Apps keep open as "Superuser"

I have no idea. My apps keep opening as (Super User).

Thanks.

Thank you for bringing this to our attention but unfortunately Manjaro's libtelepathy is still under (heavy) development so we cannot link into your computer telepathically yet. :innocent:

Could you please give us a bit more information?

  • It it in the GUI? if yes, please tell us how you start the GUI (if it's started as root, yes all aplications will be started as root too)
  • Is it in the terminal? If yes, please execute whoami and give us the output of that.
  • Has it always been like this? If not: what was the last thing you changed before it became like this?
  • ...

Please help us help you...

:unicorn::unicorn::rainbow::rainbow:

P.S. Also have a look here:

8 Likes

Thanks for the good news about libtelepathy.

I rarely ever start applications from the terminal. I start most of my applications from the panel at the top of my screen. As far as I know, I started noticing "as superuser" about a week ago. I'm concerned that someone has "infiltrated. For example, going to the start menu > Graphics > Gimp... this is what I get:

gimp " my system.

I've got the usual ufw default deny incoming/outgoing running and I've removed sshd. So I don't know how anyone could access my computer remotely.

But I've experienced people tampering with my computer in the past and I'm a little worried about it now.

Please show:

1 Like

It's not in the terminal, and my name is somewhat private.

:face_with_raised_eyebrow:

Then replace your username with "name" or "user" or whatever.
We need to know which user launches e.g. gimp.

Or try launching gimp with e.g.
sudo --user=your_user_name gimp

1 Like

Thanks. Now I understand why. When I open Gimp wih sudo, which I never do, the info I get is:

[myname@see-pc ~]$ sudo --user=myname gimp
Reading profile /etc/firejail/gimp.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 28901, child pid 28903
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Child process initialized in 200.32 ms
Could not connect: Permission denied

(gimp:4): GLib-GObject-CRITICAL **: 20:07:18.325: g_object_unref: assertion 'G_IS_OBJECT (object)' failed

Parent is shutting down, bye...

... and it opens as superuser. When I open it without sudo I get:

[myname@see-pc ~]$ gimp
Reading profile /etc/firejail/gimp.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 29288, child pid 29289
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Child process initialized in 140.29 ms
Could not connect: Permission denied

(gimp:4): GLib-GObject-CRITICAL **: 20:09:25.734: g_object_unref: assertion 'G_IS_OBJECT (object)' failed

Parent is shutting down, bye...

... and it opens again as superuser. Does this have anything to do with my account being an administrator account?

Yes, probably... Did you set it up that way? Normally user accounts do not have any elevated privileges.
Also try without firejail please.

1 Like

Yes, because I initially didn't know how to use sudo and at times I have to work as root and don't want to deal with password timeouts all the time.

I'd rather not remove firejail, so if you wouldn't mind, how do I temporarily disable firejail?

This can be changed in /etc/sudoers (option timestamp_timeout)

Never work as admin. If you have some specific task to be done as root, use either sudo or open a root shell with su -.
You don't have to remove firejail (makes no sense to use firejail with elevated privileges IMO), just remove the symlinks in /usr/local/bin.

2 Likes

Well, I hate to let you down, but I can't figure out what to do in either case. I can google how to increase the sudo timeout (oddly, there is no timestamp_timeout in my sudoer file), but as far as firejail, I looked in the folder /usr/local/bin but honestly, I have no idea what to do once I'm there.

For example, can I use mv to move the gimp folder in /usr/local/bin and then use it again to move it back? or should I use cp?

(I usually open a root session if needed with su, but when I only have to input one or two commands I now use sudo. So I can demote my account to standard user and still use su?)

For others, this page tells me how to change the timeout of the sudoer file: https://unix.stackexchange.com/questions/382060/change-default-sudo-password-timeout

Add

The following option in /etc/sudoers does that:
Defaults timestamp_timeout=30 (value in minutes)

to /etc/sudoers. Ideally you should edit that file with the sudo mechanisms, e.g. sudo EDITOR=nano visudo or sudoedit.

As for firejail, I'm not in front of my main computer, but

A symbolic link to /usr/bin/firejail under the name of a program, will start the program in Firejail sandbox. The symbolic link should be placed in the first $PATH position. On most systems, a good place is /usr/local/bin directory.

So look whether there is a symlink to gimp and remove it (you can add it back later).

Neither, see above.

1 Like

Okay. I renamed the gimp link in /use/local/bin to gimp2. This is what happens:

[myname@see-pc bin]$ sudo gimp
[sudo] password for myname:
Error spawning command line “dbus-launch --autolaunch=6f1e1654a1fc47c0a03ee93b77a7689d --binary-syntax --close-stderr”: Child process exited with code 1
Plug-in "xsane"
(/usr/lib/gimp/2.0/plug-ins/xsane) is installing procedure "xsane" with a full menu path "/File/Acquire/XSane: Device dialog..." as menu label, this deprecated and will be an error in GIMP 3.0
Created directory: /var/net-snmp
Created directory: /var/net-snmp/mib_indexes
Plug-in "xsane"
(/usr/lib/gimp/2.0/plug-ins/xsane) is installing procedure "xsane-v4l-3a--2f-dev-2f-video0" with a full menu path "/File/Acquire/XSane: v4l:'dev'video0" as menu label, this deprecated and will be an error in GIMP 3.0
Plug-in "xsane"
(/usr/lib/gimp/2.0/plug-ins/xsane) is installing procedure "xsane-hpaio-3a--2f-usb-2f-DeskJet-5f-2130-5f-series-3f-serial-3d-CN99I48407067S" with a full menu path "/File/Acquire/XSane: hpaio:'usb'DeskJet_2130_series?serial=CN99I48407067S" as menu label, this deprecated and will be an error in GIMP 3.0

(gimp:1307): GLib-GObject-CRITICAL **: 20:32:11.208: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
[myname@see-pc bin]$ gimp

sudo starts gimp as a superuser, which I expected, but without sudo gimp starts as a normal user, which is great. However, I did a third test starting gimp from the brisk menu and it still started as a superuser. Is this some kind of a bug in firejail? (perhaps I should remove it after all...)

Okay. Thank you for helping me to figure it out. I removed firejail and now gimp opens as a regular user and not as a superuser. Strange...

This issue, with my limited knowledge, was solved by completely removing firetools and then firejail.

Thanks again.

2 Likes

Normally, firejail doesn't enable itself when you install it, so how did you configure it? Did you follow this guide: https://wiki.archlinux.org/index.php/Firejail , e.g. running firecfg?

1 Like

I'll read that, and to tell you the truth, I'm such a novice at this I don't even remember what I did to get it installed. I did follow some guide though... enough to get it working.

I'll read the guide you sent and try again. I usually type manjaro "issue" or arch "issue" when I'm trying to get things fixed. However, because I don't administer Linux for a living, I tend to forget what I've done once an issue is resolved.

Thanks for the link.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by