Happier with kdesudo

Kevin Chadwick ma1l1ists at yahoo.co.uk
Mon Dec 31 15:54:24 GMT 2012


On Sat, 29 Dec 2012 00:46:16 +0000 (UTC)
Duncan <1i5t5.duncan at cox.net> wrote:

> Kevin Chadwick posted on Fri, 28 Dec 2012 21:06:03 +0000 as excerpted:
> 
> > How can I switch from polkit-kde-authentication back to kdesudo
> > auth in KDE 4.9.
> 
> I don't have a direct answer to your question, but I'm interested in
> an answer too, for others if not for me, as it turns out I'm
> reasonably comfortable with my own policy as described below.
> 

I'd certainly like to know if and would suggest it would just be sound
practice if there is a config option to switch back to kdesu(do). I have
no need to learn any more about polkit. I think I've found how to add a
user manually as an admin but should not need to. I thought it was only
Gnome that was saying our way or the highway. KDE is usually very
configurable and I would hope so in this regard. I had already decided
against polkit before even reading this.

http://drfav.wordpress.com/2012/05/11/the-quest-towards-trusted-client-applications-a-rambling/#comment-3010

> What I've done here (on gentoo where it's actually reasonable to have
> kde without polkit, etc), is setup normal terminal-based sudo, with a
> policy not to use the X gui for anything superuser based at all.  
> 

I did similar on Arch but I'm leaving due to systemd and have no
problems without polkit on xfce, though I don't use network manager.

> Instead, I use mc (midnight commander, ncurses/slang based) with it's 
> commander-style "semi-gui" in a terminal, or the traditional CLI, for
> any "sysadmin hat" tasks, including text/config file editing, file 
> management, etc.

Is that via sudoedit?

>  For typically "user hat" tasks like multimedia
> (image, movie, audio) usage and management, I use the GUI, typically
> gwenview for images and movies, dolphin for audio and textfiles as
> gwenview doesn't handle that, but for everything else, including
> editing kde's user config itself when I end up actually handling the
> textfiles, I find the combination of mc and standard CLI commands
> works just as efficiently for me, if not more so.
> 
> A few months ago, the last time a topic like this came up on the kde 
> lists, I actually tried kdesu and kdesudo and discovered they no
> longer even worked.
> 

Yeah I'm generally quite happy with sudoedit, sed etc. and use install
scripts. I couldn't find kdmrc however and so wanted to fire it up via
kdesudo without running the whole of system-settings as root. Turns out
Sabayon (my attempt to get gentoos power without the compilation) seems
to use the kdmrc in /usr/share????!!!??? that I took as a reference
file. I've tried finding out about $KDEDIR or how the kdmrc location is
configured but no luck yet. I'm just testing at the moment but if I
decide to use Sabayon I will likely use startx anyway.

> Somewhere along the line I had decided my normal user didn't need to
> be in wheel (the group with su access) and I didn't feel the need to
> revert that decision,

I've never bothered with wheel even on OpenBSD. Whenever it's useful I
see more specific options to my case that are easily setup.

> so that didn't work, and while sudo still
> worked, my sudo policy here only lets my normal user do a few limited
> things, including sudoing to an "admin" user, which is far less
> restricted.  But of course said "admin" user doesn't then have access
> to the existing normal user X session, so couldn't run any X-based
> commands anyway.  And again, yes, I could fix that, but I realized
> that I really had no need to do so -- everything I needed to do as
> admin, I was quite comfortable doing in mc or at the CLI, and the
> tiny bit of trouble I might occasionally save by running some GUI
> admin program wasn't worth the hassle of setting up and ensuring the
> proper security of the access necessary to do so.
> 

I agree but worry about some cases, perhaps vmware or some systems
where I will want to use kdesudo and not polkit. These programs should
be able to request to run specific binaries via kdesudo rather than
encouraging the whole thing. I realise that in this case it could be
done on the CLI too. I expect it must be possible as I can't see all
apps supporting polkit.

> So instead, I ended up deciding I didn't need a GUI su method at all,
> and uninstalled kdesudo.  (kdesu is still pulled in as a dependency,
> but I'm thinking about testing a bypass of that as well using
> gentoo's package.provided, I just haven't, yet.)
> 
> As for polkit, consolekit, etc, I turned their USE flags off, and no 
> longer have them on the system either.  I don't run systemd, which 
> replaces some of consolekit's functionality, either.  (FWIW, as many 
> gentooers, I run openrc as my init system.)  Group-based device perms
> are sufficient for me, and consolekit only adds another layer that I
> have had to troubleshoot problems with in the past, so I'm best off
> without it.  I do run udev (and have its USE flag turned on, but not
> udisks or upower (USE flags turned off),
> preferring to control
> mounting myself.  

Same here and much prefer the functionality (predictable short mount
points, automount without X, mount options etc.. =-)

> My suspend/hibernate solution is something I
> scripted myself, 

I may be interested in that, if it's little trouble.

> and on the netbook, I have laptop-mode-tools
> configured for power management , so don't have/need kde's power
> management tools (powerdevil and etc) installed, either.
>

Does laptop-mode-tools not work on your desktops then?

 
> Actually, given that I have USE=semantic-desktop turned off as well
> (so no akonadi thus no kdepim, substituting gtk-based replacements
> like claws- mail), while I do run a kde desktop, all the above means
> it's actually relatively slim.  Package numbers don't mean a lot
> across distros but for gentooers this will mean something: 110
> packages in a kde upgrade for me including nearly all kdegames.  I
> guess a full kde install with all the trimmings is several hundred
> more.  (IIRC mine was 250+ before I started trimming the fat, tho
> even that wasn't all of kde.)
> 

Very interesting, I assume you still have konqueror. I prefer konqueror
to dolphin with kfind by default, filesizeview plugin and folder and
file bookmarks. I may switch to spacefm when it gets full bookmarking
though.
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.




More information about the kde mailing list