Bug 339922

Summary: kdesu (YaST2) does not accept root password
Product: [openSUSE] openSUSE 10.3 Reporter: Carlos Lange <carlosflange>
Component: KDEAssignee: E-mail List <kde-maintainers>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: wstephenson
Version: Final   
Target Milestone: ---   
Hardware: 32bit   
OS: openSUSE 10.3   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos Lange 2007-11-07 18:20:00 UTC 
After changing /etc/sudoers to allow "sudo" with user password, kdesu does not accept root password anymore.

The relevant changes in sudoers were:
  User_Alias FULLADMIN = clange
  Defaults:FULLADMIN authenticate
  FULLADMIN  PLACE = PASSWD: ALL

whereas root remained as:
  root    ALL=(ALL) ALL

This allows user clange to start anything with kdesu using the user's password, which I think makes sense.
However, at the same time the root password is completely disabled in kdesu (works anywhere else, such as CLI, Kwallet, etc).
This behaviour may seem OK while user clange is logged in, but it prevents authentication of kdesu in sessions of any other non-privileged users. In other words, if another user is logged in, the user cannot start YaST2, even if the user types in the root password. 

I would suggest that kdesu should honour /etc/sudoers, but at the same time unconditionally accept the root password as authentication.
Comment 1 Will Stephenson 2007-11-08 12:51:24 UTC 
Sorry, it's not a bug. Our kdesu menu entries are designed to work with the root account only, so the problems you describe are normal.  Since it uses 'sudo', it can't know whether the user to sudo as clange or as root.  If you make these kinds of changes I suggest you change the other users' menu entries using kdesu to "kdesu -u root".
Comment 2 Carlos Lange 2007-11-08 17:43:37 UTC 
For the reference of who ever checks this non-bug out, I submitted an enhancement as Bug 340311 for kdesu to report the proper password being requested.