Red Hat Bugzilla – Bug 487949
kdesu with sudo instead of su
Last modified: 2009-03-01 12:09:02 EST
- user is in sudoers, may execute "everything" via sudo (and using his own
password to auth against sudo)
- KDE in some cases (e.g. administration) requests root-priviledges, however
does not seem to use sudo as the users own password is not accepted, separate
root-password is required
Upstream reports that this seems to be a compilation-decision.
Sudo is not configured by default in Fedora and thus using sudo in kdesu is a no-go.
Then what's the practical way in Fedora to allow apps with elevated rights without giving everybody (the same one) root-password? E.g. if you have several people using an app (maybe wireshark or so) on the local machine and you want to allow them to elevate their rights for each individual action. Therefor you'd imho usually use sudo to prevent having to give out the root-password (and to disallow direct login as root etc.) Some distros even don't have a real "root" anymore these days.
You mean sudo is not part of the base-system? Would a very tight sudo-config maybe allow to ship it for base? Or would an optional "if sudo is present use sudo" in kdesu help us out here? It's just about which app to actually call inside kdesu, isn't it?
What I mean with "sudo is not configured by default" is that sudoers is set up not to allow anyone to use sudo at all when you install Fedora, not even with the root password. So if we set up kdesu to use sudo, it will not work at all in the default configuration.
Oh, and to answer the question:
> Then what's the practical way in Fedora to allow apps with elevated rights
> without giving everybody (the same one) root-password?
None. People who don't have the root password should not be running GUI apps as root at all. It's what PolicyKit is for (and PolicyKit support in places like KDE's System Settings is coming in future KDE releases, hopefully 4.3 already). With PolicyKit, you can give your users targeted permissions to perform specific actions with their user password, and the GUI app itself does not run as root.