Bug#686844: gksudo for users other than root fails

Edward Ross efrossuhl at gmail.com
Thu Feb 7 02:07:24 UTC 2013 

Same problem here. I'm using the following:
debian squeeze release 6.0.6
kernel 2.6.32-5-amd64
gnome 2.30.2
gksu 2.0.2-5

Occasionally I have to edit files owned by system users such as tomcat6 
and postgres.

I can use:

$ gksudo -l gedit <some file>

or

$ gksu -u <other user> -l gedit <some file>

which do work. Unfortunately, in the first case, any new files I create 
are then owned by root and I subsequently am forced to change their 
ownership; and in the second case I am asked for the root password, 
which I tend to forget.

I should think that:

$ gksudo -u <other user> -l gedit <some file>

should do what I need, i.e. ask me for my own password and run gedit as 
<other user>; however, after I enter my password in the provided dialog, 
I get the following error message in the terminal where I entered the 
command:

(gksudo:11626): GLib-CRITICAL **: g_str_has_prefix: assertion `str != 
NULL' failed

I have found the same behavior when attempting to run other gui 
programs, such as gnome-terminal, by this method.


I have found two ugly workarounds:

I can add read permissions, via sudo chmod, for everyone to directory 
/var/run/gdm3/auth-for-edward-<some code>/ and to file 
/var/run/gdm3/auth-for-edward-<some code>/database. Then whenever I need 
to edit, say a postgres file, I can sudo su to postgres and run gedit. 
It works, for a while that is, until <some code> is changed by the 
system, and I suspect it opens a security hole.

Alternatively, I can successfully run this redundant incantation:

$ gksudo "gksu -u <other user> -l gedit <some file>"

which seems to takes advantage of the fact that gksudo works for user 
root. It also starts about 10 processes on my machine, although I'm not 
sure that is an issue.

Imho, one of two things should happen: either the -u option should be 
removed from gksudo, oficially restricting it to run gui commands under 
root only; or it should be fixed such that it can run gui commands as 
other users, as permitted by the sudoers file of course.

If I can be of any further assistance, please let me know.

Edward

More information about the pkg-gnome-maintainers mailing list