You are not logged in.
pkexec is more secure than sudo or su
Question to all...
Why would there be commands to elevate to root privileges that would break or put your system at risk?
Last edited by marcoA (2019-07-29 14:24)
Offline
It's what you do after getting elevated privileges that can break the system not the commands themselves.
I cannot say why sudo or su are not secure, maybe @sickpig has the answer to that...
Offline
From Google:
"The commands (pkexec and sudo -i) in and of themselves aren't necessarily harmful. However they do different things in terms of granting permissions to apps.
The sudo ("substitute user do") command allows you to run a process as another user, typically the root user. That is, by default it runs the process as a user with unlimited power.
Why does this matter to you and is it really less safe to run with sudo?
This depends on both the policy written and the app itself. For an app like Files, running with elevated permissions can be pretty dangerous in any case. But imagine that Files had permission to do things you would never want it to do, like create or delete user accounts. Since Files can have 3rd party plugins, imagine that a malicious third party plugin exists that runs in the background and tries to delete accounts.
When you use pkexec, you're using PolicyKit. PolickyKit is the part of the system that keeps track of the types of privileges that certain users and programs should have. It depends on certain policy files being defined that describe these privileges.
The intention is that PolicyKit does not grant more permissions than are necessary".
Sounds good to me.
Last edited by marcoA (2019-07-29 20:10)
Offline
yup thats right pkexec is more restrictive in terms of the elevated permissions it provides. For instance you won't be able to run graphical applications unless you have explicitly made provision in the policy configuration. Whereas if you become su or sudo you can run anything. I avoid su or sudo where-ever possible.
Offline
marcoA wrote:Would someone please explain how to append this to the grub parameters?
Edit the file "/etc/default/grub" as root and modify the "GRUB_CMDLINE_LINUX_DEFAULT" entry adding the desired kernel parameter at the end of line. Update Grub config file afterwards:
$ sudo update-grub
I had the same problem, this, combined with the video parameter, solved it. Thanks, I registered just to post this
Offline