dsonck wrote: > On 2018-11-05 21:40, Dale wrote: >> Philip Webb wrote: >>> 181105 Dale wrote: >>>> Currently I'm using Krusader. It works as root, >>>> so I can edit files in /etc, /root and such. >>> I can recommend Krusader to any KDE user. >>> I do most file management from CLI, but sometimes need heavy lifting. >>> If anyone tries it, they should look into its many features : >>> there's a PDF help doc available. >>> >> >> >> That's my thinking as well. It is different from Konqueror but it does >> the job pretty well and seems to be pretty light and fast. The biggest >> thing, it allows running as root. >> >> I've been really busy recently. My Mom was in the hospital for several >> weeks, that's a long time here. After that, she was in a nursing home >> trying to get her strength back and had a few set backs while there. >> She comes home tomorrow and is in better shape than she was over a year >> ago. Maybe even a couple years ago. That has kept me busy and pretty >> much wore out at times. I have health issues of my own. So, I haven't >> been able to really dig deep into Krusader as yet. Basically, I got it >> to where I can edit files in /etc and /root and pretty much left it as >> is. The one thing I'd like to change, being able to click/double click >> on a file and it open. That's how Dolphin and the old Konqueror was set >> up. As it is, you have to hit F4 to edit which opens Kwrite/Kate >> depending on settings for text files. I also wish it wouldn't separate >> the file name and the extension. I prefer them to be together. Heck, I >> might use Krusader as a regular user if I could get that last one >> configured right. ;-) >> >> I really do need to research that more. Do you have a link to that >> pdf? I'm on version 2.7.1. but any recent version would be nice. >> >> Thanks. >> >> Dale >> >> :-) :-) > > I've been reading through this discussion and seen several references > to "run as root". As I've been guilty of doing that myself for a while > (and not realizing it was actually actively prevented since some > time), I decided to look into the reasoning why it's not possible > anymore. > > Apparently, it wasn't taken lightheartedly. The reasoning behind it > was that the terminal (which also has root now) can be activated and > used by injecting keystrokes (through XTest). Whether that's a concern > of the end user is up for them to decide (if you don't allow any > external party to access your system by not allowing ssh etc. you'd > basically be perfectly safe), but it's an interesting backdoor. > However, KDE also planned to bring in a more fine-grained approach by > allowing KIO to use PolicyKit to allow editing of restricted files. > This would mean that Dolphin, KWrite and Kate all get their "root" > back, but in the form of a "you require elevated rights to do this, > please specify your password" which can be protected better. > > Then again, this raises the issue of whether PolicyKit is such a great > feature. I've been having problems with that myself as it can and will > be DoS'd when it gets too many requests (had a rogue libvirt client > which did several requests all of which needed to go through PolicyKit > to verify access). While the failure mode is safe, it will block any > attempt at authorizing, it's a big nuisance because other things may > depend on it. > > Lastly, Qt also advises against being used under root due to the sheer > scope of the project which would mean that even krusader might not be > totally safe. > > I wanted to share this for those that read this discussion to > reiterate the implications allowing root, and allowing it in these GUI > applications. Of course, if it works for you and you don't see any > risk, by any means go for it. But also keep in mind that there are > apparently fair reasons behind this change. That said, I also started > to look into krusader and I might use it more. > > Greetings, > > Daniel Sonck > >
I've read that too plus that some distros just don't need root much if any. Thing is, with Gentoo, root is required at times. Sometimes, it is the only way to edit certain files. Since I am almost always in a GUI, I prefer to use GUI tools, plus it is much easier to copy and paste as well. That said, I don't have ssh open here. I only have one system anyway so there is nothing to ssh in with. I also only open Krusader as root for short periods of time. Generally, during OS updates which I'm about two or three weeks late on I think. While it is safe for me, it may not be for others. Either way, sometimes you have to be root while doing updates. With Gentoo, it is just that way. As you rightly point out tho, in some situations, doing that could open a door. If one has those situations, they may want to either wait for a better solution or access those files some other way, nano on a console or something. As with anything, ones has to take into account security. Of course, I'm on DSL and behind a router which adds some additional protection as well. Others may not be or be connected in a much less secure way, public WiFi even. To really scare you good. I can recall a time when I logged into KDE as root. Yep, the entire KDE session was root. That was disabled ages ago I think. For a while one could change a config file to enable it but not sure about now. Looking back, I'm glad I didn't have any important data or things I didn't want to be hacked into. Talk about opening the front door. Heck, it was like adding a 'come hack me' sign on the lawn as well. ROFL Oh how things have changed. Some better, some not so much. ;-) Dale :-) :-)
