Hi, all. I just found this in a popular greek collectively-run Linux site.I m posting just the extract in question (translated in english) plus the link to it. Google translate is perfectly suited to to use.
"We return to Wayland and it is time to deal with another important element that confuses many. This is the opening of a graphical application as root. We did it and we still do it a lot, but we do it dangerously, unknowingly. The most widespread and also wrong way was and is the use of the sudo command . However, sudo is not suitable for graphical applications. It is stated in writing in its own configuration file. But who will sit down, eh? After “everyone” does it, it will probably be right. But it is not. For this reason gksu (do) and kdesu (do) have been created , which ensure that some necessary conditions are met that sudo can not satisfy. However, they are not sufficient.
Let’s just explain it. Assume you want to make changes to a text file that your user does not have access to. Here you need the administrator intervention. But when you use sudo or some of the alternatives to open this file in the graphic editor, there are things you are probably ignoring but at the same time creating a great security hole in your system. But how; We said you want to customize a file. The administrator in such a case only needs to open and store. Nowhere else. With sudo, however, the entire copywriter, throughout your making changes, runs with administrator privileges. This means that whatever it uses at that time, such as some different display parameters, or a process created after opening with sudo , and all the points in your file system where it is accessed, are covered by the same rights. In short, to do something small, you give full access to your system. It’s not what you wanted, right? But it still happens because, as mentioned above, they are “all” and so fatally transmitted as knowledge. It’s as if bullying always implies correctness.
This misuse will be entirely limited by Wayland, where no graphical application can be opened as an administrator. Those of you who are users of the latest Plasma releases will find that it is no longer possible to open the Dolphin file manager and copywriters such as Kate with elevated privileges, even in X environment. I know, it’s “inconvenient.” But it is an adaptation from developers to the most appropriate use and what will follow with Wayland. Some people see it, again incorrectly, as “Qt applications do not open as root”. If they were looking at it a little, they would see that what was limited was the execution of an entire graphical interface with elevated rights, which they do not need and are potentially dangerous. Exactly the same as Wayland. The job we want to do, can be done normally. It will simply be done in a different, safer way. This may be the sudoedit for our example with the text file, but in general it will be the use of an already existing technology - which is still unknown to many - called polkit (PolicyKit). You may have encountered the pkexec command. Guess what it uses as a backend. Through polkit, an application can use additional permissions only at the point where it really needs it, without any security gaps in its operation. Once again, however, this is not Wayland’s competence but will be achieved with other, environment-specific technologies. Indicatively, tasks dealing with file management as root in GNOME will be done through gvfs and Plasma from its KIO.
The sad thing here is that the truly worthy developers of a really excellent distribution (names we do not say, no hypothesis are touched) have reversed the Plasma function above, allowing the wrong way to use, while not only knowing but reporting the dangers. So while some people are trying to correct bad practice times, some others are screaming in their waves. Personally, I was surprised by this move. I would probably expect it from another distribution but not from that. Anyway, let’s not stop at itt. Anyway, let’s not stop at it. ".