On Sat, 29 Dec 2012 00:46:16 +0000 (UTC) Duncan <1i5t5.duncan@cox.net> wrote: > Kevin Chadwick posted on Fri, 28 Dec 2012 21:06:03 +0000 as excerpted: > > > How can I switch from polkit-kde-authentication back to kdesudo > > auth in KDE 4.9. I've had no answer on the user list so perhaps a kde dev could help? Thanks > > I don't have a direct answer to your question, but I'm interested in > an answer too, for others if not for me, as it turns out I'm > reasonably comfortable with my own policy as described below. > I'd certainly like to know if and would suggest it would just be sound practice if there is a config option to switch back to kdesu(do). I have no need to learn any more about polkit. I think I've found how to add a user manually as an admin but should not need to. I thought it was only Gnome that was saying our way or the highway. KDE is usually very configurable and I would hope so in this regard. I had already decided against polkit before even reading this. http://drfav.wordpress.com/2012/05/11/the-quest-towards-trusted-client-applications-a-rambling/#comment-3010 > What I've done here (on gentoo where it's actually reasonable to have > kde without polkit, etc), is setup normal terminal-based sudo, with a > policy not to use the X gui for anything superuser based at all. > I did similar on Arch but I'm leaving due to systemd and have no problems without polkit on xfce, though I don't use network manager. > Instead, I use mc (midnight commander, ncurses/slang based) with it's > commander-style "semi-gui" in a terminal, or the traditional CLI, for > any "sysadmin hat" tasks, including text/config file editing, file > management, etc. Is that via sudoedit? > For typically "user hat" tasks like multimedia > (image, movie, audio) usage and management, I use the GUI, typically > gwenview for images and movies, dolphin for audio and textfiles as > gwenview doesn't handle that, but for everything else, including > editing kde's user config itself when I end up actually handling the > textfiles, I find the combination of mc and standard CLI commands > works just as efficiently for me, if not more so. > > A few months ago, the last time a topic like this came up on the kde > lists, I actually tried kdesu and kdesudo and discovered they no > longer even worked. > Yeah I'm generally quite happy with sudoedit, sed etc. and use install scripts. I couldn't find kdmrc however and so wanted to fire it up via kdesudo without running the whole of system-settings as root. Turns out Sabayon (my attempt to get gentoos power without the compilation) seems to use the kdmrc in /usr/share????!!!??? that I took as a reference file. I've tried finding out about $KDEDIR or how the kdmrc location is configured but no luck yet. I'm just testing at the moment but if I decide to use Sabayon I will likely use startx anyway. > Somewhere along the line I had decided my normal user didn't need to > be in wheel (the group with su access) and I didn't feel the need to > revert that decision, I've never bothered with wheel even on OpenBSD. Whenever it's useful I see more specific options to my case that are easily setup. > so that didn't work, and while sudo still > worked, my sudo policy here only lets my normal user do a few limited > things, including sudoing to an "admin" user, which is far less > restricted. But of course said "admin" user doesn't then have access > to the existing normal user X session, so couldn't run any X-based > commands anyway. And again, yes, I could fix that, but I realized > that I really had no need to do so -- everything I needed to do as > admin, I was quite comfortable doing in mc or at the CLI, and the > tiny bit of trouble I might occasionally save by running some GUI > admin program wasn't worth the hassle of setting up and ensuring the > proper security of the access necessary to do so. > I agree but worry about some cases, perhaps vmware or some systems where I will want to use kdesudo and not polkit. These programs should be able to request to run specific binaries via kdesudo rather than encouraging the whole thing. I realise that in this case it could be done on the CLI too. I expect it must be possible as I can't see all apps supporting polkit. > So instead, I ended up deciding I didn't need a GUI su method at all, > and uninstalled kdesudo. (kdesu is still pulled in as a dependency, > but I'm thinking about testing a bypass of that as well using > gentoo's package.provided, I just haven't, yet.) > > As for polkit, consolekit, etc, I turned their USE flags off, and no > longer have them on the system either. I don't run systemd, which > replaces some of consolekit's functionality, either. (FWIW, as many > gentooers, I run openrc as my init system.) Group-based device perms > are sufficient for me, and consolekit only adds another layer that I > have had to troubleshoot problems with in the past, so I'm best off > without it. I do run udev (and have its USE flag turned on, but not > udisks or upower (USE flags turned off), > preferring to control > mounting myself. Same here and much prefer the functionality (predictable short mount points, automount without X, mount options etc.. =-) > My suspend/hibernate solution is something I > scripted myself, I may be interested in that, if it's little trouble. > and on the netbook, I have laptop-mode-tools > configured for power management , so don't have/need kde's power > management tools (powerdevil and etc) installed, either. > Does laptop-mode-tools not work on your desktops then? > Actually, given that I have USE=semantic-desktop turned off as well > (so no akonadi thus no kdepim, substituting gtk-based replacements > like claws- mail), while I do run a kde desktop, all the above means > it's actually relatively slim. Package numbers don't mean a lot > across distros but for gentooers this will mean something: 110 > packages in a kde upgrade for me including nearly all kdegames. I > guess a full kde install with all the trimmings is several hundred > more. (IIRC mine was 250+ before I started trimming the fat, tho > even that wasn't all of kde.) > Very interesting, I assume you still have konqueror. I prefer konqueror to dolphin with kfind by default, filesizeview plugin and folder and file bookmarks. I may switch to spacefm when it gets full bookmarking though.