Is running unknown applications in a separate non root account safe?

Question

I'm new to Ubuntu and I have seen people online suggesting to add ppa s and download applications outside the software centre. I know that if I don't trust the publisher it is a security risk. But is it ok if I install the application by logging in as another user and never give root privilege to that application? If I don't give root privilege it can't damage my system, since it is another user, it can't damage the files of my regular account. Am I right? Can such a setup prevent keyloggers also? Running kubuntu 18.04 LTS 64 bit

It cannot delete/edit, but it can [read your files](https://askubuntu.com/questions/46501/why-can-other-users-see-the-files-in-my-home-folder). — pLumo, Mar 06 '19 at 14:04
It is safe as long as the application doesn't required root access to run or insn't installed using the `sudo` command... — George Udosen, Mar 06 '19 at 14:06
@GeorgeUdosen aren't all applications installed with root access? is it possible to install programs without sudo? thanks for the reply. — NFS Most Wanted, Mar 06 '19 at 14:23
@RoVo So it can read my browsing history/cookies from other users also, isn't it? thanks for the reply. — NFS Most Wanted, Mar 06 '19 at 14:25
Yeah, it is possible. Not everything needs to be installed to be ran, and programs can be ran more like a portable program folder in Windows or like a single executable. Appimages, compiled programs, binary tarballs, Rustup (for a custom example), Steam games, and much more are examples of programs that can be ran and stored in local directories, and tend to be in them anyways. That's why a gamer may for example recommend you to have a gigantic /home partition, so it can hold gigabytes upon gigabytes of Steam games. — RoundDuckMan, Mar 06 '19 at 14:27
@NewtoUbuntu yes, I can create a program from scripts that doesn't need root access because isn't reading any system files... — George Udosen, Mar 06 '19 at 14:28
@New to Ubuntu: Probably yes. The `.config` folder has afaik only read access for the owner, but e.g. `.mozilla` folder is readable by everyone. As long as you don't follow the answers in the linked question, everyone can read your files. — pLumo, Mar 06 '19 at 14:31
So a separate non root user account is not a good way to isolate an application, isn't it? — NFS Most Wanted, Mar 06 '19 at 14:33
@GeorgeUdosen I'm a noob, sorry to ask again, but how can a malware infect at the installation time? It can only run if we open it, isn't it? If I install something with sudo, the apt will copy the contents of the package to my hard disk, and when I run it the code actually executes. So, shouldn't I be safe as long as I don't execute the program with sudo? When I install something, I'm giving "apt" with root access, not to the program, right? — NFS Most Wanted, Mar 06 '19 at 15:01
If I get you correctly, when a program asks for `root privileges`, and is given it now has the ability to change and modify system parameters and configuration because your **providing** of your password (per say) gave it that ability... So at install if you do so then **malware** can make changes to your system... — George Udosen, Mar 06 '19 at 15:02
@GeorgeUdosen My point is , if I type sudo apt install xyz, I'm giving root access only to "apt", and not to "xyz" isn't it? If I never run xyz with sudo, I should be safe? Also does your advice apply to snap packages ? — NFS Most Wanted, Mar 06 '19 at 15:05
And **note**, if the **malware** had been given permission at install time [vis the `sudo` command] then it can make changes that will make it possible for it to run without needed you to use the `sudo` command and hence not requiring a password to execute! — George Udosen, Mar 06 '19 at 15:06
When you run `sudo apt install xyz` you have authorized `apt` to do what ever that package wants which could also be malicious! So next time when you do `xyz` it does it's malicious tasks without your knowledge! — George Udosen, Mar 06 '19 at 15:08

Is running unknown applications in a separate non root account safe?

0 Answers0