Is it possible to launch nautilus or gedit with elevated privileges?

Question

Sometimes I need to edit files in /etc. I know I can do this with the console (sudo mv some/file /etc/some/file, sudo nano /etc/some/file) etc, but I find this way a bit clunky. Call me spoiled, but I'm really used to GUI tools such as Nautilus and Gedit.

Distributions such as Ubuntu Mate or Mint make it easy: I can right click a folder and then a context menu appears with options such as "open as administrator". From then double-clicking a text file opens it in gedit with elevated privileges.

However, I can't find such an option in the default Unity version of Ubuntu:

Note:

I am aware of the question Ways to run Nautilus with elevated privileges , but the solution recommended here is to use gksudo, which no longer works
I suppose I can always do sudo gedit /etc/whatever, but - AFAIK - using sudo with GUI tools is heavily ill-advised
I recall some say that it is ill-advised to run GUI tools with elevated privileges at all. This doesn't seem to be the case, however, since some default GUI tools themselves ask for elevation, Ubuntu Software being perhaps one of the most prominent examples:

Is there a way to run Nautilus or Gedit with elevated privileges?

Does this answer your question? How to open Nautilus as admin in Ubuntu 19.04 — muru, Oct 22 '21 at 14:39
The admin:// thing should also work with other GNOME utilities like gedit. — muru, Oct 22 '21 at 14:39
When I used Ubuntu I edited text files with 'sudo gedit' for a few years and never had an issue. Alternatively edit root text files with 'sudo nano', which I use more of now as it's a universal Linux text editor. 'gksudo' was replaced by (using gedit) gedit admin:///PathToRootFile. — Paul Benson, Oct 22 '21 at 14:41
@muru This errors out: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failled: Unix process subject does not have uid set — gaazkam, Oct 22 '21 at 16:08
@gaazkam xed admin://.......... works fine with Mint as it did when I used gedit with Ubuntu, so I don't believe anything has changed. So eg, gedit admin:///etc/hosts should open your hosts file after typing your password. — Paul Benson, Oct 22 '21 at 18:13
@PaulBenson Like I said, this results in GDBus.Error:org.freedesktop.PolicyKit1.Error.Failled: Unix process subject does not have uid set. Ubuntu 21.10, default version (not Lubuntu, Kubuntu or any other remix) — gaazkam, Oct 22 '21 at 18:40
The proper way to start GUI applications with privs from the CLI is to use sudo -H. ex: sudo -H gedit /etc/filename. — heynnema, Oct 22 '21 at 19:32
I haven't tried Ubuntu 21, having moved to Mint and Manjaro after Ubuntu 20.04 which always worked for me. Just didn't like Gnome. So don't know if there is a bug with 21. If you run id -ng myusername does it show you as a sudo member? — Paul Benson, Oct 23 '21 at 06:39
@PaulBenson id -ng m only prints m, but I still can use sudo. groups m shows m adm cdrom sudo dip plugdev lpadmin lxd sambashare. — gaazkam, Oct 23 '21 at 08:12
@heynnema Wow, after years of reading "never use sudo for GUI apps, instead use gksudo/pkexec/admin:///whatever else/absolutely nothing, never run GUI apps as root" I'm a bit surprised to read that I can use sudo -H to run GUI apps... But hey, it works :) — gaazkam, Oct 23 '21 at 08:22
@gaazkam I put that into a quickie answer. If you think it answers your question, please remember to accept it by clicking on the checkmark icon that appears just to the left of my answer. Thanks! — heynnema, Oct 23 '21 at 14:55
Does this answer your question? How do I start Nautilus as root? — user68186, Oct 23 '21 at 15:00
@heynnema I would gladly accept your answer if it was clear that your approach is indeed the recommended one. It is easy to use, it is convenient and it does seem to work, but... I've always been told that we were not supposed to use sudo to run GUI apps even though doing so always seemed to work. You cite documentation which says that sudo -H "requests that the security policy set the HOME environment variable to the home directory specified by the target user's password database entry." (cont) — gaazkam, Nov 11 '21 at 19:44
...Is it enough to remedy the problems that (we've been always warned) could arise by running GUI apps with sudo? Hard to judge, since I don't really know what exact problems could arise and how. Note that the documentation you cited does not clearly say that the -H option "makes it safe to run GUI apps with sudo" and so, I believe, your answer should explain why and how sudo -H is "the" proper way to elevate the rights of a GUI app. — gaazkam, Nov 11 '21 at 19:49
@heynnema I'm sorry if what I said sounds rude; I'm not really sure that I'm at a position to review your answer like this. So, without certainity that your approach is indeed the proper one I though I'd suspend judgement and not vote. But since you asked for status... well, here you are. — gaazkam, Nov 11 '21 at 19:51
@gaazkam I've edited my answer to provide a little more information, and to make it a little clearer for you. — heynnema, Nov 11 '21 at 21:40

