Says who? I personally would stay away from software whose devs would think like that, and I'm sure most people would be rather miffed if a browser emptied their bank account and the developers' response would be "well, you shouldn't have used it".

Then I guess all the worries about software security can be thrown out the window, because there are users out there who have learned a lot by borking their systems.

It's most certainly not the same thing. With closed source software there is very little you can do about it, with open source software you can change it.

You can do what you want with it, you can even run a GUI file management app as root (even dolphin) if you wish to do so...no one is stopping you. You're probably right that there are users out there that want/need to be spoon fed, but that is quite frankly their problem.

When security issues are discovered, I'd expect the developers to try to mitigate them (even if they cannot be completely eradicated)...developers that prioritize software security are not going to keep insecure features just because it was there before.

Then that percentage of the user base probably shouldn't be doing that. I'd rather prefer my OS to be developed for the smart users, not the laziest (or the most ignorant) ones. You preach that it is the users' responsibility how they use their software, but at the same time seem to be opposed of them having to actually learn how to do that. Besides, wouldn't those users "learn a lot" by mucking something up? (your words, not mine)

Probably because there is no way to securely run GUI apps as root under X. it's not the same in cli programs (which don't talk to the X server in the same way)...this is why policykit integration is being developed so that you can perform root operations in apps without actually running the gui app as root (the way it is handled in kate).

Really? The current way of running GUI file managent as root (even with dolphin) is "totally out there"?? Because you don't like how Krusader looks? Because running dolphin with pkexec is totally undiscoverable without 5 seconds of google searching? Because there are users out there that cannot be bothered to actually learn how to use their systems?

EDIT: I apologize if I come across as unnecessarily harsh. But for a software developer, there are very few things that are as tiresome as all the different variations of "you should do this because that is how I want it done (nevermind that I'm not the one who is paying your salary)".

Then why are devs concerned with users abilities or lack thereof when it appears to be the main argument for removing functionality that previously existed?

(Emphasis added above) Whether or not any given user has the skills and abilities to 'change source code' isn't the developers problem and never should be. That Linux is about "freedom" doesn't mean that developers are required to take in to account the end users ability to actually use what they write in the way that they intended it to be used. What is true, and always will be, is that if any developer writes code that users don't like, eventually not enough users will use it and the developer will either change how it works to suit more users, or they will abandon it entirely.

How a user uses the software is their own fault. Not the devs. If the users bellyache over it, that's their own problem. I have borked many a system and you know what, I learn far more from that then anything else.

If that's the case, then why all the bellyaching when MS limits what users can do with their OS? It's the same thing here. It's limiting. The biggest different here is that it goes against (in my mind) a core tenant of what it is to run Linux. Which is totally freedom to do what one wants with their system. Regardless if it's the smart thing to do.

I can understand if the feature didn't exist in the first place and they had their own reasons to not allow it. I could actually understand that. But this is a feature that did exist and was available that then was removed and it wasn't to make way for an even better feature that would have been at odds with this ability.

Now as to varied user base. Absolutely true. Here is the pickle, it was mentioned about changing source code to achieve desired result. Just how much of that user base would be able to actually do that and not run a high risk of mucking something up? I would say pretty good percentage, especially given the reasoning for removing root from the program in the 1st place when it was originally there. Why couldn't it have been implemented like how to get 'su' in *buntu? Something that takes a little more effort, but not something totally out there?

And don't forget, one of the things that developers were always plagued with, was being vilified (at worst) when someone severely borked their system running a GUI 'as root'. They were damned if they did; damned if they didn't.

kubicle is exactly right: Developers are free to develop their software as they see fit. They are after all, making it available to the user at the incredibly low, low price of "free".

That's not how the "software freedom of open source" works. The developers are free to develop their software as they see fit, and users are free to modify the source code and/or use alternatives methods (or software) if they don't like the way that particular software works. That's the freedoms we have in Linux. Not the freedom to have everything we want handed to us. But it is open source, you *can* use it in "any way that you want to use it" (to remove the restrictions, it's just a few lines of source code edit and a rebuild...not that it is currently necessary, since you can use pkexec), you just can't tell someone to fix software A to behave like software B because you don't like software B.

.
That sort of misses the point why the changes were made to dolphin. For example, when you start any GUI app as root, an unprivileged user or process can get root access to the machine through the inherent insecurity of the X protocol (and the way the app communicates with the X server), that's not really a "learning experience" most people using linux (for the sake of it's "improved security" over some alternatives) would expect to get. And the X insecurity is not easily fixable (without rewriting X), it's one of the reasons Wayland is being developed.

Based on my personal experience, 95% of users that run GUI apps as root (including the ones that identify as power-users) don't really understand the security issues involved, which is probably why the somewhat drastic step was taken by the dolphin devs (if they included a config option for that, most people would just enable that without ever thinking of or understanding the possible implications).

Of course different developers do have different priorities, and dolphin being the default file manager (with a more varied user base), it's developers are understandably taking a more cautious approach compared to krusader (which is more geared towards to the more advanced user base).

This doesn't mean I agree with the way the changes were implemented by the devs, IMO the policykit integration which would allow *secure* root operatios in dolphin (without actually running the app as root) should have been implemented first, but I respect the developers freedom to err on the side of security for the default file manager. (and yes, there are workarounds and alternatives, but all gui apps started as root currently suffer from the same security issues).

To me, the core tenant of Linux is to use the system how you want to use it, any way that you want to use it. And yes, that does include using it in ways that may break the system, that is how one learns. There are times that I'm more efficient in using root in dolphin then via the CLI (or should I say more efficient with elevated rights, regardless if its su or sudo). That may not be for everyone and it may not truly be the technically more efficient method, but for my workflow, it is the more efficient method.

Now, that does not mean that I want to run my system in a perpetual state of su for any and all apps. It is still just a temporary status and once I am done, I no longer have need of it and I am no longer using the elevated privileges.

As to Commander/Krusader, while I have used those (well Krusader), I have no liking for them. If you (or anyone else) does that's fine, nothing wrong with that. I just get a headache everytime that I look at Krusader. I know some that just love it and that's great, I just prefer the overall experience with Dolphin far more and I never really liked having 2 file managers installed at the same time. That reminds me of one of the things that I didn't like with Windows in that if you didn't like one of the build in programs and you wanted to use something else, it had to be installed along side those integrated applications, which just wasted resources overall.

And while I could handle differences among them as far as features go, being able to run something in an elevated state, in my mind (and maybe I'm wrong), should just be something that I should be able to do if/when there is a need for it (regardless if that need is real or imagined).

Overall, I love the experience with Plasma. While there are still some decent size concerns that affect me and my particular setup when using Plasma (it doesn't seem to exist when using a Gnome based setup, although that setup has it's own concerns, just slightly different), overall I prefer this environment. This particular issue seems to be the biggest item left for me, and as long as that workaround works, in the end it shouldn't matter, I just don't believe that there should be a need for the work around in the first place. Otherwise, I really do love the experience of Plasma in Kubuntu (even on Neon that I use on my non mission critical stations).

I've probably used Dolphin as root maybe twice in all the time I've used Kubuntu distros. I've always used Dolphin to view root spaces, which has never been a problem, and maybe(?) will never be.

Unix gave us su and we have sudo in Linux. Midnight commander and others like it are O.K., but I hardly ever need it.

I guess I don't view messing with elevated permissions to be a big deal, or maybe I'm missing the point. And as the years go by, that's likely it

This is interesting now I'm getting an error msg for root Dolphin due to unable to load xcb plugin. It said that reinstallation of the plugin "may" solve the problem. It did not. It just repeats that error msg after reinstallation of xcb.

Edit: Apparently it's an issue with using Yakuake. Use Konsole no issue, use Yakuake and that issue shows up.

Ditto!

Actually, I plan on a fresh install of 20.04, since I have my data backed up.

As you are on 19.04, you will still have to upgrade to 19.10 before you go to 20.04, there is no skipping possible, unless it is specifically LTS to LTS upgrades.
And the root dolphin thing is simply a 'missing' package that was no longer needed (and not related to Dolphin or KDE at all).

Because it is live installer session is running with full privileges, else it would not be able to do very much. I don't recall if it is running in Single User mode, or full root, or (most likely) has an account with full privileges.

I have Dolphin running, full install from the repositories, on my 64bit laptop. It DOES NOT allow running as root, as expected.
I then created a "link to application" on the desktop and used the pkexec script found in several threads here. It runs Dolphin as root.

I'm running Kubuntu 19.04, kernel 5.4.3. Yes, it is now EOL, but it still works and is getting security updates.

I'm not willing to upgrade to 19.10 because I've read that this kills the pkexec script operation. I don't need anything in 19.11, at this time, so I'll keep this configuration until 20.04 gets full release.

I do have one question though, why does this root workaround work when running Kubuntu in a live environment, but it does not after installation? This is a full install, not min, so that isn't an issue there either.

That's the main concern I have with that. It works on the try out, but not on the final install.

With regard to Krusader, I am just not a fan, at all.

As to safe guards, bla bla blah.

Part of the joy of Linux is being able to have full access to the system and to use it in the manner that you want to. Even if that is messing up that system. If knowledge is power, learning from messing up the system is apart of gaining said power.