I found a (lengthy) guide to doing this but it is for gksu which is gone. I have to imagine there’s an easy way. I am running Ubuntu.
I see no “hostility” and “talking down” here. You shouldn’t be running GUI programs with sudo, and the fact that you’ve been using Linux for X amount of years doesn’t change that.
I think the talking down aspect comes from phrases like “you shouldn’t be doing X”, especially when these statements are made as absolutes, rather than contextualised with actual reasons.
Running GUI programs as root might cause security problems, or it might cause software problems. And while you might find these issues important, others might not.
In my opinion, saying something like “it’s not a good idea if you care about security” or “doing so might make your PC burst into flames” gives helpful warnings for OP and future readers without talking down to them by making decisions for them what they should and should not do.
That’s not a good idea as root isn’t the same as an Administer account. Also, you might want to consider why you are running programs as root. You may have a chicken and the egg problem.
Maybe step back and give us some more context.
It depends on the file browser you are using.
The default, nautilus.
“Run as Adminstrator” in the context menu is a default feature in Windows. It seems odd I’m the first person to want this in Linux.
It is rare that you would want to run an entire GUI program as root, and if it is needed, the program should prompt you for it. Do you have a specific use case where you need to do that regularly?
Not regularly, but the most common use I’ve encountered is text files used in various configurations.
Not necessarily a satisfactory solution for you, but the usual way to handle that is just using a text editor in the shell with sudo, like nano or vim. It’s pretty fast and easy once you get used to it. I don’t know if there are any good graphical ways of doing it.
I know. That’s what I’ve been doing for years. I could also just
sudo gedit file directory filenamebut it’s SO much easier to right-click “open as admin” which is why I asked.That is the 1% I mentioned, and the easiest way is installing this https://github.com/nautilus-extensions/nautilus-admin which I think is in the apt repos, so probably
sudo apt install nautilus-adminworks.But I STRONGLY encourage you NOT to install this, you’ve already made a mess of permissions on your computer that by your own account caused you many headaches by running graphical programs with sudo without any need.
I would suggest right-click in the folder in your file explorer -> open in terminal ->
sudo nanoautocomplete file name (tab tab). At least to me that doesn’t seem that much more involved and is safer. Otherwise, as others have noted, there are apparently ways of doing what you want, but it is discouraged for good reasons.
You’re not the first person to want this in Linux. As others mentioned, a form of it is built in. Much like windows apps that require elevated privileges. Similarly Linux apps will prompt for a password during launch if required on a properly configured OS. I’m not going to argue that it shouldn’t exist. I’ve rarely ever run a sudo <gui app> from the terminal, but the few times I have over the last decade+, Dolphin file manager has a nice option for the terminal built into it which makes it easy.
That’s not how that should work. You also shouldn’t need that in Windows either.
Programs that need Admin rights will ask for it. There are a fee limited cases but most of the time it creates more problems than it solves.
From your comments I’ve read it sounds like there is more to this story. Can you share what you are trying to do? On gnome gnome disks can run fine under the user. It will elevate when it needs to and it is designed with least privilege.
For file shares root is pretty much meaningless in most contexts. If you don’t have access you don’t have access as authentication is handled server side. If you setup a automatic mount check your mount options as you can set it to be owned by the local user. Also if you mounted the share in a graphical file utility such as nautilus it will be mounted for the local user so you will not need root.
Root should be used very sparingly. It is not the same as Admin on Windows. It is almost equivalent to the SYSTEM user on Windows.
You have no idea what that would do in Linux. First read some documentation, then decide if you really need it. I guess you can see by the number of people trying to put you on the right path that what you want is not a good idea.
I’m not a child with a machine gun, I just don’t want to go to the terminal every time.
Then let us address the underlying issue. You should not need root for the majority of tasks and never for desktop usage.
It sounds like something got messed up when you ran a different program as root.
There used to be an addon you could use, but I stopped using it ages ago so I’m not sure if it’s still maintained. I think it was called
nautilus-adminbut there was also another script.As a workaround, you can edit the address bar (ctrl+L, there’s no button because Gnome is weird) and add “admin://” to the start of the path. This is exactly what the addon used to do for you through a menu item.
As an added bonus, this doesn’t require you to run nautilus (and therefore all kinds of sketchy file parsers) as root.
