Web lists-archives.com

Re: [kde-linux] KDESU again




On 12/22/2011 05:04 PM, James Tyrer wrote:
On 12/21/2011 05:12 PM, Duncan wrote:
James Tyrer posted on Wed, 21 Dec 2011 15:36:40 -0700 as excerpted:

Some time ago, I posted:

"When I run KDESU from a Konsole, I get this message:

startApp: Daemon not safe (not sgid), not using it

Is there some file that needs the permissions changed?"

It was posted to LFS that it is: "kdesud" that needs the permissions
changed -- SGID set.

Also note that for security reasons that the group should be changed
from "root" to "nobody".

FWIW, I can confirm here on gentoo, /usr/lib64/kde4/libexec/kdesud is
part of the kdesu package (4.7.90 installed), and that it's setGID, owner
root, group "nogroup" (probably "nobody" on LFS).

I don't see any special set* treatment in the ebuild, so it would appear
to be set by the build process from upstream (kde).

But my normal/kde user is locked out of things like su, and thus kdesu,
so I can't confirm whether it actually works or not.

IIUC, some distros name the private group for the user: "nobody" as
"nogroup" rather than also calling it: "nobody". No real difference
since it is still 99. So, I renamed it.

There does appears to be an issue since it is not installed this way
when you build from source.

Note that you should be able to tell if it is working correctly if the KDESU dialog window shows the: "Remember Password" box to check.

--
James Tyrer

Linux (mostly) From Scratch
___________________________________________________
This message is from the kde-linux mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde-linux.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.