Thanks again for pointing me to sudoers. I was (mistakenly) under the impression that the user had to be in the sudo group. And yes, I did previously use mint/ubuntu. I had played around with sudoers previously for a different system (including once when I messed it up badly, not using visudo; had to boot from a live disk to fix it). You say that sudoedit will run the editor itself under the unprivileged account; however, it appears it does run as root: tempo@dev1:~$ ps aux|grep sudoedit root 3167 0.0 0.1 11176 5332 pts/0 S+ 13:42 0:00 sudoedit /etc/hosts tempo 3177 0.0 0.0 6180 664 pts/1 S+ 13:42 0:00 grep sudoedit
Le 08/11/2021 à 14:16, Didier Kryn a écrit : > There is a hand-made replacement for pkexec and the good old gksu > and gksudo: > > In your sudoers file (edited with visudo), put the following line > > Defaults env_keep = "XAUTHORITY DISPLAY" > > Note there can be other variables in the list, like EDITOR, but the > above are the ones which will allow you to run GUIs under root priviledge. > > Then allow yourself to run foo with sudo (also by editing your sudoers > file vith visudo) and then > > sudo foo Nice to know this also; I can now verify that it does indeed work as you describe. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng