D12732: Implement a more user-friendly run-as-root-or-sudo behavior

Nathaniel Graham noreply at phabricator.kde.org
Mon May 7 00:52:46 BST 2018 

ngraham created this revision.
ngraham added a reviewer: Dolphin.
ngraham requested review of this revision.

REVISION SUMMARY
  I'd like to revisit the issue of not allowing Dolphin to run with elevated privileges, and make the case that the way this change was implemented was user-hostile and sub-optimal. I would also like to propose an alternative in patch form.
  
    1. Ideological/correctness arguments ##
  - It's not appropriate for software at the DE level to make judgments about how the user has chosen to run it or what kind of user account they're using. In terms of the OSI model, this would be like a web app on the Application layer refusing to run when the Transport layer is TCP, or the Network layer is IPSec.
  - There is no reason to prevent using Dolphin as the root user (not sudo). Using Dolphin with the root user account is no more insecure than any other GUI software executed as the root user, since X11 is already being run as the root user. The current implementation fails to make this distinction and therefore aggravates people who need or want to use KDE Plasma with the root user.
  
    1. Practical arguments ##
  - Distros like Kali use KDE Plasma and boot to a root GUI session by default (and by design). //For users of this distro, Dolphin simply doesn't work at all.// The same goes for recovery distros the boot into the root user. It's not reasonable to entirely break these use cases.
  - Since the feature was disabled, we've received a neverending stream of criticism that demoralizes KDE developers, takes up the time of KDE bug triagers, and generates negativity on social media that discourages people from using our software.
  - openSUSE has patched out the change; when a major enterprise distro undoes your work, it might be worth listening to them and considering whether the change might have been ill-considered/
  
    1. Usability and user-friendliness arguments ##
  - It is user-hostile to disable a feature before its replacement (PolicyKit support in KIO) was implemented and available.
  - The current method of implementation is user-hostile: a message is only printed to the console, and if a GUI method is used to run Dolphin with sudo or as root, there is no indication of why it doesn't work. Dolphin just looks broken, and we look bad.
  
  ---
  
  For all of these reasons, this patch reverts the previous implementation that disabled running from root and with sudo, and instead replaces it with more nuanced check that distinguishes between when Dolphin is run as the root user and when it's run as the current user via sudo. It displays a red warning message in the GUI instead of prohibiting the program from running.
  
  Once PolicyKit support is enabled in KIO and released to users, I think it could be reasonable to once again prohibit running Dolphin with sudo (but not as root) as long as we provide a GUI message to cover the case where Dolphin-with-sudo is launched via a desktop file, as is common with many old "open this folder with administrator privileges" add-ons that people may still be using.

TEST PLAN
  When run with the root user account:
  
  When run with `sudo`:

REPOSITORY
  R318 Dolphin

BRANCH
  more-user-friendly-sudo-and-root-usage-behavior (branched from master)

REVISION DETAIL
  https://phabricator.kde.org/D12732

AFFECTED FILES
  src/dolphinviewcontainer.cpp
  src/main.cpp

To: ngraham, #dolphin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180506/2d0c1796/attachment.htm>

More information about the kfm-devel mailing list