As for why you seem to be the only person who wants this: running software as root has an annoying tendency to fuck up cache permissions (if environment files aren’t loaded correctly), has graphical glitches, and violates a lot of security assumptions developers make. Wireshark, for instance, will refuse to run certain code if you launch it as root because it wasn’t designed to protect the user from malicious scripts in that scenario. I’ve run programs as root for year sand I’ve seen the many ways in which it’ll subtly mess up your system.
There’s nothing preventing you from adding a context menu item to launch programs as root, but it’s not an included feature for good reason.
ctrl+L, there’s no button because Gnome is weird
Oh my gosh, this is so useful. The lack of an address bar was driving me insane. Thanks.
You don’t need to run any GUI programs as root.
Now this is actually wrong. Firewall gui for example requires root. There are similar sysadmin guis that need it too
Sysadmin GUI tools are designed to be secure by isolating GUI from privileged process. That is not true for a random GUI app.
While I agree their comment is wrong - GParted , firewall and other apps all prompt for a password when launching from a properly configured environment.
I’ve always run gparted as root because it never seems to integrate with polkit right. A bunch of other tools that require low level disk access have the same problem. I’ve even needed root access for a program under WINE at some point to work around some silly permission bug
You’re partially right, whatever can be accomplished by running nautilus as root can be done by using
admin://paths instead, but there are legitimate reasons to run GUI programs as root.Now i question why the whole GUI needs to run as root (even in working default config) instead of just the tool running the command with root.
Many GUIs were written before polkit was set up and having to enter your root password constantly is a pain. In theory these programs could spawn a long running shell and elevate privileges in there, but that’s just running the program as root with extra steps.
Also, most programs are more than wrappers around command line tools, so splitting them into a low and hig privilege component would be a pain. It would be much more secure, for sure, but there’s only so much effort you can expect from software given to you for free.
Also, most programs are more than wrappers around command line tools
But not gparted.
Partially, for sure. But there are some operations that are done natively. Those could be spawned off into a
ddcommand, of course, but without rewriting that code, you need gparted to be elevated for copying (and I believe moving) partitions.
Nope. Running GUI as root in the same X server as unprivileged apps is insecure because each of them can take control over privileged window. IDK if this issue has been addressed in Wayland, but anyway there are no wayland-only distros nowadays.
Any X window can control any other X window for sure, but I’m not sure why a malicious program would go through nautilus when they can just
aliassudo in .bashrc. It’s not like Linux users tend to do regular virus scans anyway.Wayland does prevent this flaw, but it also makes running GUI programs as root kind of messy.
There’s one in every thread.
I have no idea what you are talking about. The answer to your question is: this is impossible and this is done for purpose. Don’t try to work in linux like in windows.
I have no idea what you are talking about.
Your attitude.
It’s not attitude they are giving you. It’s strong recommendation. It’s the strong recommendation of the entire Linux community.
Sudo is different than run as admin and is not intended to be used to do things the way Windows does them.
No. It’s ”you probably shouldn’t run them with sudo” , many GUIs need root for certain tasks. I recommend using
pkexecinstead of sudo, you can add it to the .desktop file and when you launch the application it’ll give you a GUI authentication prompt.Probably? They won’t run with
sudonormally (in xorg at least). And only those explicitly allowed to be run withpkexecby maintainers will do. Of course it is possible to evade this restriction, but you definitely should not.There’s plenty of GUI applications that’ll run just fine with sudo. For example BleachBit.
The commonality between these applications is when they were written, what (outdated) toolkit they use, etc.
Sudo is just not made for use with GUI and can possibly lead to bad behavior.pkexecleverages PAM & Polkit and is intended for GUIs.It’s not when app was written. Wayland apps probably work with sudo, x11 don’t because sudo does not pass the
$DISPLAYenvironment variable. It’s a correct behavior of sudo because running x11 apps with root permission you create a security hole.sudo -EI know. Don’t do this. Read the manual.
Polkit was created in 2009 & PAM was created in 1995. GNU dates back to 1984, so… There’s still quite a handful of programs that are likely still maintained to this day that don’t properly take advantage of them or other auth systems made to be able to handle GUIs in a secure fashion. BleachBit being released in 2008, predates Polkit and afaik, bleachbit doesn’t leverage polkit by default, at least not on Arch.
