I would like to login as root (no, I don't want to use sudo)

ermeneuta · April 17, 2017, 11:29pm

I know what I am doing. I am not afraid to crash my system, there are no chances that that can happen.
I know that many things can be done with the sudo su command.
What I cannot do with that command is to start Kate from the Dolphin file manager to edit a file owned by root… to do that I need to login, when Netrunner starts, as root.
I have already enabled the root password with the command sudo passwd root which was accepted.
What is still missing is the possibility to specify, at login time, a user (root in this case) different from the standard user generated at installation time.

I tried to search all of the file system for a configuration file containing the row :
AllowRoot=false
to change it to true, but the search did not give any result.

Can please somebody tell me how to do what I need ? Thanks.

Al
P.S. Running here Netrunner 17.03

Winux2000 · April 18, 2017, 4:00am

kdesudo should be used to start kde graphical applications, not sudo.

An idea;
Make a copy of Kate in the “KDE Menu Editor” & name it. ie: Kate (Root). Then change the command line for Kate (Root) to; kdesudo kate. Save the settings for KDE Menu Editor" & exit the program.

[attachment=1041]

Now when you want to edit a root file, click “Open With” and select Kate (Root).

Although, it would be nice if Dolphin was more like this version in “Maui” Thread Post #2

Something to be aware of, even if it’s about another Linux flavor, results may be similar.

Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

jbehre wrote:[color=blue]

I know that it is a security risk to fully login as root[/color]

it is more than just a security risk, you should never log into
KDE/Gnome/XFCE or any other *nix-like graphical user interface desktop
environment as root…

doing so 1) opens you up to several different security problems, 2)
too many too easy ways to damage your system no matter how careful
your actions (example: just browsing in your home directory while
logged into KDE/Gnome/etc as root can lock you out later as yourself
due to permissions damage), 3) and, anyway logging into KDE/etc as
root is never required to do any and all administrative duties…

so, always log in as yourself, and “become root” by using a root
powered application (like YaST, File Manager Superuser Mode) or using
“su -”, sudo, kdesu, or gnomesu in a terminal to launch whatever tool
is needed (like Kwrite to edit a config file)…read more on all that
here:

http://en.opensuse.org/SDB:Login_as_root
http://docs.kde.org/stable/en/kdebas…uide/root.html
http://tinyurl.com/ydbwssh
http://tinyurl.com/6ry6yd
[color=blue]

but sometimes it more convient to login once instead of starting every
single action with su etc + password.[/color]

yes, there are lots of things in life which are more convenient if
done the wrong, more dangerous and/or less secure way…

like, it is easier to walk across the railroad tracks than to use the
pedestrian bridge over (or tunnel under) them…but !!

my opinion is: you are lucky that since the update you can no longer
easily do it wrong.

–
DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

leszek · April 18, 2017, 7:47am

Please don’t use kdesudo kate.
This is depreciated soon anyways as kde devs block opening up kate with kdesudo or as root in general.
It should not be running as root.

See this blogpost: https://blog.martin-graesslin.com/blog/2017/02/editing-files-as-root/

The same will happen with dolphin btw.

So to edit a document and save it as root use

EDITOR=kate sudoedit /path/to/file
This will ensure that kate is not run as root but instead a copy of that file is saved temporary and Kate started as normal user. After closing the file sudoedit takes care of moving the file to the right location.

Winux2000 · April 18, 2017, 2:12pm

[font=Helvetica, Arial, sans-serif]Thank you for the info & a secure work-around.

[font=Helvetica, Arial, sans-serif]Rather than hindering root access to kate & other qt gui app/programs, X11, and possibly qt should be patched to prevent such hypothetical attacks. Until that happens… AWARENESS is key![/font][/font]

Posted on 17. February 2017 by Martin Gräßlin

Editing files as root

For years I have told people to not start Kate as root to edit files. The normal response I got was “but I have to edit this file”. The problem with starting GUI applications as root is that [color=#ff3333]X11 is extremely insecure and it’s considerable easy for another application to attack this.[/color]

An application like Kate depends on libraries such as Qt. Qt itself disallows running as an setuid-app:

Qt is not an appropriate solution for setuid programs due to its large attack surface.

