Happier with kdesudo

Duncan 1i5t5.duncan at cox.net
Sat Dec 29 00:46:16 GMT 2012

Kevin Chadwick posted on Fri, 28 Dec 2012 21:06:03 +0000 as excerpted:

> How can I switch from polkit-kde-authentication back to kdesudo auth in
> KDE 4.9.

I don't have a direct answer to your question, but I'm interested in an 
answer too, for others if not for me, as it turns out I'm reasonably 
comfortable with my own policy as described below.

What I've done here (on gentoo where it's actually reasonable to have kde 
without polkit, etc), is setup normal terminal-based sudo, with a policy 
not to use the X gui for anything superuser based at all.  

Instead, I use mc (midnight commander, ncurses/slang based) with it's 
commander-style "semi-gui" in a terminal, or the traditional CLI, for any 
"sysadmin hat" tasks, including text/config file editing, file 
management, etc.  For typically "user hat" tasks like multimedia (image, 
movie, audio) usage and management, I use the GUI, typically gwenview for 
images and movies, dolphin for audio and textfiles as gwenview doesn't 
handle that, but for everything else, including editing kde's user config 
itself when I end up actually handling the textfiles, I find the 
combination of mc and standard CLI commands works just as efficiently for 
me, if not more so.

A few months ago, the last time a topic like this came up on the kde 
lists, I actually tried kdesu and kdesudo and discovered they no longer 
even worked.

Somewhere along the line I had decided my normal user didn't need to be 
in wheel (the group with su access) and I didn't feel the need to revert 
that decision, so that didn't work, and while sudo still worked, my sudo 
policy here only lets my normal user do a few limited things, including 
sudoing to an "admin" user, which is far less restricted.  But of course 
said "admin" user doesn't then have access to the existing normal user X 
session, so couldn't run any X-based commands anyway.  And again, yes, I 
could fix that, but I realized that I really had no need to do so -- 
everything I needed to do as admin, I was quite comfortable doing in mc 
or at the CLI, and the tiny bit of trouble I might occasionally save by 
running some GUI admin program wasn't worth the hassle of setting up and 
ensuring the proper security of the access necessary to do so.

So instead, I ended up deciding I didn't need a GUI su method at all, and 
uninstalled kdesudo.  (kdesu is still pulled in as a dependency, but I'm 
thinking about testing a bypass of that as well using gentoo's 
package.provided, I just haven't, yet.)

As for polkit, consolekit, etc, I turned their USE flags off, and no 
longer have them on the system either.  I don't run systemd, which 
replaces some of consolekit's functionality, either.  (FWIW, as many 
gentooers, I run openrc as my init system.)  Group-based device perms are 
sufficient for me, and consolekit only adds another layer that I have had 
to troubleshoot problems with in the past, so I'm best off without it.  I 
do run udev (and have its USE flag turned on, but not udisks or upower 
(USE flags turned off), preferring to control mounting myself.  My 
suspend/hibernate solution is something I scripted myself, and on the 
netbook, I have laptop-mode-tools configured for power management , so 
don't have/need kde's power management tools (powerdevil and etc) 
installed, either.

Actually, given that I have USE=semantic-desktop turned off as well (so 
no akonadi thus no kdepim, substituting gtk-based replacements like claws-
mail), while I do run a kde desktop, all the above means it's actually 
relatively slim.  Package numbers don't mean a lot across distros but for 
gentooers this will mean something: 110 packages in a kde upgrade for me 
including nearly all kdegames.  I guess a full kde install with all the 
trimmings is several hundred more.  (IIRC mine was 250+ before I started 
trimming the fat, tho even that wasn't all of kde.)

Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list