Software & AppsOperating SystemLinux

Why gksu/gksudo and Launching Graphical Apps with sudo Don’t Work with Wayland

Ubuntu 15

Introduction

In the Linux world, running graphical applications with root privileges is a common practice. However, when it comes to the Wayland display server, this practice encounters some challenges. This article will delve into why gksu and gksudo, the popular commands used to launch graphical applications with root privileges, do not work with Wayland. We will also discuss some workarounds that can be used to overcome these limitations.

Understanding gksu and gksudo

gksu and gksudo are command-line tools used in Linux to run graphical applications with root privileges. They provide a graphical interface for sudo, prompting users for their password and then launching the application as the root user.

The Wayland Display Server

Wayland is a modern display server protocol designed to replace the old X.Org server. It offers better performance, improved security, and a simpler design. However, one of its security features is the restriction of running graphical applications as root from the command line, which is why gksu and gksudo do not work with Wayland.

Why gksu/gksudo and sudo Don’t Work with Wayland

The main reason why gksu, gksudo, and sudo for graphical applications do not work with Wayland is due to its security design. Wayland isolates each application in its own sandbox to prevent it from interfering with other applications or the system. This means that applications cannot access the resources of other applications unless explicitly allowed, which includes running applications as the root user.

Workarounds

Despite the restrictions, there are several workarounds that can be used to run graphical applications with elevated permissions in Wayland.

  • Using the gvfs admin backend

In Ubuntu 17.10 and newer versions, you can use the gvfs admin backend to open files with elevated permissions. You can do this by prefixing admin:// to the full filepath of the application you want to open. For example, gedit admin:///path/to/file will open the file with elevated permissions. This method uses PolicyKit and is considered safer than other workarounds.

  • Using the xhost command

Another workaround is to use the xhost command. This command controls the access of the X server. You can allow root access to the X server by using the command xhost si:localuser:root. However, this method is less secure as it opens up the X wrapper for root access. To remove permissions, use the command xhost -si:localuser:root. It is recommended to use this method only if necessary.

  • Running applications with sudo -EH

If an application supports the Wayland API, you can run it as root using the sudo -EH command. The -E switch preserves the user environment, and the -H switch sets the HOME environment variable to the root user’s home directory. This method is considered better and more secure than using xhost.

  • Switching back to Xorg

If you prefer, you can switch back to Xorg as the display server. In Ubuntu 17.10, you can select Xorg as the display server at the login screen. This allows you to use gksu and gksudo as usual.

Conclusion

In conclusion, gksu and gksudo do not work with Wayland due to its security design. However, there are workarounds available such as using the gvfs admin backend, the xhost command, or running applications with sudo -EH. You can also switch back to Xorg if desired. Remember, running applications with root privileges should be done with caution as it can pose a security risk. Always ensure that you understand the implications before proceeding.

Can I use gksu/gksudo with Wayland?

No, gksu/gksudo do not work with Wayland due to its security design.

What are some workarounds to run graphical applications with elevated permissions in Wayland?

Some workarounds include using the gvfs admin backend, using the xhost command, running applications with sudo -EH, or switching back to Xorg as the display server.

How can I use the gvfs admin backend to open files with elevated permissions in Wayland?

In Ubuntu 17.10 and newer versions, you can use the gvfs admin backend by prefixing admin:// to the full filepath of the application you want to open. For example, gedit admin:///path/to/file will open the file with elevated permissions.

How does the xhost command work as a workaround in Wayland?

The xhost command controls the access of the X server. You can allow root access to the X server by using the command xhost si:localuser:root. However, this method is less secure as it opens up the X wrapper for root access. To remove permissions, use the command xhost -si:localuser:root. It is recommended to use this method only if necessary.

What is the sudo -EH command and how can it be used to run applications as root in Wayland?

If an application supports the Wayland API, you can run it as root using the sudo -EH command. The -E switch preserves the user environment, and the -H switch sets the HOME environment variable to the root user’s home directory. This method is considered better and more secure than using xhost.

Can I switch back to Xorg as the display server in Wayland?

Yes, in Ubuntu 17.10, you can select Xorg as the display server at the login screen. This allows you to use gksu and gksudo as usual.

Leave a Comment

Your email address will not be published. Required fields are marked *