AFAIK the newer Ubuntu gksu equivalent is pkexec, if that helps
Thanks, I’ll give it a shot. I don’t want it to always run everything as root, just on rare occasions.
Can confirm the caution here. Bricked a system this way a while back.
Your polkit will always prompt you for a password. No need to complicate it. If it doesn’t, then it doesn’t need to be ran as root
I don’t know what a polkit is, but yes obviously I would want to input a password.
While the other user explained what polkit is from a low level, I think it’s more practical to give you a high level explanation. Polkit is responsible for the dialog box that pops up when you try to open an app like GParted that requires root permissions (it edits partitions, a rootful task). What the user you replied to is saying is that you never want to run an app as root unless it prompts you for it (like with polkit prompts), or you know in great detail what you are doing. Running random things as root can break your system and the app you’re running. Most apps you will be using are not intended to be run as root under any circumstance, and at the very least will likely experience issues because of it (UI issues, data issues because the root home directory is not your home directory, configuration/setting changes, improper scaling, etc). Unless you know for a fact that something has to be run as root (like updating packages with your package manager) or you are specifically prompted when trying to do something, you absolutely do not want to be running things as root.
Just to further explain, even if an app isn’t started as root, it can request that permission as needed. For instance, Nautilus allows you to navigate through the root directory, and will prompt you for a password through polkit if you are trying to access something your user does not have permission to read (of course assuming your user has sudo privileges, but that’s beside the point). Unlike Windows, there is no practical use for a “run as root” option, because apps have the ability to request root access when it is necessary, and only when it is necessary. In addition to that, polkit limits the root access that an app is given to the specific actions for which it is requested (so an app can’t use root privileges to run unauthorized commands). The exception to that is when you start dealing with the terminal, but that falls into the category of “you better know what you’re doing and why”.
The short answer as to why this isn’t a thing in Linux is that the authentication and permission system functions nothing like Windows. In Linux, a “run as root” button is not a solution, it is a problem. The only reason that run as administrator exists in Windows is because sometimes the solution to a problem in Windows is to run an app as admin. That is not the case for Linux, and never will be.
There are many ideological differences between Windows and Linux. You’ll find many discussions here about how it is often not a good idea to try to do something the “Windows way” on Linux, because those ideologies and the software principles are incompatible. Part of learning how wonderful Linux is involves unlearning all of the horrible habits and ideological differences that Microsoft forces onto Windows users. This is one of those things that has to be unlearned, because full root privilege is not something that a regular app should ever ask for or even want in Linux. Root privilege is provided on a case-by-case basis from polkit with GUI apps; only when needed.
That comment meant anything that needs root will prompt for it WITHOUT you running as root. Running GUI apps as root directly won’t work well (1, it isn’t a good idea. 2, your user likely owns the X session)
Polkit (Policy Kit) is an authorization framework used in modern Linux distributions to manage access rights and privileges on the system. It allows unprivileged processes to communicate with privileged processes in a controlled and secure manner.
pkexeca command used to execute commands with elevated privileges, leverages both PAM (Pluggable Authentication Modules) and Polkit to authenticate the user and authorize the requested action. PAM is a framework used in Linux systems to handle user authentication and authorization.
Check out Polkit & PAM
I think you can run like this:
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY <yourapp>For example, if I wanna open
kgx(a.k.a. Gnome Console), I would run:pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY kgxDon’t do this. I’m unsure if this works in any distro, but if it does, this is unsecure.
Don’t do this. I’m unsure if this works in any distro, but if it does, this is unsecure.
something like this? creating custom context menu options
Thunar has ‘custom actions’. Add one using
pkexec %f. Other FM have similiar functionality.Thank you for providing an actual answer. Most of the comments in this thread are condescending as hell.
What’s the use case? What are you running into that you want to launch as sudo through the gui that isn’t pulling up the dialogue automatically?
A few folks have argued this is unnecessary, but I’m curious about your perspective on why and when you think it would be useful
What are you running into that you want to launch as sudo through the gui that isn’t pulling up the dialogue automatically?
Almost anything. The first thing I tried to do was delete a file off of a network share. Also, editing the name of a file copied from a network share. Also, editing text files, also, formatting a thumb drive.
It has been a frequent headache. I am not afraid of the command line, I just don’t prefer it for every single time.
