Hello,
I have a fresh Leap 16.0 install and whenever I attempt to run GUI applications in root mode, I keep being asked for the password but it doesn’t go anywhere.
Tried both xdg-su -c and kdesu.
Funny thing, my old Leap 16.0 VM that I updated from beta, works.
Any ideas?
Explain what desktop environment you are using.
Are you aware that from Leap 16.0 on, you are no longer required to set a root password, and the first user account (the one created during installation) is added to the wheel user group with elevated privileges? For the members of the wheel group, sudo now no longer asks for the root password (because chances are that none is set), but for that user’s own password.
In the standard installation, you don’t have a root password. If kdesu still asks for the root password, that will fail. Check if sudo (with your own password!) works on the command line.
I wrote some documentation for this for starting my Myrlyn with root privileges here; this is also valid for other programs.
And if it’s Myrlyn that you wanted to start with root privileges, there is the myrlyn-sudo script which is what the myrlyn-root.desktop file (available from the desktop menu) calls.
KDE Plasma
I thought this had been the rule for a few releases now, but yes.
Thanks, that looks clever. I created /etc/sudoers with the suggested modifications, but it still doesn’t work.
Also, I have an older 16.0 VM which has no /etc/sudoers file at all, but has a working xdg-su for some reason.
Also, I have an older 16.0 VM which has no /etc/sudoers file at all, but has a working xdg-su for some reason.
Check /usr/etc/sudoers.d and (if it exists) also /usr/etc/sudoers. The great usr-merge moved most things from /etc to /usr/etc; /usr/etc is now for the system’s default configuration as shipped, and the counterpart of anthing there in /etc is meant to override settings from /usr/etc (to memorize: /usr is where the user’s things are not; it’s the system settings. Don’t ask. 
)
Except neither kdesu nor gnomesu use sudo, they use su.
Yes. And that broke these tools without real replacement.
Cherry on top is the lack of GUI support in the default sudo configuration in SLE, thus it is not a replacement for kdesu/gnomesu.
Exactly. You had to jump through the hoops to make one single GUI application usable with sudo.
Check if root has the valid password and is not locked.
AFAICS this is done in package sudo-policy-wheel-auth-self*.rpm:
sh@meteor:~/tmp> wget -q https://download.opensuse.org/distribution/leap/16.0/repo/oss/x86_64/sudo-policy-wheel-auth-self-1.9.17p1-160000.2.2.x86_64.rpm
sh@meteor:~/tmp> rpm -qpl sudo-pol*.rpm
/usr/etc/sudoers.d/50-wheel-auth-self
/usr/share/polkit-1
/usr/share/polkit-1/rules.d
/usr/share/polkit-1/rules.d/51-wheel.rules
sh@meteor:~/tmp> unrpm sudo-pol*.rpm
sudo-policy-wheel-auth-self-1.9.17p1-160000.2.2.x86_64.rpm: 2 blocks
sh@meteor:~/tmp> tree usr
usr
├── etc
│ └── sudoers.d
│ └── 50-wheel-auth-self
└── share
└── polkit-1
└── rules.d
└── 51-wheel.rules
6 directories, 2 files
sh@meteor:~/tmp> cat usr/etc/sudoers.d/50-wheel-auth-self
Defaults:%wheel !targetpw
%wheel ALL = (root) ALL
Maybe that package isn’t installed.
What is “this”?
Granting root permissions via the wheel user group.
Which is unrelated to this topic. Neither xdg-su nor kdesu/gnomesu (which xdg-su invokes) use sudo.
Well, there were changes, and AFAIK they were extensively discussed (I wasn’t part of that), probably on openSUSE mailing lists.
I welcome being nearer to most mainstream Linux distros; most of them had always asked for the user’s password for sudo and used the wheel user group. Now openSUSE / SLES do that as well.
I did not and do not welcome the security purists’ view that no GUI program should ever run as root; I had that discussion countless times before (QDirStat also needs root permissions to visualize the whole directory tree), and they always answered with strawman arguments that this shouldn’t ever be needed.
That may be the case for those who are content with xterm and fvwm2 (no kidding, I know several such people), but the rest of us have arrived in the 21st century, and GUIs are a thing, and sometimes you do need elevated permissions. It’s not always even possible to break that down to micro-operations that can be handled via PolicyKit and a daemon process running the parts that need the permissions.
That’s why I went through all the trouble to make it possible for Myrlyn; and the result, the myrlyn-sudo script, can serve as an example how to do this for other GUI applications as well.
kdesu and gnomesu might be left very much abandoned because of all this; users who wish to use them may be forced to do extra work, and that’s a sad state of affairs.
root has no password set. Is setting one the only way?
Yes, it is the only way to use su and any other program that ends up invoking su. Or you can learn new tricks and use sudo.
Set one for now to get on with your current problem with sudo passwd root (you can delete it later with sudo passwd -d root).
Then read up on the whole sudo thing and experiment; check what myrlyn-sudo does. It might be a good example for your own custom script. You can find myrlyn-askpass here for a very simple graphical password prompt.
Yes, all that would actually be the job of kdesu / gnomesu. But I am not sure if they can be convinced that this would be a good thing.
Ok, I set a password for root, but xdg-su just exits after the prompt.
I’m one of those 
I always set a root password, not seen a need to run much as root user. Interesting that users seem to bork their systems using these so called new tools?
I have multiple installs running here and just don’t get some of the issues users have… 
I find it hard to break something here on GNOME.
I do add my user to systemd-journal for viewing logs as well as video and renderer.
Cockpit works fine, as it incorperates a browser now for folks that seem to need a GUI for moving files around.
Aside from that I’m too busy using my computer(s) for doing my tasks…
Likewise, can’t beat taking notes (lots of them) and looking at history to see what was done.
I learned the hard way that I always, always really want a root password in case things get really bad. That was with an Ubuntu system back in 2010 or so; no root password set (which is the default on Ubuntu), and I couldn’t log in with my normal user account because my encrypted home directory couldn’t be decrypted. One reinstallation later I took great care to ensure to set a root password.
You may not need a root password 99.9% of the time, but if you need it, you need it really bad.
I have no idea what it means. If you expect someone to troubleshoot the problem you have you need to describe this problem so that others can also reproduce it. Which involves showing what you are doing.
Open konsole, enter xdg-su -c /usr/bin/systemsettings, small window pops up asking for the root password, enter root password, window closes and it’s back to the konsole prompt.