<FILENAME filename="index.html"><html><head><title>The KDE su handbook</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="description" content="KDE su is a graphical front end for the UNIX su command."><meta name="keywords" content="KDE, su, password, root"><link rel="home" href="index.html" title="The KDE su handbook"><link rel="next" href="introduction.html" title="Chapter 1. Introduction"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> The <span class="application">KDE su</span> handbook</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="introduction.html">Next</a></td></tr></table></div><div id="contentBody"><div lang="en" class="book"><div class="titlepage"><div><div><h1 class="title"><a name="kdesu"></a>The <span class="application">KDE su</span> handbook</h1></div><div><div class="authorgroup"><p class="author"><span class="firstname">Geert</span> <span class="surname">Jansen</span> <code class="email"><g.t.jansen@stud.tue.nl></code></p></div></div><div>Revision <span class="releaseinfo">KDE 4.5 (<span class="date">2010-09-21</span>)</span></div><div><p class="copyright">Copyright © 2000 <span class="firstname">Geert</span> <span class="surname">Jansen</span></p></div><div><p><a href="help:/kdoctools5-common/fdl-notice.html">Legal Notice</a></p></div><div><div><div class="abstract"><p><span class="application">KDE su</span> is a graphical front end for the <span class="trademark">UNIX</span>® <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span> command.</p></div></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="chapter"><a href="introduction.html">1. Introduction</a></span></dt><dt><span class="chapter"><a href="using-kdesu.html">2. Using <span class="application">KDE su</span></a></span></dt><dt><span class="chapter"><a href="Internals.html">3. Internals</a></span></dt><dd><dl><dt><span class="sect1"><a href="Internals.html#x-authentication">X authentication</a></span></dt><dt><span class="sect1"><a href="interface-to-su.html">Interface to <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span></a></span></dt><dt><span class="sect1"><a href="password-checking.html">Password Checking</a></span></dt><dt><span class="sect1"><a href="sec-password-keeping.html">Password Keeping</a></span></dt></dl></dd><dt><span class="chapter"><a href="Author.html">4. Author</a></span></dt></dl></div><FILENAME filename="introduction.html"><html><head><title>Chapter 1. Introduction</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, su, password, root"><link rel="home" href="index.html" title="The KDE su handbook"><link rel="up" href="index.html" title="The KDE su handbook"><link rel="prev" href="index.html" title="The KDE su handbook"><link rel="next" href="using-kdesu.html" title="Chapter 2. Using KDE su"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Introduction</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="index.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="using-kdesu.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="introduction"></a>Chapter 1. Introduction</h1></div></div></div><p>Welcome to <span class="application">KDE su</span>! <span class="application">KDE su</span> is a graphical front end for the <span class="trademark">UNIX</span>® <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span> command for the K Desktop Environment. It allows you to run a program as different user by supplying the password for that user. <span class="application">KDE su</span> is an unprivileged program; it uses the system's <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span>.</p><p><span class="application">KDE su</span> has one additional feature: it can remember passwords for you. If you are using this feature, you only need to enter the password once for each command. See <a class="xref" href="sec-password-keeping.html" title="Password Keeping">the section called “Password Keeping”</a> for more information on this and a security analysis.</p><p>This program is meant to be started from the command line or from <code class="filename">.desktop</code> files. Although it asks for the <code class="systemitem">root</code> password using a <acronym class="acronym">GUI</acronym> dialog, I consider it to be more of a command line <-> <acronym class="acronym">GUI</acronym> glue instead of a pure <acronym class="acronym">GUI</acronym> program.</p><p>Since <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kdesu</strong></span></span> is no longer installed in <strong class="userinput"><code> $(kf5-config --prefix)</code></strong>/bin but in <strong class="userinput"><code>kf5-config --path libexec</code></strong> and therefore not in your <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">Path</code></span>, you have to use <strong class="userinput"><code>$(kf5-config --path libexec)<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kdesu</strong></span></span></code></strong> to launch <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kdesu</strong></span></span>.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="index.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="using-kdesu.html">Next</a></td></tr><tr><td class="prevCell">The <span class="application">KDE su</span> handbook </td><td class="upCell"> </td><td class="nextCell"> Using <span class="application">KDE su</span></td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="using-kdesu.html"><html><head><title>Chapter 2. Using KDE su</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, su, password, root"><link rel="home" href="index.html" title="The KDE su handbook"><link rel="up" href="index.html" title="The KDE su handbook"><link rel="prev" href="introduction.html" title="Chapter 1. Introduction"><link rel="next" href="Internals.html" title="Chapter 3. Internals"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Using <span class="application">KDE su</span></div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="introduction.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="Internals.