That’s a permissions problem not a run as root problem.
That was also my take. If it’s something you should be able to edit, your user should have permissions to do that. Jumping to running as root every time has lots of unintended consequences.
I do think a functionally similar idea would be a button to “take ownership” (grant r/w/d) of a file that would prompt for root password. That way things don’t run as root that shouldn’t. Would that be a good compromise between Linux permissions and Windows workflow?
Isn’t that a feature that’s already implemented? The alternative is you could run chown -R [username] . in the correct directory.
That’s what I’m thinking. A menu entry that just runs chown -R [username] on whatever you click is the idea
The permissions problem was likely created by running something as root. You have a chicken and the egg problem my friend.
Just saw your edit. One thing you should be doing is taking ownership of directories you plan to be working in. So for an external drive for example, you’d want to make sure your user(s) have r/w/x permission recursively (granting permission for all files and folders underneath using the same command) on the root folder of the drive then you can move stuff on and off freely.
I agree it could be more straightforward, but ideally you’d only have to do it one time when you first use the drive with that machine
See? This is why I’ve been asking this question several times. You caused a lot of headache on yourself and now you think running things as sudo is the solution when it’s what put you in a pickle to begin with.
Let’s deconstruct what you said:
The first thing I tried to do was delete a file off of a network share.
If you couldn’t do that it’s because you were connecting to the share using your user, but for some reason on whatever program you used might have tried the admin busier when you ran the program as root. For the network share it doesn’t matter what user is on your local machine, so this is an issue on how you’re accessing the share on your user, not with needing to run the program as root
Also, editing the name of a file copied from a network share.
Of course, if you ran the above with sudo any file copied over will be owned by root, so now your regular user can’t edit them
Also, editing text files
I imagine you mean files copied over with the above problem, so same thing applies.
also, formatting a thumb drive.
Formatting thumb drives can absolutely be done without running the while program on root, why do you think you need this? How are you trying to do that?
It has been a frequent headache.
I can imagine, I’ve seen people run things like
sudo npm installand now they have issues because their node folder is owned by root, it’s very similar to what you’re experiencing, a small issue at the beginning triggered an avalanche of issues because you ran one program with sudo. Do you see why everyone is very cautiously asking why do you think you need this?See how this was an XY problem? You’re asking how to add a “run as administrator” but what you actually want is to access a network share with your user. I don’t mean any of this in a bad tone, but there’s a reason people keep asking you why, it’s because what you’re asking is almost never a good idea and leads to problems such as this, imagine if you had been able to create that menu item? You would start using it and getting more and more files owned as root that would cause you to need this more and more until you end up just running everything on root.
We must first ask What GUI program are you trying to run as root?
gedit, gparted, many others. I am not afraid of the terminal it’s just not my preferred method.
gedit uses polkit and should prompt you with a password when modifying a file that needs root priviledges. you shouldn’t have to run it as root
Nope, gedit opens fine but you can’t save changes unless you’re root. This is true of every distro I’ve tried.
There’s programs like kdesu which you can use. Idk if you can (or should) hack a context menu for a run-as-root option on everything. But you can make aliases or specifically application menu items for the specific apps you want to use.
https://superuser.com/questions/135311/sudo-access-for-desktop-actions-in-gnome-kde#135325
Sudo is “su do”, i.e. “run as root”, so it’s funny to hear run as sudo because it means “run as run as root”, like “chai tea” or “ATM machine”.
To your question the answer is “why?”. You shouldn’t need that, that’s one of the hardest things to get rid of, the “Windows mentality”, it’s like when people ask how to install a .tar.gz they downloaded from the internet, the answer is most likely “you don’t need that”.
This leads to an XY problem, where you’re asking how to solve problem Y but that is caused by you assuming you need to do X, when in fact you don’t. The main clue is that people keep asking you why do you want to do this. So, what exactly is the problem you’re trying to solve? Why do you think you need this?
I think you are right that people want a solution to a problem they don’t have, but I think in this case they may just want to run executable files as sudo from a GUI.
