Bug 487949

Summary: kdesu with sudo instead of su
Product: [Fedora] Fedora Reporter: Stefan Neufeind <redhat>
Component: kdebase-runtimeAssignee: Than Ngo <than>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 10CC: arbiter, jreznik, kevin, ltinkl, rdieter, than, tuxbrewr
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-01 16:45:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stefan Neufeind 2009-03-01 16:28:36 UTC 
- user is in sudoers, may execute "everything" via sudo (and using his own
password to auth against sudo)
- KDE in some cases (e.g. administration) requests root-priviledges, however
does not seem to use sudo as the users own password is not accepted, separate
root-password is required


Upstream reports that this seems to be a compilation-decision.
Comment 1 Kevin Kofler 2009-03-01 16:45:04 UTC 
Sudo is not configured by default in Fedora and thus using sudo in kdesu is a no-go.
Comment 2 Stefan Neufeind 2009-03-01 16:57:48 UTC 
Then what's the practical way in Fedora to allow apps with elevated rights without giving everybody (the same one) root-password? E.g. if you have several people using an app (maybe wireshark or so) on the local machine and you want to allow them to elevate their rights for each individual action. Therefor you'd imho usually use sudo to prevent having to give out the root-password (and to disallow direct login as root etc.) Some distros even don't have a real "root" anymore these days.

You mean sudo is not part of the base-system? Would a very tight sudo-config maybe allow to ship it for base? Or would an optional "if sudo is present use sudo" in kdesu help us out here? It's just about which app to actually call inside kdesu, isn't it?
Comment 3 Kevin Kofler 2009-03-01 17:05:39 UTC 
What I mean with "sudo is not configured by default" is that sudoers is set up not to allow anyone to use sudo at all when you install Fedora, not even with the root password. So if we set up kdesu to use sudo, it will not work at all in the default configuration.
Comment 4 Kevin Kofler 2009-03-01 17:09:02 UTC 
Oh, and to answer the question:

> Then what's the practical way in Fedora to allow apps with elevated rights
> without giving everybody (the same one) root-password?

None. People who don't have the root password should not be running GUI apps as root at all. It's what PolicyKit is for (and PolicyKit support in places like KDE's System Settings is coming in future KDE releases, hopefully 4.3 already). With PolicyKit, you can give your users targeted permissions to perform specific actions with their user password, and the GUI app itself does not run as root.