I've run into an odd requirement... I need some of my users to be able to edit text files as root and I can assure you that they are NOT going to learn to use the command line. In short, I need to be able to open Kate with superuser privileges. I'm running Debian Squeeze with KDE 4.3.4.

Running Kate as follows should work fine. Note that sudo won't work, and will cause all manner of errors. KDESu probably won't work properly either ( haven't tested )

Code: Select all

konsole -e "su -c /usr/bin/kate /path/to/file"

I'm assuming the users can handle entering the password into a command line prompt...
You could also try KDESu, not sure if it will probably clear the environment variables.

Code: Select all

kdesu /usr/bin/kate /path/to/file

If you have an operational PolicyKit installation, then you could use that also.

Code: Select all

pkexec /usr/bin/kate /path/to/file

kdesu doesn't work; I'll try policykit tomorrow morning. How come I can't just open Konqueror as root and open the file from there? It worked fine on Lenny with 3.5. When I do it on Squeeze with 4.3 I get the following:

KDEInit could not launch /usr/bin/kate.

I would think the ability to open a file as root using graphical utilities falls under the heading of basic functionality.

It all depends on *how* you run as root. The trick is to have a clean environment so that your root applications do not try to access your normal user D-Bus session bus. Neither sudo or kdesu seem to clean the envrionment properly unfortunately... "su -" however will clean the environment properly.

No go; here's what I got:

Code: Select all

pkexec /usr/bin/kate /etc/apt/sources.list
kate: cannot connect to X server


You may wish to try using the "su -c" solution instead in this case. You could use a setsuid launcher to run that if they don't know the root password, or you could use sudo to run it...
"sudo su -c /usr/bin/kate"...

That worked, thanks. I'm setting up a graphical app launcher for it. I have to say, however, that this is a second-best solution. What I really want (and I know this is probably getting to be an old song and dance) is to be able to do what I was able to do in KDE 3.

This is the primary reason behind motivating for implementation of PolicyKit and KAuth in KDE applications, as it would allow them to gain privileges for the saving and reading parts only, ensuring optimal security.

I understand, and I'm all about security. But I've also been running Linux systems for other users long enough to know when to budge. The young lady in question is smart, trustworthy, and reasonably adept with computers. But like most modern young computer users she thinks it's absolutely absurd to not be able to get into whatever she wants using the mouse. I think I might have found a solution, though. I can open Kwrite as root using Krusader (and although Kwrite is the default I can probably figure out how to make it Kate), but I'm new to Krusader and not quite ready to install it on a production machine. I'm liking it, however. It's a really cool bit of software.

2handband wrote:I understand, and I'm all about security. But I've also been running Linux systems for other users long enough to know when to budge. The young lady in question is smart, trustworthy, and reasonably adept with computers. But like most modern young computer users she thinks it's absolutely absurd to not be able to get into whatever she wants using the mouse. I think I might have found a solution, though. I can open Kwrite as root using Krusader (and although Kwrite is the default I can probably figure out how to make it Kate), but I'm new to Krusader and not quite ready to install it on a production machine. I'm liking it, however. It's a really cool bit of software.

Well, I agree to both sides: there are security issues running editors as root. However, there are also situations where it is inadequate to restrict the possibility of running the editor as root in a hard-coded way. The decision should be up to the respective administrator.

if you don't have time to edit the kate sources and recompile it, you can "solve" the problem the hard way by patching kate and kwrite. They have both a few lines of code directly at the start of the "main" function:

Code: Select all

    /**
     * Check whether we are running as root
     **/
    if (getuid() == 0) {
        std::cout << "Executing Kate as root is not possible. To edit files as root use:" << std::endl;
        std::cout << "SUDO_EDITOR=kate sudoedit <file>" << std::endl;
        return 0;
    }


OK, so look in the executable binaries where you find the call to getuid():

Code: Select all

objdump -Crd /usr/bin/kate | less


and search for getuid (by typing /getuid). You'll find some lines like this:

