Home / ubuntu / Questions / 632798
Accepted
Pilot6
Asked: 2015-06-06 13:21:50 +0800 CST

What specific bad things happen when gedit is used with sudo?

  • 772

I read this answer explaining that "sometimes" root can own something at /home/$USER directory.

Can anyone give an example how to prove it. Just give a test case when something really bad happens, when I run

sudo gedit /etc/rc.local

edit file and save.

I got many downvotes trying to help OP out and comments flooded in saying that it is a crime to run gedit with sudo.

Can anyone give a real example?

I clearly explained why this question is not a duplicate. There is no answer specific to gedit to the linked question.

And it is important to explain why widely used sudo gedit is bad, or not really, etc.

sudo

2 Answers

  1. Well maybe it's a fantasy, but there are a number of people saying the same thing:

    • Why should I use gksudo for Gtk apps instead of sudo?

      There are other times, though, when side effects can be as mild as Firefox extensions not sticking or as extreme as as not being able to log in any more because the permissions on your .ICEauthority changed.

    • Why should users never use normal sudo to start graphical applications?

      Suppose you're running gedit (a graphical text editor) as root. If you run sudo gedit, HOME will continue to point toward your home directory, even though the program is running as root. Consequently, gedit will write configuration files as root into your home directory. This will sometimes result in the configuration files being owned by root and thus inaccessible to you (when you later run the program as yourself and not as root).

    • How to run a GUI program as a different user (Debian)?

      First off, don't use sudo or su to change users to run a graphical process, or you're liable to have problems down the line (~/.ICEauthority changing owner is a notable issue). Instead, create a shortcut that uses the following command:

    • Running Sudo Graphically

      Well, to be perfectly honest, most of the time it isn't. For a lot of applications, you can run them the improper way—using sudo for graphical applications and see no adverse side effects.

      ...

      These errors occur because sometimes when sudo launches an application, it launches with root privileges but uses the user's configuration file.

      This mail archive may also be of interest to you.

    So, let's test it.

    2 brand new virtual boxes. Ubuntu 14.04. Never run firefox on them. What will happen when I run the command sudo firefox?

    tim@Hairy14CVB:~$ sudo firefox    
(process:4857): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed

...

[email protected]:2192:13

    This is the same (or at least very similar) for both virtual boxes. While firefox was running, I installed a youtube extension - a featured one. Then I closed firefox, and checked the output.

    tim@Hairy14CVB:~$ ls -la .ICEauthority 
-rw------- 1 tim tim 1336 Jun  4 21:31 .ICEauthority

    Well, .ICEauthority is fine! However...

    tim@Hairy14CVB:~$ ls -la | grep root
drwxr-xr-x  3 root root 4096 Jun  1 20:49 ..
drwx------  3 root root 4096 Jun  5 22:41 .dbus
drwx------  4 root root 4096 Jun  5 22:41 .mozilla

    3 things in my home folder (/home/tim/) are owned by root (.., .dbus and .mozilla). This is the same (or at least very similar) for both virtual boxes.

    So, does this matter. I wasn't sure, so I ran firefox, like this:

    tim@Hairy14CVB:~$ firefox

(process:4959): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
Error: Access was denied while trying to open files in your profile directory.

    And this ugly error:

    enter image description here

    For the full terminal output (including firefox babble), see these two pastebins, here and here.

    I can still run firefox as root by the way. But now more files have been changed:

    tim@Hairy14VB:~$ ls -la | grep root
drwxr-xr-x  4 root root  4096 Jun  3 19:46 ..
drwx------  3 root root  4096 Jun  5 22:55 .adobe
drwx------  3 root root  4096 Jun  5 22:40 .dbus
drwx------  3 root root  4096 Jun  5 22:55 .macromedia
drwx------  4 root root  4096 Jun  5 22:40 .mozilla

    Was this because I uploaded an image to imgur.com? Not sure.

    How did I fix this? chown. I don't understand it, but the internet said to do it, and it's a Virtual Box so yolo.

    sudo chown -R tim:tim /home/tim/

    And that fixed it. Now the output is just the .. file:

    tim@Hairy14VB:~$ ls -la | grep root
drwxr-xr-x  4 root root  4096 Jun  3 19:46 ..

    And that's the same on my actual computer. Oh, and on my Kubuntu virtualbox:

    tim@Hairy14VB:~$ ls -la | grep root
drwxr-xr-x  3 root root  4096 May 16 14:10 ..

    Which I've never even run a sudo command on. So all is well. Just don't run sudo on a GUI application.

    Final test: run it with the -H and the -i flags:

    sudo -H firefox

    and

    sudo -i firefox

    And good news! Still, the only root "thing" is ... And I can run firefox without root.

    OP wants me to talk about Gedit.

    I ran

    sudo gedit

    Then installed some random plugins. This was the output:

    tim@Hairy14VB:~$ ls -la | grep root
ls: cannot access .gvfs: Permission denied
drwxr-xr-x  4 root root   4096 Jun  3 19:46 ..

    Note that I can't even view the ownership of .gvfs so I did this:

    tim@Hairy14VB:~$ sudo ls -la | grep root
drwxr-xr-x  4 root root   4096 Jun  3 19:46 ..
dr-x------  2 root root      0 Jun  6 10:05 .gvfs

    So running sudo gedit does change a file in my home directory to root.

    I can still open gedit, but this time I get some garbage out:

    (gedit:7422): Gtk-WARNING **: Attempting to read the recently used resources file at `/home/tim/.local/share/recently-used.xbel', but the parser failed: Failed to open file '/home/tim/.local/share/recently-used.xbel': Permission denied.

    And that suggests there is another file (~.local/share/recently-used.xbel) that's been changed. I think this is the Recently used list of files and (lucky guess) I now no longer have my list of recently used files:

    There should be a file there called output2.txt.save2. My pronouns are He / Him

    • 12
  2. Best Answer

    As far as sudo gedit, nothing dire, just poor practice, especially as of late. How much harder would it be to suggest sudo -H gedit?

    -H, --set-home Request that the security policy set the HOME environment variable to the home directory specified by the target user's password database entry. Depending on the policy, this may be the default behavior.

    What does happen?

    You get a couple of root owned files in your home folder. One (recently-used.xbel) will likely return to user ownership. This can happen when a file is deleted and re-created. To see what sudo gedit has changed, run find ~ -user root -group root and see what is returned. By default, this is should be nothing.

    With that command, you may see a couple files owned by root. One would be a new .file, .gvfs, and sooner or later a root-owned ~/.cache/dconf and the aforementioned recently-used.xbel.

    So no 'the sky is failing' stuff, but still. Now there have been reports that continued use causes other issues but not going to claim what I don't see here.

    Also note that as of 13.10 a sudo gedit will use the user's gedit config rather than root's gedit config. Again just bad practice so why continue to do so or suggest others do so?

    • 10