sudo vs. gksu

[Tony Arnold]

Markus,

Markus Schönhaber wrote:
> Tony Arnold wrote:
> 
>> Nils Kassube wrote:
> 
>>> With sudo some applications access / modify the user's config files as 
>>> root. From then on they are owned by root and the user can no longer 
>>> access / modify them. That leads to unusual error messages which only 
>>> long time users can trace back to the permission problem. With gksu (or 
>>> kdesu if you use kde) this problem is avoided.
>> Can you explain how this problem is avoided with gksu, or gksudo? So far
>> as I can see using one of these causes the application to run with UID
>> of 0, i.e., root. The app has no knowledge of how it was invoked, so any
>> files is creates will be owned by root.
> 
> AFAICS gksudo changes HOME to /root (or to the home directory of the
> user it executes the command under). So, the files created will, in
> fact, be owned by root. But if those files are created in $HOME they are
> created in ~ of the user changed to, not in ~ of the user issuing gksudo.
> Maybe, the same effect could be achieved by using sudo -H instead of gksudo.

OK, I understand what s going on now. Mario's URL he posted earlier was
very helpful.

It's a shame the man page for gksudo does not appear to explain this; it
says is a GUI front-end for sudo!

>> Your explanation applies to running any app, not just graphical ones.
> 
> Indeed. But as I understand it, it's the graphical apps which are
> considered most likely to cause problems for the average user.

Yes, that's probably true.

As is quite often the case, the reasons behind a simple instruction
turns out to be quite complicated!

Regards,
Tony.
-- 
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold