I found a (lengthy) guide to doing this but it is for gksu which is gone. I have to imagine there’s an easy way. I am running Ubuntu. There is no specific use case, it is just a feature I miss from windows.
EDIT: I always expect a degree of hostility and talking-down from the desktop Linux community, but the number of people in this thread telling me I am using my own computer that I bought with my own money in a way they don’t prefer while ignoring my question is just absurd and frankly should be deeply embarrassing for all of us. I have strongly defended the desktop Linux community for decades, but this experience has left a sour taste in my mouth.
Thank you to the few of you who tried to assist without judgement or assumptions.
Do not do this. “Run as Administrator” is a Windows answer to a Windows problem. The only time you should regularly need root privileges is installing software and editing system wide configuration files.
It would occasionally be handy running gparted, but for as often as I need to do that
sudo gparted
works just fineI’ve seen people say that a few times here but any time I use gparted I get the Gnome ‘enter password’ dialog which seems to work fine.
I’m not on Gnome, variably either Xfce or LxQt, is probably what’s making the difference there
Sounds like you need to install polkit for the window manager you’re using (xfce-polkit or lxqt-policykit on arch). That should enable apps to request root using the login popup.
Gparted prompts you to enter your password so it can elevate itself to root.
Your polkit will always prompt you for a password. No need to complicate it. If it doesn’t, then it doesn’t need to be ran as root
Obviously I would want to input a password.
That comment meant anything that needs root will prompt for it WITHOUT you running as root. Running GUI apps as root directly won’t work well (1, it isn’t a good idea. 2, your user likely owns the X session)
Polkit (Policy Kit) is an authorization framework used in modern Linux distributions to manage access rights and privileges on the system. It allows unprivileged processes to communicate with privileged processes in a controlled and secure manner.
pkexec
a command used to execute commands with elevated privileges, leverages both PAM (Pluggable Authentication Modules) and Polkit to authenticate the user and authorize the requested action. PAM is a framework used in Linux systems to handle user authentication and authorization.
Check out Polkit & PAMWhile the other user explained what polkit is from a low level, I think it’s more practical to give you a high level explanation. Polkit is responsible for the dialog box that pops up when you try to open an app like GParted that requires root permissions (it edits partitions, a rootful task). What the user you replied to is saying is that you never want to run an app as root unless it prompts you for it (like with polkit prompts), or you know in great detail what you are doing. Running random things as root can break your system and the app you’re running. Most apps you will be using are not intended to be run as root under any circumstance, and at the very least will likely experience issues because of it (UI issues, data issues because the root home directory is not your home directory, configuration/setting changes, improper scaling, etc). Unless you know for a fact that something has to be run as root (like updating packages with your package manager) or you are specifically prompted when trying to do something, you absolutely do not want to be running things as root.
Just to further explain, even if an app isn’t started as root, it can request that permission as needed. For instance, Nautilus allows you to navigate through the root directory, and will prompt you for a password through polkit if you are trying to access something your user does not have permission to read (of course assuming your user has sudo privileges, but that’s beside the point). Unlike Windows, there is no practical use for a “run as root” option, because apps have the ability to request root access when it is necessary, and only when it is necessary. In addition to that, polkit limits the root access that an app is given to the specific actions for which it is requested (so an app can’t use root privileges to run unauthorized commands). The exception to that is when you start dealing with the terminal, but that falls into the category of “you better know what you’re doing and why”.
The short answer as to why this isn’t a thing in Linux is that the authentication and permission system functions nothing like Windows. In Linux, a “run as root” button is not a solution, it is a problem. The only reason that run as administrator exists in Windows is because sometimes the solution to a problem in Windows is to run an app as admin. That is not the case for Linux, and never will be.
There are many ideological differences between Windows and Linux. You’ll find many discussions here about how it is often not a good idea to try to do something the “Windows way” on Linux, because those ideologies and the software principles are incompatible. Part of learning how wonderful Linux is involves unlearning all of the horrible habits and ideological differences that Microsoft forces onto Windows users. This is one of those things that has to be unlearned, because full root privilege is not something that a regular app should ever ask for or even want in Linux. Root privilege is provided on a case-by-case basis from polkit with GUI apps; only when needed.
I don’t know why everyone is getting self-righteous about this. I’ve used Linux since the mid-90s, and occasionally I find it easier to just run a GUI file manager as root to do some filter and deletions of things in caches and such that need root permission. Hell, I want to edit the files in /etc/wireguard for my tunnels; should I only do this at a sudo prompt in the terminal when I’m perfectly capable of pulling it up in Kate and copypasting stuff in?
Get off your high horses, there’s plenty of valid use cases if you’re using your head.
Manipulating large amounts of different files in terminal is a pain in the ass and everyone who disagrees is wrong.
AFAIK the newer Ubuntu gksu equivalent is pkexec, if that helps.
You could copy all system .desktop files to your home dir and automatically edit them with a script that adds an action to run them with pkexec or sudo as root. However, most GUI apps should never be run as root, because they can break the system. For example, they may create hidden thumbnail files owned by root and break thumbnails in all apps not running as root that way
Thanks, I’ll give it a shot. I don’t want it to always run everything as root, just on rare occasions.
Can confirm the caution here. Bricked a system this way a while back.
I do not really see hostility or taking down. More of a difference of opinion or experience.
Also, this is not a private email thread. It is a public forum. Whatever advice you get risks becoming guidance for the community. I think it is perfectly reasonable, even responsible, for people to respond with their thoughts on security.
You can ignore the advice not to implement this capability on your personal machine. That is your call. However, this should not become standard practice by Linux users.
Thank you for answering at some point in the thread the use cases that drove your question. I was very curious.
When I have needed “Run as Administrator” in Windows, it has typically been to run the command line. The reason Windows needs this is because it has lacked “sudo”. The next release of Windows is adding it as a feature ( going the other way ).
I have used Linux for decades as well and really not needed this. Partially this is because tools that require root access are typically configured to ask for it already.
Your “need to delete a file” use case made sense to me but I do not run into it. Perhaps my file systems are mounted differently. Perhaps I am not manipulating files of other users ( sounds right ). Or maybe I am more likely to be at the command line. Your “edit files as root” use cases leads me to believe I use the command line more as that is certainly something I would be doing from the terminal. I have to edit files as root everyday but it is always from the terminal. I am not encountering files that I cannot edit in my file manager though as I would have navigated to those files in the terminal to begin with. Clicking around in a file manager to get to system files is not even something that would have occurred to me. If I am using the file manager, it is to manage my own files ( mostly media and documents ).
No judgement. Do things how you want. I was just curious what you were using this for. When I use Windows, I use “Run as Administrator” all the time. In Linux, I did not even notice it was missing. Going back to Windows makes me miss “sudo” in the terminal though. I am not the only one obviously as they are now adding it to Windows too.
What’s the use case? What are you running into that you want to launch as sudo through the gui that isn’t pulling up the dialogue automatically?
A few folks have argued this is unnecessary, but I’m curious about your perspective on why and when you think it would be useful
What are you running into that you want to launch as sudo through the gui that isn’t pulling up the dialogue automatically?
Almost anything. The first thing I tried to do was delete a file off of a network share. Also, editing the name of a file copied from a network share. Also, editing text files, also, formatting a thumb drive. I am not afraid of the command line, I just don’t prefer it for every single time.
Some people may consider this a permissions issue, which is technically correct but does not bring anyone closer to solving the problem that:
Delete file - enter password - [the file gets deleted]
Is a lot more straightforward of a process for some people than navigating file permissions system and entering the correct commands into the terminal just to be rid of a file you didn’t want in the first place.
See? This is why I’ve been asking this question several times. You caused a lot of headache on yourself and now you think running things as sudo is the solution when it’s what put you in a pickle to begin with.
Let’s deconstruct what you said:
The first thing I tried to do was delete a file off of a network share.
If you couldn’t do that it’s because you were connecting to the share using your user, but for some reason on whatever program you used might have tried the admin busier when you ran the program as root. For the network share it doesn’t matter what user is on your local machine, so this is an issue on how you’re accessing the share on your user, not with needing to run the program as root
Also, editing the name of a file copied from a network share.
Of course, if you ran the above with sudo any file copied over will be owned by root, so now your regular user can’t edit them
Also, editing text files
I imagine you mean files copied over with the above problem, so same thing applies.
also, formatting a thumb drive.
Formatting thumb drives can absolutely be done without running the while program on root, why do you think you need this? How are you trying to do that?
It has been a frequent headache.
I can imagine, I’ve seen people run things like
sudo npm install
and now they have issues because their node folder is owned by root, it’s very similar to what you’re experiencing, a small issue at the beginning triggered an avalanche of issues because you ran one program with sudo. Do you see why everyone is very cautiously asking why do you think you need this?See how this was an XY problem? You’re asking how to add a “run as administrator” but what you actually want is to access a network share with your user. I don’t mean any of this in a bad tone, but there’s a reason people keep asking you why, it’s because what you’re asking is almost never a good idea and leads to problems such as this, imagine if you had been able to create that menu item? You would start using it and getting more and more files owned as root that would cause you to need this more and more until you end up just running everything on root.
That’s a permissions problem not a run as root problem.
That was also my take. If it’s something you should be able to edit, your user should have permissions to do that. Jumping to running as root every time has lots of unintended consequences.
I do think a functionally similar idea would be a button to “take ownership” (grant “/r/w/x”) of a file that would prompt for root password. That way things don’t run as root that shouldn’t. Would that be a good compromise between Linux permissions and Windows workflow?
Regarding formatting a drive, whatever program you are doing that in should ask for root p/w when performing that operation. If it just refuses because of permissions that seems like a bug.
Isn’t that a feature that’s already implemented? The alternative is you could run chown -R [username] . in the correct directory.
That’s what I’m thinking. A menu entry that just runs chown -R [username] on whatever you click is the idea
That’s would work but it would be kind of dangerous
Just saw your edit. One thing you should be doing is taking ownership of directories you plan to be working in. So for an external drive for example, you’d want to make sure your user(s) have r/w/x permission recursively (granting permission for all files and folders underneath using the same command) on the root folder of the drive then you can move stuff on and off freely.
I agree it could be more straightforward, but ideally you’d only have to do it one time when you first use the drive with that machine
The permissions problem was likely created by running something as root. You have a chicken and the egg problem my friend.
You don’t need to run any GUI programs as root.
Now this is actually wrong. Firewall gui for example requires root. There are similar sysadmin guis that need it too
Sysadmin GUI tools are designed to be secure by isolating GUI from privileged process. That is not true for a random GUI app.
deleted by creator
deleted by creator
No. It’s ”you probably shouldn’t run them with sudo” , many GUIs need root for certain tasks. I recommend using
pkexec
instead of sudo, you can add it to the .desktop file and when you launch the application it’ll give you a GUI authentication prompt.Probably? They won’t run with
sudo
normally (in xorg at least). And only those explicitly allowed to be run withpkexec
by maintainers will do. Of course it is possible to evade this restriction, but you definitely should not.There’s plenty of GUI applications that’ll run just fine with sudo. For example BleachBit.
The commonality between these applications is when they were written, what (outdated) toolkit they use, etc.
Sudo is just not made for use with GUI and can possibly lead to bad behavior.pkexec
leverages PAM & Polkit and is intended for GUIs.It’s not when app was written. Wayland apps probably work with sudo, x11 don’t because sudo does not pass the
$DISPLAY
environment variable. It’s a correct behavior of sudo because running x11 apps with root permission you create a security hole.sudo -E
I know. Don’t do this. Read the manual.
Polkit was created in 2009 & PAM was created in 1995. GNU dates back to 1984, so… There’s still quite a handful of programs that are likely still maintained to this day that don’t properly take advantage of them or other auth systems made to be able to handle GUIs in a secure fashion. BleachBit being released in 2008, predates Polkit and afaik, bleachbit doesn’t leverage polkit by default, at least not on Arch.
deleted by creator
Nope. Running GUI as root in the same X server as unprivileged apps is insecure because each of them can take control over privileged window. IDK if this issue has been addressed in Wayland, but anyway there are no wayland-only distros nowadays.
deleted by creator
Now i question why the whole GUI needs to run as root (even in working default config) instead of just the tool running the command with root.
deleted by creator
Also, most programs are more than wrappers around command line tools
But not gparted.
deleted by creator
There’s one in every thread.
I have no idea what you are talking about. The answer to your question is: this is impossible and this is done for purpose. Don’t try to work in linux like in windows.
I have no idea what you are talking about.
Your attitude.
It’s not attitude they are giving you. It’s strong recommendation. It’s the strong recommendation of the entire Linux community.
Sudo is different than run as admin and is not intended to be used to do things the way Windows does them.
Sudo is “su do”, i.e. “run as root”, so it’s funny to hear run as sudo because it means “run as run as root”, like “chai tea” or “ATM machine”.
To your question the answer is “why?”. You shouldn’t need that, that’s one of the hardest things to get rid of, the “Windows mentality”, it’s like when people ask how to install a .tar.gz they downloaded from the internet, the answer is most likely “you don’t need that”.
This leads to an XY problem, where you’re asking how to solve problem Y but that is caused by you assuming you need to do X, when in fact you don’t. The main clue is that people keep asking you why do you want to do this. So, what exactly is the problem you’re trying to solve? Why do you think you need this?
Sudo is “su do”, i.e. “run as root”
It may default to root but it doesn’t mean run as root. Su means substitute user identity i.e. any other user (if you have the rights to it).
Both
su
andsudo
originally meant “superuser” because that was their only use. They have retroactively been changed to “switch user” because this functionality was added later.Just citing a source in case anyone wants a little history: su.
I know, but explaining all that for just a comment on why I found funny the “run as sudo” seemed too much.
I think you are right that people want a solution to a problem they don’t have, but I think in this case they may just want to run executable files as sudo from a GUI.
Which program/files and from which GUI? Each GUI will have it’s own way of doing that, and on 99% of cases it’s not necessary. He consistently refuses to answer simple questions about what he’s ultimately trying to accomplish. I have a generic way of doing that, login with the root user. Do you think that’s a bad idea? Then list all of the reasons why using root as your main user is a bad idea and probably every single one will apply to what he wants as well. There’s a reason why programs that need root access ask for it and don’t expect you to run them with sudo, the “run as administrator” is a windows concept from an OS that doesn’t have a proper way to elevate privileges so programs can’t implement that API and you need to elevate the entire program.
There is no reason to assume this is an XY problem scenario.
Yes there is, you’re asking how to add a menu entry to run things with sudo, and refuse to answer why you want to do it, what’s your use case? What graphical application do you need to run with sudo and why?
I’m almost sure I know why, and your refusal to answer this even though it’s been asked multiple times seems fishy. Like it was explained multiple times there’s a 99% chance that you don’t need it, and there is a package for the remaining 1% or you could do it manually like others have suggested. But until we know your use case we can’t help you, so while you keep refusing to explain what is it that you’re actually trying to accomplish and why do you feel you need it it will be impossible for anyone to help you.
What I want to accomplish is to open files and programs as root without use of the terminal. I promise you I have no nefarious intentions towards you or your ilk.
For files, you should use an editor that supports it (e.g. Kate via admin:// paths). You should not run GUI programs as root.
Or
sudoedit
in console.
What program? What files? Why do you need to run them with sudo? You’re either being purposefully vague or you don’t even know why you think you need this.
The question is not about a specific use-case, but a general one. An alternative reading would be “Is there a way to run short commands as root without switching to the terminal?”
I have had to un-teach dumb things that people learn from Windows.
A menu item to run a GUI program as root it is indeed a rather absurd scenario. It suggests that you want to violate the admin/user barrier which is intended to be difficult to surpass except in certain circumstances.
There can be a lot of things under the hood that are necessary to run a GUI program as root depending on whether you’re using X11 or Wayland or something more esoteric. It’s doable though.
But instead of doing that, why not just learn how to use the command line? Every administrative task can be done via the command line, but not every administrative task has a GUI counterpart. So you’re going to need to learn to use the command line sooner or later.
OP asks a relatively simple question, and gets scolded as it committed murder.
For all we know OP is the only user and is just playing with Linux, and just wants a simple (probably unnecessary) shortcut because he’s GUI oriented.
This is kind of someone asking how to open their lunchbox easier, and get treated like they are giving a copy of their house keys to everyone in town.
Chill… Not everyone is running a maximum security level server. If OP screws their system (like most of us do at some point), I’m sure a fresh re-install would be enough for them.
It is, run as administrator is a windows concept, in Linux programs that need elevated privileges will ask for it, so if you need a specific program to be entirely elevated you’re asking something quite unique. I’ve asked multiple times, I’ll ask again, why do you want this? Give me a concrete example of what you’re trying to do, just saying running any program as root is not a good answer.
Since I know you’re not going to (because I already asked at least 3 times and others have as well and you haven’t answered anyone, so I think you don’t know why you want this other than “because Windows has it”), here’s the generic answer for you, on the login screen type root as your user and input your root password, there you go, you don’t even need that menu item anymore since everything runs as root now, just like in Windows.
There is a lot of advice in this thread warning you about doing this. Please heed it. Instead, read more about how permissions and file ownership works.
I appreciate the absolute mountains of concern that I am using my own computer incorrectly, but I’ve been doing it this way for more than a decade and have never once broken anything, lost data or exposed myself to a security risk so I think I’m doing ok.
I’ve gone swimming in specifically man eating shark infested waters for years and nothing bad has happened. So surely nothing bad will ever happen, and my actions have no risk tied to them. Think about why so many people have discouraged the actions you propose, safety rules are written in blood after all. You can, in fact do whatever you want, just keep it in mind when you are doing something risky.
You are absolutely not. It really bad practice. I can not state that enough.
Practice least privilege
I’m not trying to offend you. I just want to help.
Don’t know about gnomes default file manager, but dolphin has this ability. You’ll have to install the addons and enable it in the context menu however.
To repeat others opinion though, I haven’t actually needed this feature outside of very specific situations (that I create myself). Linux operates a bit different and shouldn’t need this for anything outside of some poorly made, or potentially malicious apps and scripts. I agree though it’s still nice to have the option
Thunar has ‘custom actions’. Add one using
pkexec %f
. Other FM have similiar functionality.Thank you for providing an actual answer. Most of the comments in this thread are condescending as hell.
It depends on the file browser you are using.
The default, nautilus.
“Run as Adminstrator” in the context menu is a default feature in Windows. It seems odd I’m the first person to want this in Linux.
It is rare that you would want to run an entire GUI program as root, and if it is needed, the program should prompt you for it. Do you have a specific use case where you need to do that regularly?
Not regularly, but the most common use I’ve encountered is text files used in various configurations.
Not necessarily a satisfactory solution for you, but the usual way to handle that is just using a text editor in the shell with sudo, like nano or vim. It’s pretty fast and easy once you get used to it. I don’t know if there are any good graphical ways of doing it.
I know. That’s what I’ve been doing for years. I could also just
sudo gedit file directory filename
but it’s SO much easier to right-click “open as admin” which is why I asked.I would suggest right-click in the folder in your file explorer -> open in terminal ->
sudo nano
autocomplete file name (tab tab). At least to me that doesn’t seem that much more involved and is safer. Otherwise, as others have noted, there are apparently ways of doing what you want, but it is discouraged for good reasons.That is the 1% I mentioned, and the easiest way is installing this https://github.com/nautilus-extensions/nautilus-admin which I think is in the apt repos, so probably
sudo apt install nautilus-admin
works.But I STRONGLY encourage you NOT to install this, you’ve already made a mess of permissions on your computer that by your own account caused you many headaches by running graphical programs with sudo without any need.
deleted by creator
ctrl+L, there’s no button because Gnome is weird
Oh my gosh, this is so useful. The lack of an address bar was driving me insane. Thanks.
That’s not how that should work. You also shouldn’t need that in Windows either.
Programs that need Admin rights will ask for it. There are a fee limited cases but most of the time it creates more problems than it solves.
From your comments I’ve read it sounds like there is more to this story. Can you share what you are trying to do? On gnome gnome disks can run fine under the user. It will elevate when it needs to and it is designed with least privilege.
For file shares root is pretty much meaningless in most contexts. If you don’t have access you don’t have access as authentication is handled server side. If you setup a automatic mount check your mount options as you can set it to be owned by the local user. Also if you mounted the share in a graphical file utility such as nautilus it will be mounted for the local user so you will not need root.
Root should be used very sparingly. It is not the same as Admin on Windows. It is almost equivalent to the SYSTEM user on Windows.
deleted by creator
deleted by creator
You have no idea what that would do in Linux. First read some documentation, then decide if you really need it. I guess you can see by the number of people trying to put you on the right path that what you want is not a good idea.
I’m not a child with a machine gun, I just don’t want to go to the terminal every time.
Then let us address the underlying issue. You should not need root for the majority of tasks and never for desktop usage.
It sounds like something got messed up when you ran a different program as root.
We must first ask What GUI program are you trying to run as root?
gedit, gparted, many others. I am not afraid of the terminal it’s just not my preferred method.
gedit uses polkit and should prompt you with a password when modifying a file that needs root priviledges. you shouldn’t have to run it as root
Nope, gedit opens fine but you can’t save changes unless you’re root. This is true of every distro I’ve tried.
ah I may have mixed its behaviour up with kate
There’s programs like kdesu which you can use. Idk if you can (or should) hack a context menu for a run-as-root option on everything. But you can make aliases or specifically application menu items for the specific apps you want to use.
https://superuser.com/questions/135311/sudo-access-for-desktop-actions-in-gnome-kde#135325
That’s not a good idea as root isn’t the same as an Administer account. Also, you might want to consider why you are running programs as root. You may have a chicken and the egg problem.
Maybe step back and give us some more context.
Other threads:
You are free to do anything and everything with Linux!
ITT:
YOU CAN’T DO THAT