Which program/files and from which GUI? Each GUI will have it’s own way of doing that, and on 99% of cases it’s not necessary. He consistently refuses to answer simple questions about what he’s ultimately trying to accomplish. I have a generic way of doing that, login with the root user. Do you think that’s a bad idea? Then list all of the reasons why using root as your main user is a bad idea and probably every single one will apply to what he wants as well. There’s a reason why programs that need root access ask for it and don’t expect you to run them with sudo, the “run as administrator” is a windows concept from an OS that doesn’t have a proper way to elevate privileges so programs can’t implement that API and you need to elevate the entire program.
There is no reason to assume this is an XY problem scenario.
Yes there is, you’re asking how to add a menu entry to run things with sudo, and refuse to answer why you want to do it, what’s your use case? What graphical application do you need to run with sudo and why?
I’m almost sure I know why, and your refusal to answer this even though it’s been asked multiple times seems fishy. Like it was explained multiple times there’s a 99% chance that you don’t need it, and there is a package for the remaining 1% or you could do it manually like others have suggested. But until we know your use case we can’t help you, so while you keep refusing to explain what is it that you’re actually trying to accomplish and why do you feel you need it it will be impossible for anyone to help you.
What I want to accomplish is to open files and programs as root without use of the terminal. I promise you I have no nefarious intentions towards you or your ilk.
What program? What files? Why do you need to run them with sudo? You’re either being purposefully vague or you don’t even know why you think you need this.
The question is not about a specific use-case, but a general one. I do not think it’s an absurd scenario that sometimes a user would want root privileges without resorting to the command line.
I have had to un-teach dumb things that people learn from Windows.
A menu item to run a GUI program as root it is indeed a rather absurd scenario. It suggests that you want to violate the admin/user barrier which is intended to be difficult to surpass except in certain circumstances.
There can be a lot of things under the hood that are necessary to run a GUI program as root depending on whether you’re using X11 or Wayland or something more esoteric. It’s doable though.
But instead of doing that, why not just learn how to use the command line? Every administrative task can be done via the command line, but not every administrative task has a GUI counterpart. So you’re going to need to learn to use the command line sooner or later.
OP asks a relatively simple question, and gets scolded as it committed murder.
For all we know OP is the only user and is just playing with Linux, and just wants a simple (probably unnecessary) shortcut because he’s GUI oriented.
This is kind of someone asking how to open their lunchbox easier, and get treated like they are giving a copy of their house keys to everyone in town.
Chill… Not everyone is running a maximum security level server. If OP screws their system (like most of us do at some point), I’m sure a fresh re-install would be enough for them.
It is, run as administrator is a windows concept, in Linux programs that need elevated privileges will ask for it, so if you need a specific program to be entirely elevated you’re asking something quite unique. I’ve asked multiple times, I’ll ask again, why do you want this? Give me a concrete example of what you’re trying to do, just saying running any program as root is not a good answer.
Since I know you’re not going to (because I already asked at least 3 times and others have as well and you haven’t answered anyone, so I think you don’t know why you want this other than “because Windows has it”), here’s the generic answer for you, on the login screen type root as your user and input your root password, there you go, you don’t even need that menu item anymore since everything runs as root now, just like in Windows.
For files, you should use an editor that supports it (e.g. Kate via admin:// paths). You should not run GUI programs as root.
Or
sudoeditin console.
Sudo is “su do”, i.e. “run as root”
It may default to root but it doesn’t mean run as root. Su means substitute user identity i.e. any other user (if you have the rights to it).
I know, but explaining all that for just a comment on why I found funny the “run as sudo” seemed too much.
Both
suandsudooriginally meant “superuser” because that was their only use. They have retroactively been changed to “switch user” because this functionality was added later.Just citing a source in case anyone wants a little history: su.
Emacs can let you edit root files using TRAMP
Do not do this. “Run as Administrator” is a Windows answer to a Windows problem. The only time you should regularly need root privileges is installing software any editing system wide configuration files.
It would occasionally be handy running gparted, but for as often as I need to do that
sudo gpartedworks just fineI’ve seen people say that a few times here but any time I use gparted I get the Gnome ‘enter password’ dialog which seems to work fine.
I’m not on Gnome, variably either Xfce or LxQt, is probably what’s making the difference there
Sounds like you need to install polkit for the window manager you’re using (xfce-polkit or lxqt-policykit on arch). That should enable apps to request root using the login popup.
Gparted prompts you to enter your password so it can elevate itself to root.
Other threads:
You are free to do anything and everything with Linux!
ITT:
YOU CAN’T DO THAT
