Announcement

Collapse
No announcement yet.

Kdesudo

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by jlittle View Post
    You can get to it via /etc/alternatives/kdesu.

    Regards, John Little
    Except that using it to call Dolphin, for example, actually ends up using sudo, which kill the process. I just tried it in a Konsole using "/etc/alternatives/kdesu dolphin" and a password dialog popped up. I entered my password and was thrown immediately back to the prompt without dolphin firing up. Checking the string of output revealed the cause.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment


      #17
      Originally posted by GreyGeek View Post
      That way lies alligators and other swap creatures! Not the least of which is that config and other files in the user's home account, like .Xauthority, get owned by root and subsequent logins are met with a black screen.
      "sudo -i <program>" is safe to use even with GUI programs, unlike "sudo <program>". That's what the "-i" option is for, it makes sure the $HOME environment variable is set to "/root" (which means the sudoed program uses the correct $HOME and not the user's $HOME, which is the cause of the problems you described).

      Originally posted by GreyGeek View Post
      Except that using it to call Dolphin, for example, actually ends up using sudo, which kill the process. I just tried it in a Konsole using "/etc/alternatives/kdesu dolphin" and a password dialog popped up. I entered my password and was thrown immediately back to the prompt without dolphin firing up. Checking the string of output revealed the cause.
      This is just because dolphin does not start as root anymore, kdesu still works fine with any other program (except kate/kwrite, of course).
      Last edited by kubicle; Jul 30, 2018, 01:22 AM.

      Comment


        #18
        So, if I can use kdesu to start any GUI program except Dolphin, Kate and Write then disabling those three did more, IMO, to reduce usability than it did to increase security, since running Krusader or whatever as root using sudo or kdesu is just as insecure, is it not?
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #19
          Originally posted by GreyGeek View Post
          So, if I can use kdesu to start any GUI program except Dolphin, Kate and Write then disabling those three did more, IMO, to reduce usability than it did to increase security, since running Krusader or whatever as root using sudo or kdesu is just as insecure, is it not?
          One can certainly make a case for that argument, and you're certainly not alone in making it. I myself agree to some extent (since you can still run other GUI apps as root, the changes don't really solve the security issue they were meant to mitigate).

          There are a few counter pouints though:
          - Dolphin/kate/kwrite are probably the most common apps people are/were using as root, so disabling those does have an impact on security issues.
          - For Kate/kwrite the usability has actually improved, since there is no need to run them as root anymore. Dolphin is a bit of a head scratcher, as I think no one anticipated it would take this long for the policykit integration to get done (which would also solve the usability issues with dolphin)
          - This is sort of a necessary step anyway, since you can't run GUI apps as root in the upcoming wayland.

          This has been discussed in detail on other threads, though, I don't wish to derail this thread by going into too much detail.

          Comment


            #20
            Kdesudo

            - This is sort of a necessary step anyway, since you can't run GUI apps as root in the upcoming wayland.
            No GUI apps as root in Wayland? I hadn’t heard that.

            If things work the way Kate does then that wouldn’t be an issue. But if apps like gufw aren’t given the Kate treatment I can see a massive migration from the *buntu’s occurring because a LOT of people prefer GUI’s to the CLI.

            I need to research this more deeply
            Last edited by GreyGeek; Jul 31, 2018, 08:36 AM.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #21
              He didn't say "no GUI's" in Wayland; he said "...you can't run GUI apps as root..."
              Using Kubuntu Linux since March 23, 2007
              "It is a capital mistake to theorize before one has data." - Sherlock Holmes

              Comment


                #22
                Originally posted by Snowhog View Post
                He didn't say "no GUI's" in Wayland; he said "...you can't run GUI apps as root..."
                I understood him correctly, I just didn’t phrase what he said correctly. I edited my post to reflect that. Thanks for the heads up, Snowhog.

                No GUI apps as root is a serious limitation, IMO.
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #23
                  Originally posted by GreyGeek View Post
                  If things work the way Kate does then that wouldn’t be an issue.
                  I believe this is the plan, with apps using policykit to elevate as necessary to perform particular tasks...the apps don't run as root, they just use polkit to perform certain tasks as root when necessary.

                  Originally posted by GreyGeek View Post
                  But if apps like gufw aren’t given the Kate treatment I can see a massive migration from the *buntu’s occurring because a LOT of people prefer GUI’s to the CLI.
                  I don't really use Wayland yet, but I think that there are a few workarounds to use apps (that don't have policykit integration yet) as root, in xserver fallback mode.

                  Comment


                    #24
                    So the short term fix is alias "kdesudo" to "sudo -i"

                    Please Read Me

                    Comment


                      #25
                      Originally posted by oshunluvr View Post
                      So the short term fix is alias "kdesudo" to "sudo -i"
                      If you wish to use a GUI wrapper for sudo, I'd recommend using "kdesu" instead of "sudo -i", as sudo doesn't give you a GUI password dialog, which makes it trickier to use from launchers or krunner.