If Qt is not an appropriate solution for command line arguments running as root, it’s also not an appropriate solution for running GUI applications. And Qt is just one of the dependencies of graphical applications. There is obviously also xcb, Xlib, OpenGL, xkbcommon, etc. etc.

So how can another application attack an application running as root? A year ago I implemented a simple proof of concept attack against Dolphin. The attack is waiting for dolphin getting started as root. As soon as it starts, it uses the [color=#ff3333]XTest extension to fake input[/color], enable the embedded konsole window and type into it.

This is just one example. [color=#ff3333]The elephant in the room is string handling, though. Every X11 window has many window properties and every process can write to it.[/color] We just have to accept that string handling is complex and can easily trigger a crash.

Luckily there is no need for editing a file to run the editor as root. [color=#ff3333]There is a neat tool called sudoedit.[/color] That does the magic of starting the editor as the user and takes care of storing the file as root when you save.

Today I pushed a change for Kate and KWrite which does no longer allow to be run as root. Instead it educates the user about how to do the same with sudoedit.

Now I understand that this will break the workflow for some users. But with a minor adjustment to your workflow you get the same. In fact it will be better, because the Kate you start is able to pick up your configured styling. And it will also work on Wayland. And most importantly it will be secure.

[color=#ff3333]I am also aware that if you run an application which is malicious you are already owned[/color]. I think that we should protect nevertheless.

ermeneuta · April 18, 2017, 9:36pm

Thanks Winux200 and leszeq for your advice. I tried kdesudo and it works, but accepting the suggestion of leszeq will use the alternative and more secure way.

Another simple question : I have a good grasp of Windows and other Linux distributions, but I am new at netrunner… how can I in netrunner place an icon on the desktop ? What in Windows is called a shortcut… I tried the standard way to copy the icon shown in Dolphin, trying then to paste it as a shortcut on the desktop, but it doesn’t work… that works e.g. in Xubuntu, but not in netrunner…

TNX

Al

leszek · April 19, 2017, 7:25am

Usually you can drag and drop on the desktop and will ask if you want to move, copy or link to.

ermeneuta · April 20, 2017, 4:46pm

Thanks leszek. That’s exactly what I tried to do, but it didn’t work. My error was that, misled by Windows and Xubuntu, I tried to do it using the customary right mouse button… with Netrunner, you must use the left mouse button… with it, it works… but now I have to discover how you can move an icon on the desktop… once you have placed it somewhere, it stays there, no matter how you try to move it… but perhaps there surely must be something I have overlooked…

And, as far as I have seen, it doesn’t ask you what you want to do… it simply places a link on the Desktop to the file (in my case an executable)…

Al

leszek · April 20, 2017, 4:55pm

If you use the default folderview desktop containment you should be able to move the icon.
It sounds to me that you don’t use that folderview containment.
(Right click -> settings -> Layout is where you can check)

Winux2000 · April 20, 2017, 8:08pm

Perhaps your Desktop Icons are Locked?

Right click the desktop, and from the pop-up menu window, select Icons > from there you’ll see the “Locked” option and other Icons settings.
From the same Desktop pop-up menu window you can also unlock Widgets, then you’ll be able to right click an app from the Application Menu and select “Add to Desktop” which is just another way to add a linked app to the desktop.

Left click & holding an App icon from Dolphin or Application Menu to drag & drop (used on Win-x OS also) allows you to link, copy, or move (move, from Dolphin) an App to the Desktop. Personally, I prefer to Link an App Icon, since the Copy has a trust warning when opened.

ermeneuta · April 20, 2017, 10:14pm

That was it ! After setting folderview as layout, now everything works as I expect it to work.
Thanks, and thanks also to Winux2000 for his advice. My icons weren’t locked, just my desktop layout wasn’t set to folderview. As that could have happened, I don’t know, but it is not much relevant now.

Al