But if I run as sudo ./a.out it is not displaying the window.
Surprisingly this was the issue since yesterday. This was working since years.
same is the issue with gedit. If I run gedit it is fine with normal user.
But if I run as sudo gedit nothing is showing up…!!!
You should never run GUI applications as root—either directly or with sudo. That’s not what sudo is for.
GUI toolkits are composed, directly and indirectly, of millions of lines of code that has never been audited for security; additionally, GUI toolkits can side-load shared components, like plugins and extension modules, of various provenance, none of which have been audited or can be audited. Finally, GUI toolkits talk across process barriers to privileged components—like the display and input sub-systems, but also various components that interact with system services and other hardware. Each GUI application should be considered as a potential security disaster waiting to happen, and the only thing that prevents it is that it runs with very limited privileges. We even created entirenewmechanisms to reduce those privileges further so that applications won’t eat your data even when running as your user.
If you want to run gedit to edit a system-owned file, use the GVFS admin backend, e.g.:
gedit admin:///etc/passwd
which will go through the appropriate mechanisms for privilege escalation within your user session. If you really want to use sudo, use:
export EDITOR=gedit
sudo -e /etc/passwd
which will use sudo to create a copy of the target file, and will use ${EDITOR} to edit it within your own security context; the copy will then replace the original file.
Don’t ever use sudo directly to run a GUI application.
I am working on a decade old proprietary project where I will taking inputs from GUI developed using GTK and I have to send data using raw socket which requires root privileges. So I have kept everything in a single application and running as root.
After looking at flatpak, I am able to understand that it is like google play store which can work on a lot of distributions.
I will be more than happy to adopt flatpak.
While using flatpak, hope there is a way to have a GUI work with normal user privileges and communicate with process / thread with root privileges.
Is it allowed to put proprietary project ? I mean customer has to pay me to use this app…
That’s even more the case for not using a privileged user.
The typical design for an application that does that is to create a small service that can run as a privileged user and communicate to other programs via an IPC mechanism; your GUI application would then talk to the service over the process boundary. A user session on modern Linux systems is full of these kind of system services, using DBus as the communication channel and providing a remote procedure call interface; the service owns a name on the system bus, and exports an interface to perform operations and provide results; applications call methods on that interface—and if the service that owns that interface isn’t present, DBus will automatically start it for you. You can use polkit to perform a privilege escalation with or without user authentication.
Yes, Flatpak sandboxes can talk to the system bus.
Yes; a Flatpak application is a file system tree and does not require providing the sources, just the build artifacts.
Flatpak is not a store; Flatpak is a packaging, distribution, and sandboxing system. Flathub is a community-driven store, and it does not allow proprietary applications.
Snap is a packaging and sandboxing system. Snapcraft is the store, and it’s owned by Canonical.
Both Flatpak and Snapt will sandbox the access to system resources, so you cannot run your application as root anyway.
I prefer Flatpak, but packaging system services is not possible with it, and Flathub won’t allow a closed source application to be distributed on their servers.
Those applications you see are not hosted by Flathub; the build manifest will download the actual application from its distributor once the Flatpak is installed and place its contents in the appropriate locations. This means that closed source apps that already have a Linux archive available for download will be installable and work inside a Flatpak environment.
Flathub, at the moment, doesn’t have infrastructure to let people pay for apps, and it likely won’t ever host closed source applications. Somebody else—possibly with more financial backing—can take the Flathub code base for a store and create something that hosts closed source applications, though.