Announcement

Collapse
No announcement yet.

KDE Ends 2021 With More Plasma Wayland Fixes, Root File Operations For Dolphin

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • KDE Ends 2021 With More Plasma Wayland Fixes, Root File Operations For Dolphin

    Phoronix: KDE Ends 2021 With More Plasma Wayland Fixes, Root File Operations For Dolphin

    KDE developers ended out 2021 with more Wayland session fixes coming for the Plasma 5.24 release. There was also nice user feature work like KIO-using applications such as Dolphin now properly dealing with non-user-owned locations...

    https://www.phoronix.com/scan.php?pa...ast-2021-Fixes

  • #2
    Originally posted by phoronix View Post
    Phoronix: KDE Ends 2021 With More Plasma Wayland Fixes, Root File Operations For Dolphin

    KDE developers ended out 2021 with more Wayland session fixes coming for the Plasma 5.24 release. There was also nice user feature work like KIO-using applications such as Dolphin now properly dealing with non-user-owned locations...

    https://www.phoronix.com/scan.php?pa...ast-2021-Fixes
    Sorry to say you have miss written something.

    The Dolphin file manager can now be launched as root or other non-user-owned locations. This is thanks to PolKit support being merged in KIO. KDE applications making use of KIO can now create/move/copy/trash/delete files in non-user-owned locations as of KDE Frameworks 5.90.
    The change to KIO with polkit is so you don't need to launch the file manager or other programs as root user to access root or other non-user owned locations.

    This is a security improvement long term.

    Comment


    • #3
      Originally posted by oiaohm View Post

      The change to KIO with polkit is so you don't need to launch the file manager or other programs as root user to access root or other non-user owned locations.
      that doesn't help with x00 permissions though, does it?

      Comment


      • #4
        The Dolphin file manager can now be launched as root or other non-user-owned locations. This is thanks to PolKit support being merged in KIO. KDE applications making use of KIO can now create/move/copy/trash/delete files in non-user-owned locations as of KDE Frameworks 5.90.
        Thank you Linus! Many users been asking for this for years and after one video from Linus it's done!

        Comment


        • #5
          Originally posted by Zoll View Post

          Thank you Linus! Many users been asking for this for years and after one video from Linus it's done!
          True!!

          Comment


          • #6
            Originally posted by Zoll View Post
            Thank you Linus! Many users been asking for this for years and after one video from Linus it's done!
            The efforts were going on for years though and you can read some disputes in the KIO MR.
            Despite of the concerns, I'm still glad it has landed. I wouldn't have disallowed Dolphin from running as root before this even was implemented. I don't want to be put in shackles just because other people would torch their own houses otherwise. Really not my concern.

            So, hopefully 2022 will be the year of inert scrolling.

            Comment


            • #7
              Originally posted by Termy View Post
              that doesn't help with x00 permissions though, does it?
              Yes they did add items that permission changes you can do by kde file manager also work by the polkit/dbus interface.

              Originally posted by Zoll View Post
              Thank you Linus! Many users been asking for this for years and after one video from Linus it's done!
              The answer is no Linus video did not change anything about the speed. Security of stuff like this takes while.

              https://bugs.kde.org/show_bug.cgi?id=179678

              Yes the KIO work started in 2009. Yes this is a decade long work. Yes parties still kept on pushing less file manager run as root completely even that the answer was no.

              KIO polkit work was marked in for this release its going to be in at the 2020 KDE conference. Yes well before Linus Tech tips touched it.

              Do note how many posts had to be deleted because they were basically off topic span. There was a risk that Linus Tech might have delayed this.

              https://invent.kde.org/frameworks/ki...e_requests/143

              Please note there are still code quality issues to fix. So still possible to be pulled before final release at this time.

              The 10 years of this work is been merged 8 times and reverted 7 times. lets hope it does not come 8 times reverted.



              Comment


              • #8
                Originally posted by aufkrawall View Post
                The efforts were going on for years though and you can read some disputes in the KIO MR.
                Despite of the concerns, I'm still glad it has landed. I wouldn't have disallowed Dolphin from running as root before this even was implemented. I don't want to be put in shackles just because other people would torch their own houses otherwise. Really not my concern.
                There was a time, years ago, when "security paranoid people" discovered ways to abuse KDE's applications with elevated permissions. In that time the security minded folks in KDE-land kinda decided that running anything as root is a no-go and should be forbidden. Hence patches were made to forbid Plasma to be run as root, forbid dolphin and i believe a few other applications too. In the beginning this was as strict as only users, later this got relaxed - at least in dolphin - in various changes throughout the years.

                In my point of view those paranoid patches should never have been made or landed. But the security aspect, to some people, was more important then the (admittedly) edge cases of running Plasma and Dolphin as root. Specifically the latter is something you just need sometimes although rarely.

                Also be aware that this polkit change does not change how dolphin can be run. Look at the source: https://invent.kde.org/system/dolphi...r/src/main.cpp (lines 45-53). You cannot run dolphin with sudo or kdesudo. But you can still run it as root. Real root, user id 0. So in other terms, you're probably going to get a message to re-authenticate with your users permissions when you want to do something outside your user's homefolder. I don't know this for 100% sure as i don't have a dolphin with this yet but i'm assuming it from reading the patches. I'm hoping it won't be an authentication spam fest.. We'll see.

                Comment


                • #9
                  personally I don't think you should be able to run plasma as root. (Why would you want to). And this is a huge improvement over running a whole application as root, which can actually be abused. Personally I never launch graphical applications as root anyways, because if I want to do something as root, the safest, and less system-screwy way is console. Nonetheless, it is goot that dolphin can now copy and move files from outside your home directory again.

                  Comment


                  • #10
                    Originally posted by keit99 View Post
                    personally I don't think you should be able to run plasma as root. (Why would you want to). And this is a huge improvement over running a whole application as root, which can actually be abused. Personally I never launch graphical applications as root anyways, because if I want to do something as root, the safest, and less system-screwy way is console. Nonetheless, it is goot that dolphin can now copy and move files from outside your home directory again.
                    In an ideal world i'd agree with that.

                    Now what if you play with a single board computer where you intent to have only one application running? Say kodi as media center?
                    In that case, and i've been there, it can be very handy to start X and open something else. Could be for copying stuff, could be for editing config files could be just to see how Plasma would work in that environment.

                    In that situation having the ability to just freaking run it is quite an advantage. Yes that's an edge case. I know one can argue both ways here. the "neat" way is to create user accounts, even in this way, that would prevent some permission nightmares at the cost of having a lot of others in return (like the user isn't in the proper groups yet). I'd argue the other way that the user doesn't matter at all in this case so lets keep it as root. It's a single purpose machine, permissions don't matter.

                    Comment

                    Working...
                    X