vanadium · Answer 1 · 2021-10-22T14:45:40.197

You can easily have a right-click menu that allows to open a file with root privileges by installing a package nautilus-admin. This nautilus extension adds two right-click menu options. One of these allows you to open a file as root for editing in gedit. The other entry allows you to open a nautilus window with root permissions.

The package is included in the standard Ubuntu repositories and can be installed with the command

sudo apt install nautilus-admin

It relies on the GNOME's admin backend, i.e., the effect is the same as if you would open the file from the command line with the admin:// URI, e.g.

gedit admin:///etc/fstab

Both nautilus-admin and admin:// error out: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failled: Unix process subject does not have uid set — gaazkam, Oct 22 '21 at 16:06

raj · Answer 2 · 2021-10-22T14:31:06.587

You can use pkexec instead of gksudo. My way of running eg. gedit with elevated privileges is to create a script, for example /usr/local/bin/su_gedit, with the following contents:

#!/bin/bash
pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY gedit $*

Then you can create a .desktop file for this script, for example /usr/share/applications/su_gedit.desktop (I have not tested if other location than /usr/share/applications will work), copying its contents from org.gnome.gedit.desktop and modifying appropriately, ie. changing the Name= and Comment= lines to whatever you want (for example Name=Root Text Editor and Comment=Edit text files with root privileges) and replacing gedit by /usr/local/bin/su_gedit in all Exec= lines.

After you do this, when right-clicking in Nautilus on a file that normally opens in gedit, and selecting "Open with a different program", you should see your "Root Text Editor" entry on the list. Even if it isn't there, if you click "Show all programs" button, you should be able to choose it.

Another way is to create a similar script that runs elevated gnome-terminal, and create a launcher for that script eg. in your GNOME panel or on the desktop. From that terminal, you can simply run gedit as root. That's what I usually do.

Better to place your launcher in ~/.local/share/applications, rather than /usr/share/applications. — ChennyStar, Aug 10 '22 at 16:06
@ChennyStar Placing it in /usr/share/applications has the advantage that it is available for all users, like any system-installed app. If you need it only for yourself, you can of course place it in ~/.local/share/applications. — raj, Aug 11 '22 at 12:42

score 0 · Answer 3 · answered Oct 22 '21 at 13:55

Nemo - is the default file manager shipped with Cinnamon Desktop. Nemo allows you to right-click anywhere in a given directory and "Open as Root."

A second window then opens with a blue "elevated privileges" banner.

Hope this helps!

note - (It sounds like you want to continue to use Nautilus - so disregard this advice if you're unwilling to switch to a different file manager.)

heynnema · Answer 4 · 2021-11-11T22:10:53.923

From the comments...

The proper and easiest way to start GUI applications with privs from the CLI is to use sudo -H.

example: sudo -H gedit /etc/filename

From the sudo man page...

 -H, --set-home
             Request that the security policy set the HOME environment
             variable to the home directory specified by the target
             user's password database entry.  Depending on the policy,
             this may be the default behavior.

So the -H flag makes sudo assume root's home directory as HOME instead of the current user's home directory. Otherwise some files in the user's home directory would become owned by the root, which may lead to various problems.

Note: excerpted from What does '-H' flag in 'sudo -H' mean?

The most common problem of using sudo without the -H option is the creation of a login loop.

This can occur because the following files get changed from your_username:your_username, to root:root...

-rw------- 1 your_username your_username 407910 Nov  2 08:56 .ICEauthority
-rw------- 1 your_username your_username     58 Jun 23  2017 .Xauthority

Do you have additional background on why this is the ~now~ recommended approach, while for years we have been told to never run graphical applications using sudo? Was the -H option recently added to sudo? Why does setting "the home directory specified by the target" resolve previous issue with executing GUI apps using sudo? — Enterprise, Oct 24 '21 at 15:07
@PJSingh For a partial answer, see https://askubuntu.com/questions/1206020/what-does-h-flag-in-sudo-h-mean. The most common problem is login loops. — heynnema, Oct 24 '21 at 17:03

Is it possible to launch nautilus or gedit with elevated privileges?

4 Answers4