[Solved] Bypass KDEsu Authentication Dialog

brando56894 · 2014-07-06 21:15:16

TL;DR Use Polkit overrides for Polkit authentication dialogs, otherwise switch KDEsu to use sudo instead of su so that it will honor what you have set in /etc/sudoers skip to the end for the config. Alternatively you could probably just use kdesudo from the aur.

First off, please spare the "you shouldn't do things as root!" lecture. This is my personal computer and I have been using Linux for about 10 years so I know what I'm doing (most of the time! lol). I would use the root account if I could but programs such as Google Chrome won't run at all, while others just bitch that you shouldn't run it as root.

I have a few things set up in my sudoers file that will let me run commands like pacman without a password, but these definitions don't seem to carry over to kdesu (or whatever the graphical password box is called now in KDE). It's pretty damn annoying to have to type in my password twice when updating packages with Octopi, or changing settings in the Catalyst Control Center. I know there's an option for "remember these credentials" but it never seems to work for some reason.

I know there is a "root" group, but adding my user to that doesn't seem to change anything permission wise.

Last edited by brando56894 (2014-07-07 06:16:31)

jasonwryan · 2014-07-06 21:22:30

Not a Sysadmin issue, moving to NC...

brando56894 · 2014-07-06 21:31:44

Thanks, wasn't sure which one to put it in since IMO it does have to do with system administration. Doesn't matter to me though.

clfarron4 · 2014-07-06 21:41:17

On the ArchWiki page concerning sudo I see things like To disable asking for a password for user USER_NAME:.

I'm pretty sure there's also a line in /etc/sudoers that would allow members of the wheel group to run commands with sudo without asking for password.

That said, I know in GTK environments that there is GKSU and pkexec (something to do with polkit methinks?) for administrator level access. There might be something like that for KDE with kdesu and pkexec, but I'm not KDE user.

brando56894 · 2014-07-06 21:49:26

yea I already have %wheel ALL=(ALL) NOPASSWD: ALL set in sudoers and my user is a member of wheel and users, so I don't know why I asked that. Guess I forgot I had it set that way. I'll take a look into Polkit and see if I can find anything, thanks.

Edit:

Polkit is what I needed, but I can't seem to get it to work. I wrote an override file to /etc/polkit-1/rules.d/00-bypass.rules but it didn't seem to have any effect.

/* Allows any user to run Octopi without authentication */
polkit.addRule(function(action, subject) {
    if (action.id == "org.octopi.pacmanhelper") {
        return polkit.Result.YES;
    }
});

Do I have to log out and log back in for it to take effect?

qdbusviewer gives this output when I click on org.octopi.pacmanhelper

Error: Call to object / at org.octopi.pacmanhelper: org.freedesktop.DBus.Error.AccessDenied (Rejected send message, 1 matched rules; type="method_call", sender=":1.95" (uid=0 pid=9135 comm="/usr/lib/qt/bin/qdbusviewer ") interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply="0" destination="org.octopi.pacmanhelper" (uid=0 pid=4920 comm="/usr/lib/octopi/pacmanhelper ")) failed

I'm not sure if that's the access denied error for the dialog asking me to enter root's password or telling me that qdbusviewer doesn't have access to look at it. Everything else in the System Bus tab works fine.

An interesting thing that I noticed was that in /usr/share/polkit-1/actions/org.octopi.pacman.policy the only busname mentioned in there is org.octopi.pacman.syncdb so I tried using that but that didn't work either.

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
  <action id="org.octopi.pacman.syncdb">
    <description>Synchronizes databases</description>
    <message>Prevents from doing action syncdb</message>
    <defaults>
      <allow_inactive>no</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
  </action>
</policyconfig>

edit 2:

It seems that the rules take effect immediately because I used the example for gparted and modified it for the group wheel and fired up gparted and it left me right in. I changed it back to admin and it asked me to authenticate. One thing I did notice is that the authentication for gparted and octopi is different, gparted uses the polkit dialog whereas octopi uses kdesu. Yet octopi obviously has dbus authentication rules and my user is allowed to run anything via sudo without a password so what's going on here?

Last edited by brando56894 (2014-07-07 05:49:52)

brando56894 · 2014-07-07 06:10:59

Found my problem!! The problem is that for some odd reason KDEsu uses su (as the name implies) instead of sudo, so the sudoers file wasn't getting read at all, to change this you have to create ~/.kde4/share/config/kdesurc with these contents

[super-user-command]
super-user-command=sudo

Arch Linux

#1 2014-07-06 21:15:16

[Solved] Bypass KDEsu Authentication Dialog

#2 2014-07-06 21:22:30

Re: [Solved] Bypass KDEsu Authentication Dialog

#3 2014-07-06 21:31:44

Re: [Solved] Bypass KDEsu Authentication Dialog

#4 2014-07-06 21:41:17

Re: [Solved] Bypass KDEsu Authentication Dialog

#5 2014-07-06 21:49:26

Re: [Solved] Bypass KDEsu Authentication Dialog

#6 2014-07-07 06:10:59

Re: [Solved] Bypass KDEsu Authentication Dialog

Board footer