Bug 353497

Summary: Root Permission to YAST Granted to Non-Privileged User
Product: [openSUSE] openSUSE 10.3 Reporter: Larry Alexander <l.c.alexander>
Component: KDEAssignee: E-mail List <kde-maintainers>
Status: RESOLVED INVALID QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P5 - None CC: benji, quentin.jackson
Version: Final   
Target Milestone: ---   
Hardware: i586   
OS: openSUSE 10.3   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Larry Alexander 2008-01-12 08:54:02 UTC 
Non-privilege user logs in to KDE3.5 session.

User requires system changes. Administrator accesses YAST and enters incorrect root password. Password is refused and access is denied.

Administrator again accesses YAST and enter correct root password. Access is granted and system changes are made. Administrator leaves machine without reboot.

User requires additional system changes and attempts to access YAST. When prompted for password, user leaves it blank and presses ENTER.

User is granted root permissions in YAST.
Comment 1 Benjamin Weber 2008-01-12 12:16:30 UTC 
This is because kdesu uses sudo by default, which caches authentication. 

If you prefer it to require the correct password each time you can either edit the sudo configuration accordingly, or tell kdesu to use su by saving the following as ~/.kde/share/config/kdesurc

[super-user-command]
super-user-command=su
Comment 2 Dirk Mueller 2008-02-27 20:35:46 UTC 
see comment #1 (thanks)
Comment 3 Benjamin Weber 2008-03-12 01:11:39 UTC 
*** Bug 369540 has been marked as a duplicate of this bug. ***