Code: Select all

   275d6:   66 90                   xchg   %ax,%ax
   275d8:   ff 25 8a 90 28 00       jmpq   *0x28908a(%rip)        # 2b0668 <getuid@GLIBC_2.2.5>
   275de:   66 90                   xchg   %ax,%ax


Now search where the address (in this case 275d8) is called, by typing /275d8 (all within 'less'). You'll find it shortly after the start of the main function (or _start):

Code: Select all

   28dee:   e8 e5 e7 ff ff          callq  275d8 <KParts::MainWindow::createShellGUI(bool)@plt+0x3d8>
   28df3:   85 c0                   test   %eax,%eax
   28df5:   0f 84 e9 1e 00 00       je     2ace4 <KParts::MainWindow::createShellGUI(bool)@plt+0x3ae4>


Here the program calls getuid(), tests the result in %eax, and if it's zero (i.e. the program runs as root) it jumps to the error routine.
Open the kate binary in a hex editor and replace the "je" instruction with "nop" instructions (0x90):

Code: Select all

before:
 0000000000028DF0    E7 FF FF 85 C0 0F 84 E9  1E 00 00 E8 B0 E9 04 00
after:
 0000000000028DF0    E7 FF FF 85 C0 90 90 90  90 90 90 E8 B0 E9 04 00


Et voilà, kate runs as root again. Patching kwrite works in the same way.

skneifel wrote:if you don't have time to edit the kate sources and recompile it, you can "solve" the problem the hard way by patching kate and kwrite. They have both a few lines of code directly at the start of the "main" function:

That check was added only a few months ago though:
https://cgit.kde.org/kate.git/commit/?i ... 46b0e12a7e
(first included in 17.04.0)

Please note that this thread is 7 years old.
Kate did not actively refuse to run as root back then.
(and btw, I never had problems to run it with kdesu here)

skneifel wrote: [...] Here the program calls getuid(), tests the result in %eax, and if it's zero (i.e. the program runs as root) it jumps to the error routine.
Open the kate binary in a hex editor and replace the "je" instruction with "nop" instructions (0x90) [...]

Thank you for showing how to do this, I learned a lot. However, I could not get a nop instruction to work. Instead, I changed to JNE (0x0F 85) although then only root can run the editor, but that's fine for my use case, and it worked.

run Kate as root:

SUDO_EDITOR=kate sudoedit /etc/sudoers

SUDO_EDITOR=kate sudoedit %f

export SUDO_EDITOR=kate

I use 2 editors, Kate and the, so I tucked this into my .bashrc file:

# Use The Hessling Editor (the) as the default editor- rcb 9/15/07
#export EDITOR="/usr/bin/xthe -X textCursor vertical -w 1200"
export EDITOR="/usr/bin/the -w 7000"
#export EDITOR="/usr/bin/gedit"
#export EDITOR="/usr/bin/kate"
export KEDITOR="/usr/bin/kate"
# Editor to use with sudoedit command for root files Updated 2017-11-16 @ 12:24:43 MST by rob@fargo
export SUDO_EDITOR="/usr/bin/kate"
# Use this alias to use the as the editor for root files: Updated 2017-11-16 @ 12:32:49 MST by rob@fargo
alias xsudoedit='SUDO_EDITOR=$EDITOR && sudoedit'
alias xse=xsudoedit
# Use this alias to use kate as the editor for root files: Updated 2017-11-16 @ 12:32:49 MST by rob@fargo
alias ksudoedit='SUDO_EDITOR=$KEDITOR && sudoedit'
alias kse=ksudoedit

So in Konsole I can issue (1) kse file_id or (2) xse file_id. Life is good...

blue_bullet wrote:So in Konsole I can issue (1) kse file_id or (2) xse file_id. Life is good...

you don't seem to know what a good life is.

in Puppy-Linux, you almost never ever enter a password at all, since all is run as root.

So, this should mean they must all have malwares and destruction.

But no, those Puppy users really have a good life whereas us KDE folks

usually have a PITA system entering passwords 100 times a day and its only getting worse.