Except that using it to call Dolphin, for example, actually ends up using sudo, which kill the process. I just tried it in a Konsole using "/etc/alternatives/kdesu dolphin" and a password dialog popped up. I entered my password and was thrown immediately back to the prompt without dolphin firing up. Checking the string of output revealed the cause.

"sudo -i <program>" is safe to use even with GUI programs, unlike "sudo <program>". That's what the "-i" option is for, it makes sure the $HOME environment variable is set to "/root" (which means the sudoed program uses the correct $HOME and not the user's $HOME, which is the cause of the problems you described).

This is just because dolphin does not start as root anymore, kdesu still works fine with any other program (except kate/kwrite, of course).

So, if I can use kdesu to start any GUI program except Dolphin, Kate and Write then disabling those three did more, IMO, to reduce usability than it did to increase security, since running Krusader or whatever as root using sudo or kdesu is just as insecure, is it not?

One can certainly make a case for that argument, and you're certainly not alone in making it. I myself agree to some extent (since you can still run other GUI apps as root, the changes don't really solve the security issue they were meant to mitigate).

There are a few counter pouints though:
- Dolphin/kate/kwrite are probably the most common apps people are/were using as root, so disabling those does have an impact on security issues.
- For Kate/kwrite the usability has actually improved, since there is no need to run them as root anymore. Dolphin is a bit of a head scratcher, as I think no one anticipated it would take this long for the policykit integration to get done (which would also solve the usability issues with dolphin)
- This is sort of a necessary step anyway, since you can't run GUI apps as root in the upcoming wayland.

This has been discussed in detail on other threads, though, I don't wish to derail this thread by going into too much detail.

Kdesudo

No GUI apps as root in Wayland? I hadn’t heard that.

If things work the way Kate does then that wouldn’t be an issue. But if apps like gufw aren’t given the Kate treatment I can see a massive migration from the *buntu’s occurring because a LOT of people prefer GUI’s to the CLI.

I need to research this more deeply

He didn't say "no GUI's" in Wayland; he said "...you can't run GUI apps as root..."

I understood him correctly, I just didn’t phrase what he said correctly. I edited my post to reflect that. Thanks for the heads up, Snowhog.

No GUI apps as root is a serious limitation, IMO.

I believe this is the plan, with apps using policykit to elevate as necessary to perform particular tasks...the apps don't run as root, they just use polkit to perform certain tasks as root when necessary.

I don't really use Wayland yet, but I think that there are a few workarounds to use apps (that don't have policykit integration yet) as root, in xserver fallback mode.

So the short term fix is alias "kdesudo" to "sudo -i"

If you wish to use a GUI wrapper for sudo, I'd recommend using "kdesu" instead of "sudo -i", as sudo doesn't give you a GUI password dialog, which makes it trickier to use from launchers or krunner.

If you're used to typing kdesudo (or already use it in a number launchers or scripts), you can symlink /usr/bin/kdesudo to </path/to/>kdesu which will make "kdesudo" command work (even though it is actually running kdesu).

Of course, neither method will run dolphin as root currently.

In KDE Applications 18.08 (or possibly 18.12 if the change did not make it in time for 18.08) version of dolphin (not yet released) you might be able to run dolphin as root by getting to a root terminal with sudo -i, then removing the SUDO_USER env variable and then launching dolphin from the root terminal (this is because the code in dolphin start to test root UID has been changed to test SUDO_USER and KDESU_USER variables instead). This is rather hackish (and definitely not meant to re-enable root dolphin in a user GUI session), and I would not recommend that for general use, but could be an option if you REALLY need root dolphin before polkit integration is done. Do note that this does not work for KDE Applications 18.04 Dolphin, which still tests the UID.

Relevant code from dolphin master branch (main.cpp):
EDIT: Looks like KDE Applications 18.08 was released yesterday (https://www.kde.org/announcements/an...ns-18.08.0.php), and the above change made it into the release.

Just FYI (related to previous post),

I got KDE Apps 18.08 dolphin (won't work with older versions) from neon, and managed to get dolphin to run as root (not really recommended, but not more dangerous than running krusader as root, if that's your alternative):

1. Create a script /usr/local/bin/dolphin, with the contents:
2. make the script executable:
"sudo chmod +x /usr/local/bin/dolphin"
3. restart shell
4. Dolphin will start as root by running "sudo -i dolphin"

Just tested your work-around on Kubuntu 18.04 (older than 18.08 and not Neon) and it does NOT work.

You need dolphin from KDE Applications 18.08 release, which just arrived on Neon user edition. it's not yet available in Kubuntu.

That's what I assumed, but I thought I'd give it a try anyway.

With the pkexec

Neon VBox - KDE Apps 18.08

Copy & paste from:

pkexec: https://www.freedesktop.org/software.../pkexec.1.html

“error: XDG_RUNTIME_DIR not set in the environment.” when attempting to run nautilus as root: https://askubuntu.com/questions/4566...ng-to-run-naut

Krusader 2.5.0 missing toolbar icons in root mode: https://forum.kde.org/viewtopic.php?f=309&t=136927

command =>

Seem to work...



But if I need to use the Dolphin with root rights I would disable the: