Kdesu Not Working?

permissions kubuntu 18.04

13,177

This is a very much more complex question than it first appeared to me to be :)

First of all, it is highly recommended not to use kdesu or kdesudo to run graphical applications as root or with administrative privelages.

Why is it not recommended?

The short answer is that it is considered a substantial security risk.

The security risk is being discussed at length (and disputed) in a number of different posts and bug reports.

@DK Bose kindly provided some links as a good starting point for anyone who wants a bit more detail: https://www.kubuntuforums.net/showthread.php/71347-KDE-file-manager-problem

The above link led me to some other links which show a 'lively' discussion about it: https://bugs.kde.org/show_bug.cgi?id=152150 and also https://bugs.kde.org/show_bug.cgi?id=179678

which in turn led me to a blog post about the security problem that is being discussed:

https://blog.martin-graesslin.com/blog/2017/02/editing-files-as-root/

Basically, to prevent users from exposing themselves to this security risk, running Kate or Dolphin as root has been disabled.

Kate now allows you to save system files etc. by asking you to enter your password when you require permission to save your file (via Polkit - i.e a system dialogue box appears requesting permission). This should mean it is not necessary to run Kate as root.

Dolphin will be doing the same in the near future but the change has not been implemented yet.

(On the sometimes heated discussions about this change, there were criticisms that disabling running Dolphin as root should not have been implemented until an alternative was in place. The counter argument was that the security risk was too great to allow it.)

In the meantime, there are other file managers such as PCManFM or Thunar which allow running as root (for those who understand the security implications but require the functionality).

I can't think of a lot of situations where it would be necessary to run a graphical user application as root outwith the 'editing system files' scenario. Kate can do this now without needing to be run as root.

Some of the use cases that sparked arguments against disabling running Dolphin as root, involved users wanting to create symlinks on their system files whilst using the GUI and also for penetration testing where, for example, Kali Linux runs the entire session as root.

The other reccurring argument was that if a user was aware of the security risk and wanted to run graphical applications as root anyway, then they should be allowed to do so.

kdesudo is not installed in Kubuntu 18.04 by default and is no longer in the Debian and Ubuntu repositories. It is not recommended to be used because it is unmaintained (and the general suggestion that you shouldn't be running graphical user interface programs with X as root).

kdesu is installed (as part of kde-cli-tools) but is not in your $PATH by default. You can access the binary from /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (and create a symlink in your /usr/local/bin directory if you don't fancy typing that out each time you want to use it - https://www.kubuntuforums.net/showthread.php/73471-Kdesudo?highlight=kdesudo), but it is not recommended that you do so (due to the security implications) and will not work for Kate and Dolphin anyway.

13,177

Sarah Szabo

Updated on September 18, 2022

Comments

Sarah Szabo over 1 year
When I try to execute the command kdesu dolphin or kdesudo dolphin nothing happens. I thought that this was the proper way to elevate graphical applications to temporary root privileges.

Am I doing something wrong? How can I elevate graphical application to super user level permissions?
```
sarah@ConvergentRefuge:~$ kdesu dolphin
kdesu: command not found
sarah@ConvergentRefuge:~$ kdesudo dolphin
kdesudo: command not found 
```
- pHeLiOn almost 6 years
  
  I've noticed a curious thing about this. I'm running Kubuntu 18.04 and get the same results as you for kdesu and kdesudo, but if i type man kdesu i get the manual entry for kdesu as if it is installed. I wouldn't have expected a manual entry for a program that isn't available. kdesudo doesn't have a manual entry. I'll see what I can find out anyway.
- pomsky almost 6 years
  
  Does sudo -H dolphin work?
- pHeLiOn almost 6 years
  
  I get Executing Dolphin as root is not possible. If specifically for Dolphin, I remembered that there is a Root option under Places - I'd hidden it already, but can right-click the Places section to 'Show All Entries'. Doesn't 'fix' kdesu but means you can run dolphin as root.
- Sarah Szabo almost 6 years
  
  @pHeLiOn Fair point, I tried it with sudo, adn that didn't work, so I thought I would try it with kdesu. I've never tried that before.
- DK Bose almost 6 years
  
  Please read the later entries in kubuntuforums.net/showthread.php/71347-KDE-file-manager-prob‌lem. The policy re. Dolphin is set to change back to being more permissive. I can't say when.
- DK Bose almost 6 years
  
  See also pointieststick.wordpress.com/2018/06/02/…. Look under bug fixes.
- DK Bose almost 6 years
  
  Possible duplicate: askubuntu.com/questions/990611/how-to-run-dolphin-as-root
- Sarah Szabo almost 6 years
  
  @DKBose Question isn't specifically about Dolphin.
- DK Bose almost 6 years
  
  That's what it looks like to me. No other application was mentioned.
- Sarah Szabo almost 6 years
  
  @DKBose The error is not Dolphin specific in nature. The call to dolphin could be any other command.
- pHeLiOn almost 6 years
  
  Just noticed - the Root option under Places doesn't run as root. It just takes you to the location of Root. What confused me was that I tested out changing a system file by clicking it, editing the file when it opened in Kate and when I went to save it, i was asked for my password and it made the change. So Kate will allow you to save system files but will ask for you password before saving.
DK Bose almost 6 years

Read "outwith" after a long, long time :)
Adam Plocher over 5 years

Maybe I'm missing something (and I lazily didn't read any of th elinks you mentioned, sorry :P) but if I'm being prompted for root credentials, what is insecure about it? Perhaps I have something configured improperly, but VMware Workstation I need to run as root in order to boot my VM's. That's why how I began looking into kdesu. Thanks for the info
pHeLiOn over 5 years

Probably the best summary is "The problem with starting GUI applications as root is that X11 is extremely insecure and it’s considerable easy for another application to attack this." (from blog.martin-graesslin.com/blog/2017/02/editing-files-as-root‌). There's more detail in the post and further discussion in the comments, but if the application is using X11 (i.e any graphical application not running under Wayland) then running as root exposes a fairly significant attack vector. (Assuming you had malicious software sitting & waiting for a root X11 application to open on your system)
skan about 5 years

what is the difference between kde-runtime and libkdesu5?
skan about 5 years

what is the difference between libkdesu5 and kde-runtime?