| 1 |
On 2018-11-05 21:40, Dale wrote: |
| 2 |
> Philip Webb wrote: |
| 3 |
>> 181105 Dale wrote: |
| 4 |
>>> Currently I'm using Krusader. It works as root, |
| 5 |
>>> so I can edit files in /etc, /root and such. |
| 6 |
>> I can recommend Krusader to any KDE user. |
| 7 |
>> I do most file management from CLI, but sometimes need heavy lifting. |
| 8 |
>> If anyone tries it, they should look into its many features : |
| 9 |
>> there's a PDF help doc available. |
| 10 |
>> |
| 11 |
> |
| 12 |
> |
| 13 |
> That's my thinking as well. It is different from Konqueror but it does |
| 14 |
> the job pretty well and seems to be pretty light and fast. The biggest |
| 15 |
> thing, it allows running as root. |
| 16 |
> |
| 17 |
> I've been really busy recently. My Mom was in the hospital for several |
| 18 |
> weeks, that's a long time here. After that, she was in a nursing home |
| 19 |
> trying to get her strength back and had a few set backs while there. |
| 20 |
> She comes home tomorrow and is in better shape than she was over a year |
| 21 |
> ago. Maybe even a couple years ago. That has kept me busy and pretty |
| 22 |
> much wore out at times. I have health issues of my own. So, I haven't |
| 23 |
> been able to really dig deep into Krusader as yet. Basically, I got it |
| 24 |
> to where I can edit files in /etc and /root and pretty much left it as |
| 25 |
> is. The one thing I'd like to change, being able to click/double click |
| 26 |
> on a file and it open. That's how Dolphin and the old Konqueror was |
| 27 |
> set |
| 28 |
> up. As it is, you have to hit F4 to edit which opens Kwrite/Kate |
| 29 |
> depending on settings for text files. I also wish it wouldn't separate |
| 30 |
> the file name and the extension. I prefer them to be together. Heck, |
| 31 |
> I |
| 32 |
> might use Krusader as a regular user if I could get that last one |
| 33 |
> configured right. ;-) |
| 34 |
> |
| 35 |
> I really do need to research that more. Do you have a link to that |
| 36 |
> pdf? I'm on version 2.7.1. but any recent version would be nice. |
| 37 |
> |
| 38 |
> Thanks. |
| 39 |
> |
| 40 |
> Dale |
| 41 |
> |
| 42 |
> :-) :-) |
| 43 |
|
| 44 |
I've been reading through this discussion and seen several references to |
| 45 |
"run as root". As I've been guilty of doing that myself for a while (and |
| 46 |
not realizing it was actually actively prevented since some time), I |
| 47 |
decided to look into the reasoning why it's not possible anymore. |
| 48 |
|
| 49 |
Apparently, it wasn't taken lightheartedly. The reasoning behind it was |
| 50 |
that the terminal (which also has root now) can be activated and used by |
| 51 |
injecting keystrokes (through XTest). Whether that's a concern of the |
| 52 |
end user is up for them to decide (if you don't allow any external party |
| 53 |
to access your system by not allowing ssh etc. you'd basically be |
| 54 |
perfectly safe), but it's an interesting backdoor. However, KDE also |
| 55 |
planned to bring in a more fine-grained approach by allowing KIO to use |
| 56 |
PolicyKit to allow editing of restricted files. This would mean that |
| 57 |
Dolphin, KWrite and Kate all get their "root" back, but in the form of a |
| 58 |
"you require elevated rights to do this, please specify your password" |
| 59 |
which can be protected better. |
| 60 |
|
| 61 |
Then again, this raises the issue of whether PolicyKit is such a great |
| 62 |
feature. I've been having problems with that myself as it can and will |
| 63 |
be DoS'd when it gets too many requests (had a rogue libvirt client |
| 64 |
which did several requests all of which needed to go through PolicyKit |
| 65 |
to verify access). While the failure mode is safe, it will block any |
| 66 |
attempt at authorizing, it's a big nuisance because other things may |
| 67 |
depend on it. |
| 68 |
|
| 69 |
Lastly, Qt also advises against being used under root due to the sheer |
| 70 |
scope of the project which would mean that even krusader might not be |
| 71 |
totally safe. |
| 72 |
|
| 73 |
I wanted to share this for those that read this discussion to reiterate |
| 74 |
the implications allowing root, and allowing it in these GUI |
| 75 |
applications. Of course, if it works for you and you don't see any risk, |
| 76 |
by any means go for it. But also keep in mind that there are apparently |
| 77 |
fair reasons behind this change. That said, I also started to look into |
| 78 |
krusader and I might use it more. |
| 79 |
|
| 80 |
Greetings, |
| 81 |
|
| 82 |
Daniel Sonck |
Archives