Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Super User (in the wheel) running dolphin without password

  1. #1
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,015

    Default Super User (in the wheel) running dolphin without password

    Hello.

    Logged as some super user ( this user is in the wheel group ) I can start dolphin from command line as super user.

    I would like to start dolphin the same way but from the kickoff application launcher.
    I have create a new item but the user is asked a password.
    The item is configured as this :
    Code:
    dolphin
    I have tried this
    Code:
    kdesu dolphin
    Any help is welcome.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  2. #2

    Default Re: Super User (in the wheel) running dolphin without password

    Quote Originally Posted by jcdole View Post
    Logged as some super user ( this user is in the wheel group ) I can start dolphin from command line as super user.
    Hm? The "wheel" group is not used at all by default in openSUSE.

    I suppose you modified your sudo configuration? (/etc/sudoers)

    Well, you can configure kdesu to use sudo instead of su, it will respect the sudo settings then and should behave the same.
    See here e.g.: https://forums.opensuse.org/showthre...73#post2750273

  3. #3
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,015

    Thumbs up Re: Super User (in the wheel) running dolphin without password

    Quote Originally Posted by wolfi323 View Post
    Hm? The "wheel" group is not used at all by default in openSUSE.

    I suppose you modified your sudo configuration? (/etc/sudoers)

    Well, you can configure kdesu to use sudo instead of su, it will respect the sudo settings then and should behave the same.
    See here e.g.: https://forums.opensuse.org/showthre...73#post2750273
    > I suppose you modified your sudo configuration? (/etc/sudoers)
    Yes
    Code:
    ##
    ## User privilege specification
    ##
    root ALL=(ALL) ALL
    
    ## Uncomment to allow members of group wheel to execute any command
    %wheel ALL=(ALL) ALL
    
    ## Same thing without a password
    # %wheel ALL=(ALL) NOPASSWD: ALL
    superman ALL=(ALL) NOPASSWD: ALL
    
    ## Read drop-in files from /etc/sudoers.d
    ## (the '#' here does not indicate a comment)
    #includedir /etc/sudoers.d
    I have no /home/superman/.config/kdesurc file.
    Copy the one from user root
    here is the contents of the new file /home/superman/.config/kdesurc
    Code:
    [super-user-command]
    super-user-command=sudo
    In the kickoff application launcher, have configured the item as this :
    Code:
    kdesu dolphin
    OK it's work !

    Thank you for helping.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  4. #4

    Default Re: Super User (in the wheel) running dolphin without password

    Quote Originally Posted by jcdole View Post
    I have no /home/superman/.config/kdesurc file.
    Copy the one from user root
    here is the contents of the new file /home/superman/.config/kdesurc
    Code:
    [super-user-command]
    super-user-command=sudo
    There's no need to copy it over, just creating it with this content would have worked too.

    And running "kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo" (as user) would have created it automatically if it doesn't exist.

    FYI, this only affects your current user, if you want to have this system-wide, copy the file to /etc/xdg/.

    In the kickoff application launcher, have configured the item as this :
    Code:
    kdesu dolphin
    There already should be a "File Manager - Super User Mode" entry in the menu that runs dolphin as root (via kdesu).

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,823
    Blog Entries
    1

    Default Re: Super User (in the wheel) running dolphin without password

    Don't forget to add the comment "This can grossly compromise the security of your system."
    By removing all executable restrictions from this User account, anything running in that security context can do unlimited things on your system.

    I've seen the wheel group account (yes, unused but it exists by default anyway) to more simply allow parts of applications to have sufficient elevated permissions to perform their work, but those applications are generally non-interactive or their functionality is severely scoped.

    Adding an interactive User account (ie one that is logged on when presented with a valid username/password or other credentials) has little restriction.

    This is one of those things I'd say might be possible to do, but is very inadvisable unless well considered in a very special situation.

    BTW - I consider this more to be an issue of the proposed changes in the sudoer's file and only possibly exacerbated by membership in the wheel group(in other words, not central to security vulnerability created).

    IMO,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  6. #6
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,015

    Default Re: Super User (in the wheel) running dolphin without password

    Quote Originally Posted by wolfi323 View Post
    .......

    There already should be a "File Manager - Super User Mode" entry in the menu that runs dolphin as root (via kdesu).
    For years, I developed my system scripts as root . I'm trying to change this bad habit.

    I did not consider a second that the super user mode of dolphin could be applied to a super user (in the wheel).


    Don't laugh.

    Thank you for everything.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  7. #7

    Default Re: Super User (in the wheel) running dolphin without password

    Quote Originally Posted by jcdole View Post
    For years, I developed my system scripts as root . I'm trying to change this bad habit.

    I did not consider a second that the super user mode of dolphin could be applied to a super user (in the wheel).
    Just to clarify:
    There is only *one* super user in Linux, and that is root.

    By adding your user to the wheel group, your user does not become a super user.
    Modifying the sudoers config like you did just allows you to "become" root without the need for a password (you wouldn't even have to be in the wheel group for that though).

    But security-wise this is not much better (if at all) than logging in as root in the first place.
    Yes, the desktop and applications do not run as root, but a malice application can easily gain root privileges via sudo (or kdesu), without you even noticing.

    A rule of thumb: convenience (e.g. not having to enter a password to gain root privileges) is most often the exact opposite to security (and vice-versa).

    IMHO, it's your own decision though whether you want to take this risk.

  8. #8
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,015

    Default Re: Super User (in the wheel) running dolphin without password

    Quote Originally Posted by wolfi323 View Post
    Just to clarify:
    .............
    A rule of thumb: convenience (e.g. not having to enter a password to gain root privileges) is most often the exact opposite to security (and vice-versa).
    As an example.
    Currently I work on a script which is launched after the first reboot after a clean installation of opensuse.
    This script is in /usr/local/bin

    So no need to have a user in the wheel, just run the script with su ( or sudo or kdesu ) and then give root password.
    But you must know the root password.
    This is OK for me.
    But you must give the root password for every body which develop system script. Don't you ?

    So how to run, and test with sufficient privilege ?
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  9. #9
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,587
    Blog Entries
    14

    Default Re: Super User (in the wheel) running dolphin without password

    Quote Originally Posted by jcdole View Post
    As an example.
    Currently I work on a script which is launched after the first reboot after a clean installation of opensuse.
    This script is in /usr/local/bin

    So no need to have a user in the wheel, just run the script with su ( or sudo or kdesu ) and then give root password.
    But you must know the root password.
    This is OK for me.
    But you must give the root password for every body which develop system script. Don't you ?

    So how to run, and test with sufficient privilege ?
    That's why we have development systems, test systems, production systems, packaging and so on. You don't give your root password to the openSUSE devs and packagers, don't you?
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  10. #10

    Default Re: Super User (in the wheel) running dolphin without password

    Also, if it's really necessary that every user (or at least some users) should be able to run this script or any other specific script/command as root, you could restrict the sudoers config to *only* allow to run *this* script/command (preferably even with specific arguments only) without password.
    Much safer (as long as that script/command is "safe" of course).

    But as I said, it's your decision in the end. Personally I do not care what you do or how you do it, and I don't want to force you to do it differently either.
    Last edited by wolfi323; 10-Nov-2016 at 06:32.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •