From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 393BF138334 for ; Tue, 6 Nov 2018 00:04:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BAAC8E0C04; Tue, 6 Nov 2018 00:04:32 +0000 (UTC) Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 334CBE0B9E for ; Tue, 6 Nov 2018 00:04:32 +0000 (UTC) Received: by mail-yb1-xb35.google.com with SMTP id d18-v6so4616731yba.4 for ; Mon, 05 Nov 2018 16:04:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=Q93rOzv+iU9xf8yHVZ1jvZzRGAuzRCU8ACloMYnGoI4=; b=trCPopx4abxgS7Q1B1WNh0eGF1ISdlkqmzzlACQWE6vK2a57XbaY49mdzumQ+D8buP jWhr1ODCtTSo8XyLhY4y1fLaJETcmk/RryTdyzQo9EodCg1bvv2ORor8aYmus983Bf7M fGM18NS8KRdGh3xlOW8H0ERS3LNTKPnR6+emzROzkHRzKh8iEmpR+cUTj3U7eW3xpYAa Gn/xzIS4ZcW9tEohWPNKzw8FGFEQezuL8OAY9QD7R33fd9z+AbPryDi8rTLVy8jzFf9B GnPmzIgbQcNac7T5oNdcEpkNjU174+ExhpTvKdG4SuFJ32mJCN8fFSjGS6T4fZJiTnAa DoWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=Q93rOzv+iU9xf8yHVZ1jvZzRGAuzRCU8ACloMYnGoI4=; b=PEMptQLFGLFSrfOtvLDv7V7u7CaP3K5ppBb+xnU8vzLntTCQYl2y/b3Hpwj/sY7fnl XIurdJ6LGZ4j4juD3ouROdXIK97Z/K8HSAJIypP2eYUtoiaFSwHIZ//JoIoItYwSzn8I 3aProsweTUUONRaD9VURa35jnsanR83FDlAFxZd1gQTHlcleV4RS4Zfl3Vik9MVVMcar 3OXKBjxgks0lxrl480Nj/J/IhDPL5Q1Wc5bwW/qoDwVIGntxyl91/dcN3YGbgcUXa+u9 d7+7j75oN9nO8A4fRbTf2upyQ2yy44rlNHl8ArHjhw3WpMtpHO8LUdf5aXuYK9IHAd0b 0Hkw== X-Gm-Message-State: AGRZ1gI5XWTWAu6OlDtROcUQFrxAhmmmFwbn+FiwqD50InuZhRJOvJYQ abqy2HdcrAdsv75a5Fwim79C/nCZ X-Google-Smtp-Source: AJdET5dSX0qPAmQvohcXut9cY06QNfJb568KjsGAoJCptO9W0JRWgwslXcHlLgV24qTq0nuhp9VJyQ== X-Received: by 2002:a25:1043:: with SMTP id 64-v6mr23292682ybq.159.1541462670756; Mon, 05 Nov 2018 16:04:30 -0800 (PST) Received: from [192.168.2.5] (adsl-68-19-165-170.jan.bellsouth.net. [68.19.165.170]) by smtp.gmail.com with ESMTPSA id m16-v6sm22972235ywh.18.2018.11.05.16.04.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Nov 2018 16:04:30 -0800 (PST) Subject: Re: [gentoo-user] What's with KDE? To: gentoo-user@lists.gentoo.org References: <11423098.JDg7JvbAi3@peak> <118569279.PkrBW0Wy02@dell_xps> <20181105201820.GC1906@ca.inter.net> <773deec0-7709-9045-5a9b-e38a52b8a0ae@gmail.com> <45d2d310ebf9f7614c7a9f52933bdaf2@mail.touhou.fm> From: Dale Openpgp: preference=signencrypt Autocrypt: addr=rdalek1967@gmail.com; prefer-encrypt=mutual; keydata= xsFNBFpEtdQBEADI51WaryP3FJlDfmCQx2aPQpSppEKxqWhCTA8KFEcOVFmIIfiFAeekqMMD mhUxgZTtlQh7dsNqha6ioaYDqGKTv7oeJlPJw4hmIMJX3WYVSOHlsJUNM2jpDIAFeEKfup/T zDzFpuU2Qtr/Y0ji35wHyOAZLRckeNk705oRvE9wqi6noTP15Gxmw/U6aMzEfvu+wGEfCjgs 9bERmu+CS75PZEaFAv8RnsXUv1UcvQ45jmk/8ni/ogxE2h53OIp6c/hOlgJkSVRQWPZZyKZw lDiSUKCtMXPMdZ9w0X6RltQxtIQXO0KxAKaAp+tnL8z+0piafF5uW4RIglhT922RXKxxdZyx SjRgtE4V1IPtUcwPAeqVUZw2P1b4pjfPv7tNtMoFsIiY0ZnT+ua4ps6KOUeocRPKAX14mZkL jt/sZM7aIKiwyoteshRgWNNkxh4OiSxGCRUKNQI8M42cRSidvJZ6SGZXM3WpV28RPyF7+0Ba 0stEQwBGNF8uxgytY9rOJ7obmIpEZKx1p3W1O1hadOjBo2110jMDirRXtktMDfBDvVKkOZ06 