                      If you're used to typing kdesudo (or already use it in a number launchers or scripts), you can symlink /usr/bin/kdesudo to </path/to/>kdesu which will make "kdesudo" command work (even though it is actually running kdesu).

                      Of course, neither method will run dolphin as root currently.

                      In KDE Applications 18.08 (or possibly 18.12 if the change did not make it in time for 18.08) version of dolphin (not yet released) you might be able to run dolphin as root by getting to a root terminal with sudo -i, then removing the SUDO_USER env variable and then launching dolphin from the root terminal (this is because the code in dolphin start to test root UID has been changed to test SUDO_USER and KDESU_USER variables instead). This is rather hackish (and definitely not meant to re-enable root dolphin in a user GUI session), and I would not recommend that for general use, but could be an option if you REALLY need root dolphin before polkit integration is done. Do note that this does not work for KDE Applications 18.04 Dolphin, which still tests the UID.

                      Relevant code from dolphin master branch (main.cpp):
                      Code:
                      #ifndef Q_OS_WIN    // Prohibit using sudo or kdesu (but allow using the root user directly)
                      if (getuid() == 0) {
                        if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
                            std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
                            return EXIT_FAILURE;
                        } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
                            std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
                            return EXIT_FAILURE;
                        }
                      }
                      #endif
                      EDIT: Looks like KDE Applications 18.08 was released yesterday (https://www.kde.org/announcements/an...ns-18.08.0.php), and the above change made it into the release.
                      Last edited by kubicle; Aug 17, 2018, 02:51 AM.

                      Comment


                        #26
                        Just FYI (related to previous post),

                        I got KDE Apps 18.08 dolphin (won't work with older versions) from neon, and managed to get dolphin to run as root (not really recommended, but not more dangerous than running krusader as root, if that's your alternative):

                        1. Create a script /usr/local/bin/dolphin, with the contents:
                        Code:
                        #!/bin/sh
                        unset SUDO_USER
                        /usr/bin/dolphin
                        exit 0
                        2. make the script executable:
                        "sudo chmod +x /usr/local/bin/dolphin"
                        3. restart shell
                        4. Dolphin will start as root by running "sudo -i dolphin"

                        Comment


                          #27
                          Just tested your work-around on Kubuntu 18.04 (older than 18.08 and not Neon) and it does NOT work.
                          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                          – John F. Kennedy, February 26, 1962.

                          Comment


                            #28
                            Originally posted by GreyGeek View Post
                            Just tested your work-around on Kubuntu 18.04 (older than 18.08 and not Neon) and it does NOT work.
                            You need dolphin from KDE Applications 18.08 release, which just arrived on Neon user edition. it's not yet available in Kubuntu.

                            Comment


                              #29
                              That's what I assumed, but I thought I'd give it a try anyway.
                              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                              – John F. Kennedy, February 26, 1962.

                              Comment


                                #30
                                With the pkexec

                                Neon VBox - KDE Apps 18.08

                                Copy & paste from:

                                pkexec: https://www.freedesktop.org/software.../pkexec.1.html

                                “error: XDG_RUNTIME_DIR not set in the environment.” when attempting to run nautilus as root: https://askubuntu.com/questions/4566...ng-to-run-naut

                                Krusader 2.5.0 missing toolbar icons in root mode: https://forum.kde.org/viewtopic.php?f=309&t=136927

                                command =>

                                Code:
                                pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY KDE_SESSION_VERSION=5 KDE_FULL_SESSION=true dolphin
                                Seem to work...



                                But if I need to use the Dolphin with root rights I would disable the:
                                Code:
                                /*#ifndef Q_OS_WIN
                                // Prohibit using sudo or kdesu (but allow using the root user directly)
                                if (getuid() == 0) {
                                    if (!qEnvironmentVariableIsEmpty("SUDO_USER")) {
                                        std::cout << "Executing Dolphin with sudo is not possible due to unfixable security vulnerabilities." << std::endl;
                                        return EXIT_FAILURE;
                                    } else if (!qEnvironmentVariableIsEmpty("KDESU_USER")) {
                                        std::cout << "Executing Dolphin with kdesu is not possible due to unfixable security vulnerabilities." << std::endl;
                                        return EXIT_FAILURE;
                                    }
                                }
                                #endif*/
                                Last edited by Rog131; Aug 22, 2018, 11:56 AM.
                                Before you edit, BACKUP !

                                Why there are dead links ?
                                1. Thread: Please explain how to access old kubuntu forum posts
                                2. Thread: Lost Information

                                Comment

                                Working...
                                X