6

When I try to execute the command kdesu dolphin or kdesudo dolphin nothing happens. I thought that this was the proper way to elevate graphical applications to temporary root privileges.

Am I doing something wrong? How can I elevate graphical application to super user level permissions?

sarah@ConvergentRefuge:~$ kdesu dolphin
kdesu: command not found
sarah@ConvergentRefuge:~$ kdesudo dolphin
kdesudo: command not found
Sarah Szabo
  • 1,493
  • I've noticed a curious thing about this. I'm running Kubuntu 18.04 and get the same results as you for kdesu and kdesudo, but if i type man kdesu i get the manual entry for kdesu as if it is installed. I wouldn't have expected a manual entry for a program that isn't available. kdesudo doesn't have a manual entry. I'll see what I can find out anyway. – pHeLiOn Jun 07 '18 at 05:20
  • Does sudo -H dolphin work? – pomsky Jun 07 '18 at 05:25
  • I get Executing Dolphin as root is not possible. If specifically for Dolphin, I remembered that there is a Root option under Places - I'd hidden it already, but can right-click the Places section to 'Show All Entries'. Doesn't 'fix' kdesu but means you can run dolphin as root. – pHeLiOn Jun 07 '18 at 05:34
  • @pHeLiOn Fair point, I tried it with sudo, adn that didn't work, so I thought I would try it with kdesu. I've never tried that before. – Sarah Szabo Jun 07 '18 at 05:39
  • Please read the later entries in https://www.kubuntuforums.net/showthread.php/71347-KDE-file-manager-problem. The policy re. Dolphin is set to change back to being more permissive. I can't say when. – DK Bose Jun 07 '18 at 05:42
  • See also https://pointieststick.wordpress.com/2018/06/02/this-week-in-usability-productivity-part-21/#content. Look under bug fixes. – DK Bose Jun 07 '18 at 05:44
  • Possible duplicate: https://askubuntu.com/questions/990611/how-to-run-dolphin-as-root – DK Bose Jun 07 '18 at 05:45
  • @DKBose Question isn't specifically about Dolphin. – Sarah Szabo Jun 07 '18 at 05:57
  • That's what it looks like to me. No other application was mentioned. – DK Bose Jun 07 '18 at 06:00
  • @DKBose The error is not Dolphin specific in nature. The call to dolphin could be any other command. – Sarah Szabo Jun 07 '18 at 06:01
  • Just noticed - the Root option under Places doesn't run as root. It just takes you to the location of Root. What confused me was that I tested out changing a system file by clicking it, editing the file when it opened in Kate and when I went to save it, i was asked for my password and it made the change. So Kate will allow you to save system files but will ask for you password before saving. – pHeLiOn Jun 07 '18 at 06:05

4 Answers4

11

This is a very much more complex question than it first appeared to me to be :)

First of all, it is highly recommended not to use kdesu or kdesudo to run graphical applications as root or with administrative privelages.

Why is it not recommended?

The short answer is that it is considered a substantial security risk.

The security risk is being discussed at length (and disputed) in a number of different posts and bug reports.

@DK Bose kindly provided some links as a good starting point for anyone who wants a bit more detail: https://www.kubuntuforums.net/showthread.php/71347-KDE-file-manager-problem

The above link led me to some other links which show a 'lively' discussion about it: https://bugs.kde.org/show_bug.cgi?id=152150 and also https://bugs.kde.org/show_bug.cgi?id=179678

which in turn led me to a blog post about the security problem that is being discussed:

https://blog.martin-graesslin.com/blog/2017/02/editing-files-as-root/

Basically, to prevent users from exposing themselves to this security risk, running Kate or Dolphin as root has been disabled.

Kate now allows you to save system files etc. by asking you to enter your password when you require permission to save your file (via Polkit - i.e a system dialogue box appears requesting permission). This should mean it is not necessary to run Kate as root.

Dolphin will be doing the same in the near future but the change has not been implemented yet.

(On the sometimes heated discussions about this change, there were criticisms that disabling running Dolphin as root should not have been implemented until an alternative was in place. The counter argument was that the security risk was too great to allow it.)

In the meantime, there are other file managers such as PCManFM or Thunar which allow running as root (for those who understand the security implications but require the functionality).

I can't think of a lot of situations where it would be necessary to run a graphical user application as root outwith the 'editing system files' scenario. Kate can do this now without needing to be run as root.

Some of the use cases that sparked arguments against disabling running Dolphin as root, involved users wanting to create symlinks on their system files whilst using the GUI and also for penetration testing where, for example, Kali Linux runs the entire session as root.

The other reccurring argument was that if a user was aware of the security risk and wanted to run graphical applications as root anyway, then they should be allowed to do so.

kdesudo is not installed in Kubuntu 18.04 by default and is no longer in the Debian and Ubuntu repositories. It is not recommended to be used because it is unmaintained (and the general suggestion that you shouldn't be running graphical user interface programs with X as root).

kdesu is installed (as part of kde-cli-tools) but is not in your $PATH by default. You can access the binary from /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (and create a symlink in your /usr/local/bin directory if you don't fancy typing that out each time you want to use it - https://www.kubuntuforums.net/showthread.php/73471-Kdesudo?highlight=kdesudo), but it is not recommended that you do so (due to the security implications) and will not work for Kate and Dolphin anyway.

pHeLiOn
  • 1,778
  • Read "outwith" after a long, long time :) – DK Bose Jun 08 '18 at 02:14
  • Maybe I'm missing something (and I lazily didn't read any of th elinks you mentioned, sorry :P) but if I'm being prompted for root credentials, what is insecure about it? Perhaps I have something configured improperly, but VMware Workstation I need to run as root in order to boot my VM's. That's why how I began looking into kdesu. Thanks for the info – Adam Plocher Aug 20 '18 at 02:40
  • Probably the best summary is "The problem with starting GUI applications as root is that X11 is extremely insecure and it’s considerable easy for another application to attack this." (from https://blog.martin-graesslin.com/blog/2017/02/editing-files-as-root/). There's more detail in the post and further discussion in the comments, but if the application is using X11 (i.e any graphical application not running under Wayland) then running as root exposes a fairly significant attack vector. (Assuming you had malicious software sitting & waiting for a root X11 application to open on your system) – pHeLiOn Aug 21 '18 at 02:23
0

Use this commands as root:

ln -s /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu /usr/bin/kdesu
Luděk Sladký
  • 1
0

This worked for me on Kububuntu 19.04:

apt install libkdesu5
ln -s /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu /usr/lib/kde4/libexec/
cmak.fr
  • 8,696
user932278
  • 1
  • 1
0

I was able to fix or workaround this issue with one command using xhost plus either + or more specific argument (see last link below).

I dont know the consequences of this fix or how it works, but it does. The problem started happening with a recent do-release-upgrade from 20.04 to 22.04. A VM made from a fresh install of 22.04 does not have this problem and the recent kdesu updates for Kate and Dolphin work fine to use root.

Kdesu Not Working?

https://bugs.kde.org/show_bug.cgi?id=452532 "kdesu stopped working in KUbuntu due to sudo's use_pty option"

https://unix.stackexchange.com/questions/557823/centos8-run-gtk-program-under-sudo-privileges-cannot-open-display-0

alchemy
  • 762