vLu16uZLb0O52euhl2dMcEI3ZoCAFTKtdwMITIDj1TcMBZar6+bcwOicSFFogOLHQLJZRO5q I5szOIYW7+c0yNqPRLT3Sq7HzDyuyTUjmPZSAcqOwzX8GwUFkwARAQABzRtEYWxlIDxyZGFs ZWsxOTY3QGdtYWlsLmNvbT7CwZQEEwEIAD4WIQSUDVlCt0m0Z/PsCaxgB5lCagHqugUCWkS1 1AIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBgB5lCagHqurR7D/45/q20 vXdrJGxrkNphotmlBtTpNbVauu5A2NDv3E1Il6yqRBfh4Xw7xFuwhz9DqThuvByU6566vr0z 7oVCK33dxRm4WA7YaogRQZy4VVIbHdrksnh2f702CFllqtn5Y29M2JtXG5jiiL3aZNEhoyP9 eMtzLPGs56yZ3eMkz4U7DEmWCAUr8bbuXW+eq/A0V5djcFdHfmanuDZSxzg+cZTpVOLolS2b pmNsPTSMkJ2MDY2Kfdg3gPhSaawo2agQfgnf9E7vSm7z/rlk8bBUWcPAP/XTN9ndVwOO3x74 EQv/M4EiCTtNpw3yapVZI2NhA1wqW648D7RxIPD8Y3nkJVDS4x5g54xDe1IUFOtVUSDAh+vY wUJt7vgbCeRjyT8XbuGW9RokIos3ALNaPoq/FDNEqefbmop0CPRih6aLFHWT4YBA6xQjLJuP LSNvalNqE5mef0giCtnLxo/lkjnP9Sv+t/5VSHda5zkVuN0+2w46SbGvXIHRkSoSi6XH3ccq KayJC+oTqo4xf9J30c7CV4rEcYnJcnxMw0vcYmU3DwjGfKxuKcLHgPr9mDNWvhteroA5wNWw NzQ72yAj7rsZVUXCxZgiPldSH3SXZJ/Jo6E9JouzQgRb/I4Vy4jx0Yw8rJLDx/ha82fn+FVe cFbiodVV5UD0inw488IAAtJE+Zi0t87BTQRaRLXUARAA38iHcF7M7GnkS73dazdLBgz2YJsu fpix/N/x4CvoHMqTuwi4ASz1WroYjl3KajeH0DSybyPdEQ7nffxIUt48deT3j/rwsJkPRvCF BpmcwxErd/Mbq0BgikYxXvO68aEAs4jBDR26YtONfjobEfd+Juhxci9UN9vTOCgSPhY+dxHs MZ0gHRzvMnpM3o3+oht/XRZr05RQx83DvTIqWnjDQlCseYYlbFp+rFTZi7ro71ULDThfCE0p +f+IQ3zX0cRKOcJGtNRvyWH6PxmN4td6Q7gPHfAsFPLsCpg7nZwOejtAktPejtSEXlN6QOKv bmRQxNtzgMtjzJNNJW2NtBz0DIW394+9stchQRKLqH8n8GnB6tlkfPg4vgf/kq14QQSZcb0F M36wk+i1Hk+TWYWbOBoUw9+X941Pw1JnglJ3tzpBh+36+pdG02Lbm2v6SaZ69zkDfzJ2Sfhb E+KQLibLkiCOhuSDLDWUgUeb0lJ/0qlo3vcQMTBuG5eiWiwBkp4C+ACb1f1Akq0mFvim+gCJ qJOTu0IDK9DjKLKglA3Z6sbeepnXq8fxB2Mo/SFSYEsGqUu4MLxgwnPg7zi+rKg7MhqdiBBE fqugmNguCEYZjJrGCCzwuqPXAZAcyzEYTGFKwI6NdEZ6v8Xc3om9MJomB3y1uzG6K7T9ue5H aw/2aqEAEQEAAcLBfAQYAQgAJhYhBJQNWUK3SbRn8+wJrGAHmUJqAeq6BQJaRLXUAhsMBQkJ ZgGAAAoJEGAHmUJqAeq6/ykP/ib6xEHednaXvzZvvj854PB5ffBqKkphbf51g6pxPvFBWMwY E7Bu/kq8e3hkp3rzX42BjqiUmfEe2OyfZCabXLybP8i/QRkHTzD5nLoIYLeL+62N/WQFW1NU VhqdfQbMhphNgP1mvG2Ib5R6S+Fb+vkw776oq6jLwUBP/o6PPpp62GyvFvFb9ekxV9+sE4yG V3DTqURBY+aXfc/MTzlCXp4u4QzFW9odfcb/kb9f1m/gZbWGihAqeMd1HViXQoMzTx6IuP13 eQAkKj4FlA2QMzbEOOKO6fliSt1JweJoh0OLCEAM/3q+LaflMvvjhl9ht00IUT/ySj3/dZdf EdTpuUAtnC3A3flwgK/aetkkOhrkx9hx4SKn6UHtAl+eCqP1Mae+nWzkisBL0/hBPEz713md 5I+4Y4QjIokRiz/5l/TFwpGu26zmDfDUkZmxZR/iNCW0VAmZE2YdyRm3PYcFcVXuZ1f/ff0D us9xGsO8V6F5EIwx/9Y6AWQdW7PoKHA21ri93PoRgjv+QoOifXEkhJwTKg5k5b1Tr7h9eRU/ Se2XigPVODjrN9FRfkx/JxlJcCs/igGJS05BmiZNIIRDKBGdXy/Fj5HQB2q5v5DfvrLMNTwK Aa8pn/em1SKC/l9aV9ygpN+cQPKoQjGxPPaId/rwX+GVxKl2vakjHLPLQmm3 Message-ID: Date: Mon, 5 Nov 2018 18:04:27 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.9.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <45d2d310ebf9f7614c7a9f52933bdaf2@mail.touhou.fm> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 20dbd25d-cdfd-422d-9119-4ac39132ee90 X-Archives-Hash: 4e3367e216170ab2dd2af8a13971ab32 dsonck wrote: > On 2018-11-05 21:40, Dale wrote: >> Philip Webb wrote: >>> 181105 Dale wrote: >>>> Currently I'm using Krusader.  It works as root, >>>> so I can edit files in /etc, /root and such. >>> I can recommend Krusader to any KDE user. >>> I do most file management from CLI, but sometimes need heavy lifting. >>> If anyone tries it, they should look into its many features : >>> there's a PDF help doc available. >>> >> >> >> That's my thinking as well.  It is different from Konqueror but it does >> the job pretty well and seems to be pretty light and fast.  The biggest >> thing, it allows running as root.  >> >> I've been really busy recently.  My Mom was in the hospital for several >> weeks, that's a long time here.  After that, she was in a nursing home >> trying to get her strength back and had a few set backs while there.  >> She comes home tomorrow and is in better shape than she was over a year >> ago.  Maybe even a couple years ago.  That has kept me busy and pretty >> much wore out at times.  I have health issues of my own.  So, I haven't >> been able to really dig deep into Krusader as yet.  Basically, I got it >> to where I can edit files in /etc and /root and pretty much left it as >> is.  The one thing I'd like to change, being able to click/double click >> on a file and it open.  That's how Dolphin and the old Konqueror was set >> up.  As it is, you have to hit F4 to edit which opens Kwrite/Kate >> depending on settings for text files.  I also wish it wouldn't separate >> the file name and the extension.  I prefer them to be together.  Heck, I >> might use Krusader as a regular user if I could get that last one >> configured right.  ;-)  >> >> I really do need to research that more.  Do you have a link to that >> pdf?  I'm on version 2.7.1. but any recent version would be nice.  >> >> Thanks. >> >> Dale >> >> :-)  :-) > > I've been reading through this discussion and seen several references > to "run as root". As I've been guilty of doing that myself for a while > (and not realizing it was actually actively prevented since some > time), I decided to look into the reasoning why it's not possible > anymore. > > Apparently, it wasn't taken lightheartedly. The reasoning behind it > was that the terminal (which also has root now) can be activated and > used by injecting keystrokes (through XTest). Whether that's a concern > of the end user is up for them to decide (if you don't allow any > external party to access your system by not allowing ssh etc. you'd > basically be perfectly safe), but it's an interesting backdoor. > However, KDE also planned to bring in a more fine-grained approach by > allowing KIO to use PolicyKit to allow editing of restricted files. > This would mean that Dolphin, KWrite and Kate all get their "root" > back, but in the form of a "you require elevated rights to do this, > please specify your password" which can be protected better. > > Then again, this raises the issue of whether PolicyKit is such a great > feature. I've been having problems with that myself as it can and will > be DoS'd when it gets too many requests (had a rogue libvirt client > which did several requests all of which needed to go through PolicyKit > to verify access). While the failure mode is safe, it will block any > attempt at authorizing, it's a big nuisance because other things may > depend on it. > > Lastly, Qt also advises against being used under root due to the sheer > scope of the project which would mean that even krusader might not be > totally safe. > > I wanted to share this for those that read this discussion to > reiterate the implications allowing root, and allowing it in these GUI > applications. Of course, if it works for you and you don't see any > risk, by any means go for it. But also keep in mind that there are > apparently fair reasons behind this change. That said, I also started > to look into krusader and I might use it more. > > Greetings, > > Daniel Sonck > > I've read that too plus that some distros just don't need root much if any.  Thing is, with Gentoo, root is required at times.  Sometimes, it is the only way to edit certain files.  Since I am almost always in a GUI, I prefer to use GUI tools, plus it is much easier to copy and paste as well.  That said, I don't have ssh open here.  I only have one system anyway so there is nothing to ssh in with.  I also only open Krusader as root for short periods of time.  Generally, during OS updates which I'm about two or three weeks late on I think.  While it is safe for me, it may not be for others.  Either way, sometimes you have to be root while doing updates.  With Gentoo, it is just that way.  As you rightly point out tho, in some situations, doing that could open a door.  If one has those situations, they may want to either wait for a better solution or access those files some other way, nano on a console or something.  As with anything, ones has to take into account security.  Of course, I'm on DSL and behind a router which adds some additional protection as well.  Others may not be or be connected in a much less secure way, public WiFi even.  To really scare you good.  I can recall a time when I logged into KDE as root.  Yep, the entire KDE session was root.  That was disabled ages ago I think.  For a while one could change a config file to enable it but not sure about now.  Looking back, I'm glad I didn't have any important data or things I didn't want to be hacked into.  Talk about opening the front door.  Heck, it was like adding a 'come hack me' sign on the lawn as well.  ROFL  Oh how things have changed.  Some better, some not so much.  ;-)  Dale :-)  :-)