gksu

Run a command as a specific user

$ gksu [[-u|--user]] [userid] [command]

$ gksu [[-u|--user]] [userid] [[-k|--preserve-env]] [command]

$ gksu [[-u|--user]] [userid] [[-w|--su-mode]] [command]

$ gksu [[-u|--user]] [userid] [[-S|--sudo-mode]] [command]

$ gksu [[-u|--user]] [userid] [[-d|--debug]] [command]

gksu [OPTION...] COMMAND

-u, --user
    Specify the user to run the command as (default is root).

-k, --sudo
    Force the use of 'sudo' instead of 'su' for privilege escalation.

-g, --disable-grab
    Do not grab the keyboard and mouse during password prompting.

-p, --preserve-env
    Attempt to preserve the current environment variables.

-D, --display
    Specify the X display to use for the graphical dialog and application.

-m, --message
    Provide a custom message to be shown in the password dialog.

-d, --description
    Add a description for the application entry in the menu.

--prompt-password
    Always prompt for the password, even if cached.

--help
    Display a help message and exit.

--version
    Output version information and exit.

gksu is a GTK+ frontend for the su and sudo commands, designed to securely run graphical applications requiring root privileges. It provides a user-friendly graphical dialog box to prompt for a password, ensuring the X display environment variables (like DISPLAY and XAUTHORITY) are correctly set for the target application to run within the user's active graphical session.

Its primary purpose was to prevent users from running their entire desktop environment as root, a highly insecure practice, while still allowing specific administrative tools to function. While widely used in older GNOME-based systems, gksu is now largely considered deprecated. Modern Linux distributions increasingly prefer Polkit-based solutions like pkexec or direct use of sudo -H for launching graphical applications as root, which offer more granular control and better integration with system policies. This shift reflects a move towards more secure and fine-grained privilege management.

Security Risk: Running untrusted graphical applications as root can severely compromise your system. Only execute commands from trusted sources.
Deprecation: gksu is largely deprecated in modern Linux distributions. Many systems now prefer pkexec or sudo -H due to enhanced security and flexibility.
Environment Issues: While it attempts to handle DISPLAY and XAUTHORITY, complex X setups might still encounter issues.

gksu's key feature was its ability to correctly set up DISPLAY and XAUTHORITY environment variables for the root process. This allowed graphical applications launched as root to display correctly on the user's X session, which is crucial for GUI programs that interact with the X server. Misconfigured XAUTHORITY often leads to 'cannot open display' errors.

For running graphical applications with elevated privileges today, pkexec is the recommended method. It uses Polkit for policy-based authorization, offering more fine-grained control and a more secure model. Alternatively, sudo -H can be used to set the HOME environment variable to the target user's home directory, which is often sufficient for graphical applications to run correctly while avoiding common X-related issues associated with direct sudo use.

gksu (and its counterpart gksudo) emerged as essential tools for GNOME desktop environments, providing a graphical and safer alternative to directly running su or sudo on the command line for GUI applications. It addressed the critical need to avoid running an entire desktop session as root. Initially a core component of privilege escalation in many popular distributions, its prominence began to wane with the rise of PolicyKit (Polkit), which offered a more granular and policy-driven approach to privilege management. Consequently, gksu has been removed from or marked for deprecation in many modern Linux distributions, favoring pkexec for better security and system integration. Its development and maintenance have largely ceased.

su(1), sudo(8), pkexec(1), gksudo(1)