Bug 487949 - kdesu with sudo instead of su
kdesu with sudo instead of su
Product: Fedora
Classification: Fedora
Component: kdebase-runtime (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Ngo Than
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-03-01 11:28 EST by Stefan Neufeind
Modified: 2009-03-01 12:09 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-03-01 11:45:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
KDE Software Compilation 171806 None None None Never

  None (edit)
Description Stefan Neufeind 2009-03-01 11:28:36 EST
- user is in sudoers, may execute "everything" via sudo (and using his own
password to auth against sudo)
- KDE in some cases (e.g. administration) requests root-priviledges, however
does not seem to use sudo as the users own password is not accepted, separate
root-password is required

Upstream reports that this seems to be a compilation-decision.
Comment 1 Kevin Kofler 2009-03-01 11:45:04 EST
Sudo is not configured by default in Fedora and thus using sudo in kdesu is a no-go.
Comment 2 Stefan Neufeind 2009-03-01 11:57:48 EST
Then what's the practical way in Fedora to allow apps with elevated rights without giving everybody (the same one) root-password? E.g. if you have several people using an app (maybe wireshark or so) on the local machine and you want to allow them to elevate their rights for each individual action. Therefor you'd imho usually use sudo to prevent having to give out the root-password (and to disallow direct login as root etc.) Some distros even don't have a real "root" anymore these days.

You mean sudo is not part of the base-system? Would a very tight sudo-config maybe allow to ship it for base? Or would an optional "if sudo is present use sudo" in kdesu help us out here? It's just about which app to actually call inside kdesu, isn't it?
Comment 3 Kevin Kofler 2009-03-01 12:05:39 EST
What I mean with "sudo is not configured by default" is that sudoers is set up not to allow anyone to use sudo at all when you install Fedora, not even with the root password. So if we set up kdesu to use sudo, it will not work at all in the default configuration.
Comment 4 Kevin Kofler 2009-03-01 12:09:02 EST
Oh, and to answer the question:

> Then what's the practical way in Fedora to allow apps with elevated rights
> without giving everybody (the same one) root-password?

None. People who don't have the root password should not be running GUI apps as root at all. It's what PolicyKit is for (and PolicyKit support in places like KDE's System Settings is coming in future KDE releases, hopefully 4.3 already). With PolicyKit, you can give your users targeted permissions to perform specific actions with their user password, and the GUI app itself does not run as root.

Note You need to log in before you can comment on or make changes to this bug.