Re: How to use gksu to safely run a non-open-source application?

[Jack Dodds <brmdamon aci on ca>]

Thanks for your comments!

dsr tao merseine nu wrote:

> > My solution is to create a "non-secure" user called realplay, in a 
> > group called realplay.  This user is treated as hostile, and is not 
> > given access to any files of any other user.
>
> That's not how UNIX permissions work... realplay may read, write
> and execute any files it can see which allow this. For example,
> a file in /home/jack with permissions rw-r--r-- can be read,
> though not written to, by realplay.

My scheme depends on users using permissions rw-r----- as default.  
After all, a user who is reasonably paranoid, will not allow "other" 
users to read her files.  But if rw-r----- permissions are used as the 
default for human users, will this cause problems in other areas?

> You can limit the files that a user can see by placing it in a
> chroot'd environment. 


<>Rather than using an su -alike, you may want to use a sudo-alike. 
Permissions can be much finer-grained, controlled by
/etc/sudoers.


Thanks for the comments.  I've tried using su (rather than gksu) and 
there seems to be a problem - I think X can't display on my desktop when 
running as the new user.  I suspect that this would be a problem with 
sudo, unless that is a GTK+ version of sudo (call it gksudo???).