On running gui applications as root
Ian Malone
ibmalone at gmail.com
Wed Nov 18 23:57:51 UTC 2015
On 18 November 2015 at 23:38, Reindl Harald <h.reindl at thelounge.net> wrote:
>
>
> Am 18.11.2015 um 19:49 schrieb Adam Jackson:
>>
>> On Tue, 2015-11-17 at 17:30 +0000, Andrew Haley wrote:
>>>
>>> On 11/02/2015 03:05 PM, Adam Jackson wrote:
>>>>
>>>> But, why take the risk exposure, when you could simply not?
>>>
>>>
>>> How else would I edit root-owned files? I don't get it. I mean,
>>> I guess I could run an editor in a text window, but I don't want to
>>> do that.
>>
>>
>> That's kind of a non sequitur. To a first order, there are zero root-
>> owned files you need to edit routinely. And I feel pretty comfortable
>> calling any counterexamples bugs that need fixing
>
>
> hopefully all configuration files on your system are root-owned and
> "routinely" is not black and white because it depens on your use-cases
>
> as serveradmin you *routinely* edit root-owned files and *yes* i pull them
> from 35 machines to a dedicated admin server and open them all together in a
> GUI editor with tabs to make changes i want to have on all servers while the
> file itself is machine specific
>
> why?
>
> because it's much faster than login to each and every machine when i can
> pull them with a script, edit them centralized and push them back followed
> by a "distribute-command 'systemctl condrestart affected-service'" and it
> saves a ton of overhead for configuration management tools with their own
> security issues all the time
>
Technically if doing this then the editing only needs to be done as
the owner of the copies and it's the process of copying them back that
requires root permission on the target machine.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the devel
mailing list