polywogsys (polywogsys) wrote,

KDESu / Sudo and Polkit Woes

So upon installing OpenSUSE (for KDE4!), I noticed that everything it wanted privileges to do (add/remove network connections, install apps, etc.) required "root" password even though I redirected kdesu to use sudo instead with "kwriteconfig --file kdesurc --group super-user-command --key super-user-command sudo". I also already tried to comment out the following:

#Defaults targetpw   # ask for the password of the target user i.e. root
#ALL    ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

in my sudoers file. I wanted all KDE/gui password prompts to behave as it does on command line with "sudo".

I tested by opening a command-line and typing:

  • "sudo ls /root": worked! asked me for my password

  • "kdesu ls /root": worked! put up a different type of GUI pw prompt that came up when I tried to delete a network connection.

  • tried to delete a network connection: failed! It asked for root's password.

So then I noticed that on this particular dialog (the one that failed), there was something about polkit. Specifically "polkit-kde-authentication-agent-1". So that gave me another breadcrumb to search for on the net.

Long story short, after two days, delving into PolicyKit, what it does, and how it does it and the API... and it uses JavaScript(?!) in its configuration files... and there's no GUI to manage it, or even configure it... I found the answer.

Make a copy of 50-default.rules to 49-default.rules. Nullify 50-default.rules (not necessary, but I do this thanks to the other bastardized component - systemd). Edit the "[unix-user:root]" to "[unix-group:wheel]" (or whatever your /etc/sudoers has set as a group for elevated privileges). Please note you still have to set your user to be in that group (and logout/login).

Small rant: Next up - WHERE IS MY VAR LOG MESSAGES systemd? It works as plain text, now we need special tools to view the binary files. Next thing you know, they'll be using a binary registry like Windows... oh wait, yeah, Gnome's already doing that.

Tags: kde, linux, opensuse, polkit, sudo
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment