Fstab Edit

Hi. If you are running KDE you can edit fstab easily with Kate. After amending the mount point, Kate will now automatically request your root password if required by the ownership/directory rights of the target directory in this case /etc/.

Nice to see this development of Dolphin.

I came to this tread because I needed to rename the mount point of a partition.
Editing /etc/fstab with Kate was easy enough but I had trouble remembering the the command sequence for a root rename.

Eventually I used Krusader and although it would not allow the rename it did allow me to enter a new mount point.

Btw, dbus-x11 is present on 20.04...

Progress is being made... I'll hang on and see what this change actually feels like when it gets here...

In case you're interested: https://phabricator.kde.org/D12795
(The polkit support should be somewhat closer than "on the horizon" now.)

Ahha! Now I know who to thank for pkexec!
and thank you Kubicle for that info.

Nate's "This week in KDE" series is one of my favorite reads on planet.kde.org.

Incidentally, it was Nate's patch that enabled pkexec'ing dolphin back in 18.08 (although it might have been inadvertent, as the main goal was to re-enable dolphin to run on a true root session, where the security effect of blocking dolphin is rather negligible..but it also made pkexec possible), so he is the one to thank for the possibility of running dolphin as root currently (without modifying the source ).

Agreed, I bookmarked it...

Interesting site, that Nate's blog.

@jglen490, I drilled down to the source and found this:

https://pointieststick.com/2020/01/0...dmap-for-2020/

I'm doing the happy dance!

So there seems to be some late breaking news about changes in the KDE landscape coming in 2020. These changes might give some relief to Dolphin users and elevated permissions.

I'm actually an odd duck on that. For simple edits of files that need root access, I've always used Nano and that was never an issue (of which you had outlined why previously). I'm a huge fan of Kate, but when I just need some quicky config edits, I usually default to Nano.

However, I do think, depending on how some programs are launched may not go thru policykit. I can't say for sure, they still might, it's just not readily apparent to me and usually it is apparent (as in pop up window), that's why I'm speculating this.

I always try to approach changes in a way that impacts the user the least. Sure there may still be "teething" problems, but which method involves that the least. It doesn't always work out that way though, sometimes what was originally thought of the least impactful method, may indeed be the opposite. As you said, hindsight is always 20/20.

Absolutely. But apps can have root access (with policykit) without running them as root. We probably all know (by now) how kate can perform write operations with elevated privileges when necessary while running the gui as normal user (no one really complains about the kate workflow anymore). And Gnome has recently added the admin:// gvfs protocol that enables apps like gedit and nautilus to do the same.

So it is was a judgement call for the devs...and different devs made different decisions (there were no strictly right or wrong decisions here). Like I said previously, I probably would have gone with the decision the krusader devs made, but I wouldn't criticize dolphin devs for the decision they made either, there are good strong arguments to support either choice, especially considering the different user bases and the fact that policykit integration is necessary anyway in the future wayland era.

And I honestly believe the dolphin decision might have been different if it was known at the time that it would take 2+ years to get policikyt integration in kio (after all policykit support was finished rather quickly for ktexteditor which kate/kwrite uses), as we know pkexec support was later enabled to restore the root workflows (it needed some changes in the source code to lift the strict restrictions a bit), but hindsight is always perfect.

Currently, AFAIK, the only thing blocking the release of enabled polkit support in dolphin is this: https://phabricator.kde.org/T8075 (so it should be fairly close, and should improve all workflows and add immediate security benefits while also being ready for wayland).

I'm actually in a far smaller minority then that I would imagine. I prefer to run very lean installs and I prefer to use portable programs then traditionally installed programs (be it through the package manager or through a run file or a install script etc). Even when I create my Electron apps, I still build them as AppImages or as binary archive for Win users. But you are correct in your assessment that my systems are single user systems.

I totally agree with your scenario, but that would also be an issue with any GUI program and there are some that I do believe would require root access to do what they needed to do.

Therein lies the core of the problem. Maybe you are among the users that don't have other (unprivileged) users on your systems and never yourself run any software that you haven't examined the source and have built yourself, but I assure you that you are in a very small minority.
Let's say you have a user that has installed something from the internet in their $HOME (or possibly you have done so yourself), that software could run a daemon that listens to the X server waiting for an admin user to come along and run a GUI app as root, and bam, that daemon has root (no input necessary from the admin user, other than the act of starting the gui app as root). That is a real security issue. If you understand that, and make an informed decision to run a gui root app, that's quite fine by me (but most people do not quite grasp that, even when I've tried to explain it to them...at least not the ones who search for the quick instructions, and I can assure you that a warning of "this is dangerous" doesn't quite do it either).

I certainly didn't want to imply that I consider you to be either lazy or ignorant (not that I consider either to be necessarily bad things or mutually exclusive to being smart). And I'm probably one of the laziest people you'll find north of the south pole (and quite ignorant of many things). I meant that the idea that I thought you are promoting: "that all software should be developed so that everyone should be able to do everything with it, without having to learn anything and regardless of security concerns" would mean that software would be catered just to those that are the laziest and/or most ignorant, and I don't think that is in the best interest of anyone, not even those that are lazy and/or ignorant...at least not in the long run.

I've enjoyed following this discussion. For me, the bottom line of this thread, Dolphin having root access rights, is very important to my web design workflow. Now that pkexec is working (in 19.04 anyway), I'm back in the flow.

With respect to the philosophical argument about whether to shield users from potentially dangerous GUI actions or to allow those actions with a simple warning, there is no argument.

Let the user have access.

The warning needs to make it clear where the danger lies, but the user should not be completely blocked, as was the case with Dolphin before someone wrote the pkexec script (thank you).

This whole discussion is very likely to come up again, with other tools. It is the nature of Linux development that we will work through the blockages. I just hope it happens faster than this Dolphin situation because I lost work time=money.

Again, thanks for the very good discussion on the philosophy of software development.