General > Security & Bug Fixes

Thunar root persistence


There has been a quirk with Debian and XFCE Thunar and external large files for a while now, but I know it's with slightly older versions of Thunar than the one Linux Lite uses. I have compared Thunar in LL with sdX and it's older in sdX, which is also on an older kernel. This image is the slight differences.

What is needed for LL is a warning/reminder window to logout of the session (*not shutdown/restart) to end the root/sudo persistence, as this solves the issue. (which is by the way in LL only a problem when using other FMs over a network after root/Thunar before a session logout) as LL sets up root during installation different than Deb. Deb installs root and password, then sudo user and different password, and offers no root login from the GUI. LL installs normally as root password/sudo user the same, just like SolydX, and must be changed after the fact, expecting the addition of users after installation. It should be recommended during install of LL to create a root password, then another sudo user with a different password, rather than saved for after the install, otherwise many users will use root for sudo, something that KDE still annoyingly configures to in Debian, that also must be changed after installation. It is just not a good praxis anymore for network or ext DB file management. LL install should ask to create a root password, then ask to create a sudo with a different password, otherwise the Thunar administrative configuration uses root, and other FMs then persist as root over a network in XFCE even after Thunar is closed, thus the warning window in SolydX, which installs MC as well in the default installation. Also the save session option in XFCE with this root/sudo configuration cannot do the exactly same things as backup in Deb which protects root only and entirely. LL is designed for clickers (Windows refugees) and I think the root/sudo install routine should be changed in LL because it runs XFCE and is designed for Windows users, who will eventually inadvertently expose root over a network, and there should be a warning/reminder window with session logout instructions that appears when closing Thunar from root permissions. Opinions vary. I have a rather impetuous/stubborn friend who uses XFCE in Deb, who dumped systemd and went back to V over this very issue, and now the package is about to be permanently orphaned.

An interesting find TC. Do you know how SolydX produce the warning window? Cheers.

I've seen that same message as well, MX-15 I think I was using at the time.

Here is an image of the warning window in SolydX.


I noticed today that once you login as administrator via the GUI in Thunar it persists throughout the session even though you close Thunar, but that root persistence doesn't actually seem to be there in Thunar itself on Linux Lite, calling for a new login if you want to use root again. When opening it again during the session you still have root permissions in other FM incidences though. I tested this opening another file manager to a gvfs (Double Commander) and the root path to .gvfs existed there even though Thunar window was closed after a root session. In SolydX a warning window will appear giving you the option to exit root in Thunar when you reopen Thunar during a session. There is a quirk involving XFCE and Debian systemd when using a root permissioned file manager to move or delete large files on external drives or remote file systems. One can close Thunar unaware if deletions are completed in some cases, and shut down, and be unable to login after rebooting because a root login is expected, which is not possible from the GUI on a properly installed Debian system. Not sure if this affects Linux Lite the same way, but I think the warning window and logout option is a good idea.


[0] Message Index

Go to full version