[sf-lug] GKsu has long been EOLed

Rick Moen rick at linuxmafia.com
Fri Feb 15 13:38:06 PST 2019


Quoting Akkana Peck (akkana at shallowsky.com):

> Why? It's just an SD card -- pull it out of the Pi, plug it into my
> normal Linux machine and then do whatever operations I need. 

I _thought_ of mentioning that, but of course many people's laptops lack
an SD card port.  (For reasons mentioned, I'd then run GParted, if I
wanted GParted, by doing 'ssh -Y root at localhost' to get a root shell
with X11 forwarding, and then 'gparted &' to launch it.)

> I have a local sshd, but that gives Permission denied even after I
> type root's password. I guess I'd have to enable ssh-as-root, at
> least for localhost?

Yes.  That's what I referred to, when I said I'm 'not a member of the
must-use-sudo church'.  So, to correct the root user's lack of login
ability:[1]

$ sudo su -
# passwd 
# exit
$

You'd also want to make sure /etc/ssh/sshd_config has 'PermitRootLogin
yes'.  (If it's a machine where you don't wish to allow ssh access other
than from localhost, set 'ListenAddress 120.0.0.1' in that same file.)

> I'm not clear why this would be better than running sudo locally,
> or su-ing before running the command. It's going to be running as
> root on the local machine either way.

Any way that works for you is fine.  I've already said why I like the
'ssh -Y' trick -- and I hope you noticed I didn't say 'you should do
this', but rather 'I like this'.

I also alluded to claims using sudo for that purpose is deprecated (and
the claimed reasons) -- but I didn't look into particulars because I
simply don't use that tool for that purpose.

I mostly wanted to get across the general truth that running graphical
applications, particularly large and complex ones, with root authority
should be strenuously avoided.  I'm not surprised, though, that we
immediately got sidetracked into edge-cases, because I know computerists
and know one _cannot_ discuss general truths without someone diverting
the conversation into edge cases.  ;->  (To some degree, this reflects
direct and indirect influence of Aspies being Aspies.)

> I run X clients from the Raspberry Pi with ssh -X now and then (I'm
> running one now to try to talk to my weather station). I hadn't
> known about -Y, and that looks like it's probably a better option,
> so I'll use that instead. I've never used either one as root, though.

Ever since the X11 SECURITY extension was added to X.org around 2007,
one must do 'ssh -Y' to get the same functionality for which we used to
use 'ssh -X'.  This was a measured response to the ability of a malignly
run remote host to mess with ssh users given unrestricted X11
forwarding, so 'ssh -X' is now less featureful than it formerly was.
For details, you'll have to consult the docs.


[1] Years ago, I noticed that Mac-heads newly arrived on Mac OS X got
downright twitchy when I'd describe to them how to do tasks in a Unixey
way, e.g., copying large directory trees using rsync.  I was amused when
I figured out why:  They worried that Apple, Inc. hadn't blessed the
described methods and tools, and their constant guidestar was Pope Jobs.
I can't help notice that the Ubuntu bunch includes a large contingent
that have a similar devotion to doing only what Pope Shuttleworth tells
them is OK, hence few would seriously consider enabling root login in
any situation.  After all, they're typically not trying to master their
computers, but rather want to use a branded appliance as directed by a
reassuring vendor.

-- 
Cheers,              "I am a member of a civilization (IAAMOAC).  Step back
Rick Moen            from anger.  Study how awful our ancestors had it, yet
rick at linuxmafia.com  they struggled to get you here.  Repay them by appreciating
McQ! (4x80)          the civilization you inherited."           -- David Brin



More information about the sf-lug mailing list