Bug 339922 - kdesu (YaST2) does not accept root password
Summary: kdesu (YaST2) does not accept root password
Status: RESOLVED INVALID
Alias: None
Product: openSUSE 10.3
Classification: openSUSE
Component: KDE (show other bugs)
Version: Final
Hardware: 32bit openSUSE 10.3
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: E-mail List
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-11-07 18:20 UTC by Carlos Lange
Modified: 2007-11-08 17:43 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Lange 2007-11-07 18:20:00 UTC 
After changing /etc/sudoers to allow "sudo" with user password, kdesu does not accept root password anymore.

The relevant changes in sudoers were:
  User_Alias FULLADMIN = clange
  Defaults:FULLADMIN authenticate
  FULLADMIN  PLACE = PASSWD: ALL

whereas root remained as:
  root    ALL=(ALL) ALL

This allows user clange to start anything with kdesu using the user's password, which I think makes sense.
However, at the same time the root password is completely disabled in kdesu (works anywhere else, such as CLI, Kwallet, etc).
This behaviour may seem OK while user clange is logged in, but it prevents authentication of kdesu in sessions of any other non-privileged users. In other words, if another user is logged in, the user cannot start YaST2, even if the user types in the root password. 

I would suggest that kdesu should honour /etc/sudoers, but at the same time unconditionally accept the root password as authentication.
Comment 1 Will Stephenson 2007-11-08 12:51:24 UTC 
Sorry, it's not a bug. Our kdesu menu entries are designed to work with the root account only, so the problems you describe are normal.  Since it uses 'sudo', it can't know whether the user to sudo as clange or as root.  If you make these kinds of changes I suggest you change the other users' menu entries using kdesu to "kdesu -u root".
Comment 2 Carlos Lange 2007-11-08 17:43:37 UTC 
For the reference of who ever checks this non-bug out, I submitted an enhancement as Bug 340311 for kdesu to report the proper password being requested.