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="using-kdesu"></a>Chapter 2. Using <span class="application">KDE su</span></h1></div></div></div><p>Usage of <span class="application">KDE su</span> is easy. The syntax is like this:</p><div class="cmdsynopsis"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kdesu</strong></span></span> [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-c</code></span><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code> command</code></em></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-d</code></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-f</code></span><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code> file</code></em></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-i</code></span><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code> icon name</code></em></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-n</code></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-p</code></span><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code> priority</code></em></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-r</code></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-s</code></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-t</code></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-u</code></span><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code> user</code></em></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--noignorebutton</code></span>] [<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--attach</code></span><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code> winid</code></em></span>]</p></div><div class="cmdsynopsis"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kdesu</strong></span></span> [<span class="orgname">KDE</span> Generic Options] [<span class="trademark">Qt</span>™ Generic Options]</p></div><p>The command line options are explained below.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-c <span class="replaceable"><em class="replaceable"><code>command</code></em></span></code></span></span></dt><dd><p>This specifies the command to run as root. It has to be passed in one argument. So if, for example, you want to start a new file manager, you would enter at the prompt: <strong class="userinput"><code>$(kf5-config --path libexec)<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kdesu <span class="option"><code class="option">-c <span class="replaceable"><em class="replaceable"><code> <span class="application">Dolphin</span></code></em></span></code></span></strong></span></span></code></strong></p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-d</code></span></span></dt><dd><p>Show debug information.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-f <span class="replaceable"><em class="replaceable"><code>file</code></em></span></code></span></span></dt><dd><p>This option allow efficient use of <span class="application">KDE su</span> in <code class="filename">.desktop</code> files. It tells <span class="application">KDE su</span> to examine the file specified by <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="parameter"><em class="parameter"><code>file</code></em></span>. If this file is writable by the current user, <span class="application">KDE su</span> will execute the command as the current user. If it is not writable, the command is executed as user <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="parameter"><em class="parameter"><code>user</code></em></span> (defaults to root).</p><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="parameter"><em class="parameter"><code>file</code></em></span> is evaluated like this: if <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="parameter"><em class="parameter"><code>file</code></em></span> starts with a <code class="literal">/</code>, it is taken as an absolute filename. Otherwise, it is taken as the name of a global <span class="orgname">KDE</span> configuration file.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-i</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>icon name</code></em></span></span></dt><dd><p>Specify icon to use in the password dialog. You may specify just the name, without any extension.</p><p>For instance to run <span class="application">Konqueror</span> in filemanager mode and show the <span class="application">Konqueror</span> icon in the password dialog:</p><pre class="screen"><strong class="userinput"><code>$(kf5-config --path libexec)<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kdesu</strong></span></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-i konqueror</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-c "konqueror --profile filemanagement"</code></span></code></strong></pre></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-n</code></span></span></dt><dd><p>Do not keep the password. This disables the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">keep password</span></span> checkbox in the password dialog.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-p</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>priority</code></em></span></span></dt><dd><p>Set priority value. The priority is an arbitrary number between 0 and 100, where 100 means highest priority, and 0 means lowest. The default is 50.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-r</code></span></span></dt><dd><p>Use realtime scheduling.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-s</code></span></span></dt><dd><p>Stop the kdesu daemon. See <a class="xref" href="sec-password-keeping.html" title="Password Keeping">the section called “Password Keeping”</a>.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-t</code></span></span></dt><dd><p>Enable terminal output. This disables password keeping. This is largely for debugging purposes; if you want to run a console mode app, use the standard <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span> instead.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-u</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code> user</code></em></span></span></dt><dd><p>While the most common use for <span class="application">KDE su</span> is to run a command as the superuser, you can supply any user name and the appropriate password.</p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="introduction.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="Internals.html">Next</a></td></tr><tr><td class="prevCell">Introduction </td><td class="upCell"> </td><td class="nextCell"> Internals</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="Internals.html"><html><head><title>Chapter 3. Internals</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, su, password, root"><link rel="home" href="index.html" title="The KDE su handbook"><link rel="up" href="index.html" title="The KDE su handbook"><link rel="prev" href="using-kdesu.html" title="Chapter 2. Using KDE su"><link rel="next" href="interface-to-su.html" title="Interface to su"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Internals</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="using-kdesu.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="interface-to-su.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="Internals"></a>Chapter 3. Internals</h1></div></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="x-authentication"></a>X authentication</h2></div></div></div><p>The program you execute will run under the root user id and will generally have no authority to access your X display. <span class="application">KDE su</span> gets around this by adding an authentication cookie for your display to a temporary <code class="filename">.Xauthority</code> file. After the command exits, this file is removed. </p><p>If you don't use X cookies, you are on your own. <span class="application">KDE su</span> will detect this and will not add a cookie but you will have to make sure that root is allowed to access to your display.</p></div><FILENAME filename="interface-to-su.html"><html><head><title>Interface to su</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, su, password, root"><link rel="home" href="index.html" title="The KDE su handbook"><link rel="up" href="Internals.html" title="Chapter 3. Internals"><link rel="prev" href="Internals.html" title="Chapter 3. Internals"><link rel="next" href="password-checking.html" title="Password Checking"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Interface to <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span></div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="Internals.html">Prev</a></td><td class="upCell">Internals</td><td class="nextCell"><a accesskey="n" href="password-checking.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="interface-to-su"></a>Interface to <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span></h2></div></div></div><p><span class="application">KDE su</span> uses the sytem's <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span> for acquiring priviliges. In this section, I explain the details of how <span class="application">KDE su</span> does this. </p><p>Because some <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span> implementations (<abbr class="abbrev">i.e.</abbr> the one from <span class="trademark">Red Hat</span>®) don't want to read the password from <code class="literal">stdin</code>, <span class="application">KDE su</span> creates a pty/tty pair and executes <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span> with its standard filedescriptors connected to the tty.</p><p>To execute the command the user selected, rather than an interactive shell, <span class="application">KDE su</span> uses the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-c</code></span> argument with <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span>. This argument is understood by every shell that I know of so it should work portably. <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span> passes this <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-c</code></span> argument to the target user's shell, and the shell executes the program. Example command: <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su <span class="option"><code class="option">root -c <span class="replaceable"><em class="replaceable"><code>the_program</code></em></span></code></span></strong></span></span>.</p><p>Instead of executing the user command directly with <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span>, <span class="application">KDE su</span> executes a little stub program called <span class="application">kdesu_stub</span>. This stub (running as the target user), requests some information from <span class="application">KDE su</span> over the pty/tty channel (the stub's stdin and stdout) and then executes the user's program. The information passed over is: the X display, an X authentication cookie (if available), the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">PATH</code></span> and the command to run. The reason why a stub program is used is that the X cookie is private information and therefore cannot be passed on the command line.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="Internals.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="password-checking.html">Next</a></td></tr><tr><td class="prevCell">Internals </td><td class="upCell">Internals</td><td class="nextCell"> Password Checking</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="password-checking.html"><html><head><title>Password Checking</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, su, password, root"><link rel="home" href="index.html" title="The KDE su handbook"><link rel="up" href="Internals.html" title="Chapter 3. Internals"><link rel="prev" href="interface-to-su.html" title="Interface to su"><link rel="next" href="sec-password-keeping.html" title="Password Keeping"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Password Checking</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="interface-to-su.html">Prev</a></td><td class="upCell">Internals</td><td class="nextCell"><a accesskey="n" href="sec-password-keeping.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="password-checking"></a>Password Checking</h2></div></div></div><p><span class="application">KDE su</span> will check the password you entered and gives an error message if it is not correct. The checking is done by executing a test program: <code class="filename">/bin/true</code>. If this succeeds, the password is assumed to be correct.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="interface-to-su.