Re: [gentoo-user] What's with KDE?

[dsonck <daniel@sonck.nl>]

On 2018-11-05 21:40, Dale wrote:
> Philip Webb wrote:
>> 181105 Dale wrote:
>>> Currently I'm using Krusader.  It works as root,
>>> so I can edit files in /etc, /root and such.
>> I can recommend Krusader to any KDE user.
>> I do most file management from CLI, but sometimes need heavy lifting.
>> If anyone tries it, they should look into its many features :
>> there's a PDF help doc available.
>> 
> 
> 
> That's my thinking as well.  It is different from Konqueror but it does
> the job pretty well and seems to be pretty light and fast.  The biggest
> thing, it allows running as root. 
> 
> I've been really busy recently.  My Mom was in the hospital for several
> weeks, that's a long time here.  After that, she was in a nursing home
> trying to get her strength back and had a few set backs while there. 
> She comes home tomorrow and is in better shape than she was over a year
> ago.  Maybe even a couple years ago.  That has kept me busy and pretty
> much wore out at times.  I have health issues of my own.  So, I haven't
> been able to really dig deep into Krusader as yet.  Basically, I got it
> to where I can edit files in /etc and /root and pretty much left it as
> is.  The one thing I'd like to change, being able to click/double click
> on a file and it open.  That's how Dolphin and the old Konqueror was 
> set
> up.  As it is, you have to hit F4 to edit which opens Kwrite/Kate
> depending on settings for text files.  I also wish it wouldn't separate
> the file name and the extension.  I prefer them to be together.  Heck, 
> I
> might use Krusader as a regular user if I could get that last one
> configured right.  ;-) 
> 
> I really do need to research that more.  Do you have a link to that
> pdf?  I'm on version 2.7.1. but any recent version would be nice. 
> 
> Thanks.
> 
> Dale
> 
> :-)  :-)

I've been reading through this discussion and seen several references to 
"run as root". As I've been guilty of doing that myself for a while (and 
not realizing it was actually actively prevented since some time), I 
decided to look into the reasoning why it's not possible anymore.

Apparently, it wasn't taken lightheartedly. The reasoning behind it was 
that the terminal (which also has root now) can be activated and used by 
injecting keystrokes (through XTest). Whether that's a concern of the 
end user is up for them to decide (if you don't allow any external party 
to access your system by not allowing ssh etc. you'd basically be 
perfectly safe), but it's an interesting backdoor. However, KDE also 
planned to bring in a more fine-grained approach by allowing KIO to use 
PolicyKit to allow editing of restricted files. This would mean that 
Dolphin, KWrite and Kate all get their "root" back, but in the form of a 
"you require elevated rights to do this, please specify your password" 
which can be protected better.

Then again, this raises the issue of whether PolicyKit is such a great 
feature. I've been having problems with that myself as it can and will 
be DoS'd when it gets too many requests (had a rogue libvirt client 
which did several requests all of which needed to go through PolicyKit 
to verify access). While the failure mode is safe, it will block any 
attempt at authorizing, it's a big nuisance because other things may 
depend on it.

Lastly, Qt also advises against being used under root due to the sheer 
scope of the project which would mean that even krusader might not be 
totally safe.

I wanted to share this for those that read this discussion to reiterate 
the implications allowing root, and allowing it in these GUI 
applications. Of course, if it works for you and you don't see any risk, 
by any means go for it. But also keep in mind that there are apparently 
fair reasons behind this change. That said, I also started to look into 
krusader and I might use it more.

Greetings,

Daniel Sonck