Well, there are two separate aspects in running an application as root; one of them improves security and another one may compromise it - I think mixing those two aspects explains your confusion.
running an application as another user (possibly root user, but not necessary) makes it more difficult for another process to access files owned/created by that application and do other nasty things (send a KILL signal, for example). This is good.
if an application happen to have a vulnerability (i.e. sending it some specially formatted input makes it to execute some code via buffer overflow etc.) - then, after exploiting the vulnerability, the attacker will be able to execute code with the privileges of that process. In this sense, running an application with root privileges is BAD, because it would give the highest level of privileges to attacker.
Now you understand that running update manager as root may be bad if it contained a bug which would allow a specially-crafted .deb file to crash it and make it to execute some code. However, running some applications, such as package manager, with superuser privileges is unavoidable because they modify the essential parts of the system.
The common solution to this problem is to perform so-called "privileges drop" on program startup; this is often used to run webservers and other potentially exploitable (and accessible from outside) software. The idea is simple: the program starts as root, but as soon as possible it switches to some user account with as little privileges as possible (no shell login, chroot-ed to its home directory etc.) This way, even if compromised, it would give attacker a very limited access to the system. Also, other user accounts (except the superuser) will have no access to the application's files
I'm not sure how easy would it be to run a desktop application like this though.
Actually, in this situation I think running web browser as a non-privileged user would make more sense. And, of course, Google gives us a few links on the subject:
Taking this idea to the extreme (as you're suggesing in the comments) will give you a system which is similar to how Android works; on Android each application operates within its own user account, so it only have access to its own files. This probably have some problematic areas in Ubuntu, i.e. if you downloaded a file using Firefox running in a restricted account, it'll only be able to save it in its own home folder so it won't be possible to open the file in a text processor (which runs as another user)...
Regarding the launcher script I would imagine the script will be starting as root and invoking the applications as their respective users. The script will obviously need to be writeable by root only. Read about setuid.
That's somewhat too broad to explain it will end with conclusion like in a link that you linked to your question, but I'll try something more fullfilled maybe it will give you some answers.
sudo
("substitute user do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root
or another user while providing an audit trail of the commands and their arguments.
Sudo
is an alternative to su
for running commands as root
. Unlike su
, which launches a root
shell that allows all further commands root
access, sudo
instead grants temporary privilege escalation to a single command. By enabling root
privileges only when needed, sudo
usage reduces the likelihood that a typo or a bug in an invoked command will ruin the system. Sudo
can also be used to run commands as other users; additionally, sudo
logs all commands and failed access attempts for security auditing.
More detailed info about Root Sudo
can be found on Official Ubuntu Documentation
Best Answer
Open a terminal and type
sudo visudo
. At the end of the file (really the last line in it) type%yourusername% ALL=NOPASSWD: /usr/bin/apt-get install
where %yourusername% is replaced by your username.After that you wont be prompted for a password to use
sudo apt-get install
anymore but please understand this is a very risky solution, there is a reason why you need to type a password for some commands, the use of these commands without password can leave your system open for some dangers. Use with caution.