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="sec-password-keeping.html">Next</a></td></tr><tr><td class="prevCell">Interface to <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span> </td><td class="upCell">Internals</td><td class="nextCell"> Password Keeping</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="sec-password-keeping.html"><html><head><title>Password Keeping</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, su, password, root"><link rel="home" href="index.html" title="The KDE su handbook"><link rel="up" href="Internals.html" title="Chapter 3. Internals"><link rel="prev" href="password-checking.html" title="Password Checking"><link rel="next" href="Author.html" title="Chapter 4. Author"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Password Keeping</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="password-checking.html">Prev</a></td><td class="upCell">Internals</td><td class="nextCell"><a accesskey="n" href="Author.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec-password-keeping"></a>Password Keeping</h2></div></div></div><p>For your comfort, <span class="application">KDE su</span> implements a <span class="quote">“<span class="quote">keep password</span>”</span> feature. If you are interested in security, you should read this paragraph.</p><p>Allowing <span class="application">KDE su</span> to remember passwords opens up a (small) security hole in your system. Obviously, <span class="application">KDE su</span> does not allow anybody but your user id to use the passwords, but, if done without caution, this would lowers <code class="systemitem">root</code>'s security level to that of a normal user (you). A hacker who breaks into your account, would get <code class="systemitem">root</code> access. <span class="application">KDE su</span> tries to prevent this. The security scheme it uses is, in my opinion at least, reasonably safe and is explained here.</p><p><span class="application">KDE su</span> uses a daemon, called <span class="application">kdesud</span>. The daemon listens to a <span class="trademark">UNIX</span>® socket in <code class="filename">/tmp</code> for commands. The mode of the socket is 0600 so that only your user id can connect to it. If password keeping is enabled, <span class="application">KDE su</span> executes commands through this daemon. It writes the command and <code class="systemitem">root</code>'s password to the socket and the daemon executes the command using <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span>, as describe before. After this, the command and the password are not thrown away. Instead, they are kept for a specified amount of time. This is the timeout value from in the control module. If another request for the same command is coming within this time period, the client does not have to supply the password. To keep hackers who broke into your account from stealing passwords from the daemon (for example, by attaching a debugger), the daemon is installed set-group-id nogroup. This should prevent all normal users (including you) from getting passwords from the <span class="application">kdesud</span> process. Also, the daemon sets the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">DISPLAY</code></span> environment variable to the value it had when it was started. The only thing a hacker can do is execute an application on your display.</p><p>One weak spot in this scheme is that the programs you execute are probably not written with security in mind (like setuid <code class="systemitem">root</code> programs). This means that they might have buffer overruns or other problems and a hacker could exploit those.</p><p>The use of the password keeping feature is a tradeoff between security and comfort. I encourage you to think it over and decide for yourself if you want to use it or not.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="password-checking.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="Author.html">Next</a></td></tr><tr><td class="prevCell">Password Checking </td><td class="upCell">Internals</td><td class="nextCell"> Author</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="using-kdesu.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="interface-to-su.html">Next</a></td></tr><tr><td class="prevCell">Using <span class="application">KDE su</span> </td><td class="upCell"> </td><td class="nextCell"> Interface to <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>su</strong></span></span></td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="Author.html"><html><head><title>Chapter 4. Author</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, su, password, root"><link rel="home" href="index.html" title="The KDE su handbook"><link rel="up" href="index.html" title="The KDE su handbook"><link rel="prev" href="sec-password-keeping.html" title="Password Keeping"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Author</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="sec-password-keeping.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="Author"></a>Chapter 4. Author</h1></div></div></div><p><span class="application">KDE su</span></p><p>Copyright 2000 <span class="firstname">Geert</span> <span class="surname">Jansen</span></p><p><span class="application">KDE su</span> is written by <span class="firstname">Geert</span> <span class="surname">Jansen</span>. It is somewhat based on Pietro Iglio's <span class="application">KDE su</span>, version 0.3. Pietro and I agreed that I will maintain this program in the future.</p><p>The author can be reached through email at <code class="email">(g.t.jansen AT stud.tue.nl)</code>. Please report any bugs you find to me so that I can fix them. If you have a suggestion, feel free to contact me.</p><p><a name="gnu-fdl"></a>This documentation is licensed under the terms of the <a class="ulink" href="help:/kdoctools5-common/fdl-license.html" target="_top">GNU Free Documentation License</a>.</p><p>This program is licensed under the terms of the <a class="ulink" href="help:/kdoctools5-common/artistic-license.html" target="_top">Artistic License</a>.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="sec-password-keeping.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"></td></tr><tr><td class="prevCell">Password Keeping </td><td class="upCell"> </td><td class="nextCell"> </td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="introduction.html">Next</a></td></tr><tr><td class="prevCell"> </td><td class="upCell"> </td><td class="nextCell"> Introduction</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME>
Generated by dwww version 1.15 on Sat May 18 10:58:25 CEST 2024.