378984 – Root password required for user Password change

Bug 378984 - Root password required for user Password change

Summary: Root password required for user Password change

Status:	CONFIRMED

Alias:	None

Product:	systemsettings
Classification:	Applications
Component:	kcm_users (show other bugs)
Version:	5.16.4
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Plasma Bugs List

URL:
Keywords:

Duplicates (2):	416457 419276 (view as bug list)
Depends on:
Blocks:

Reported:	2017-04-20 07:21 UTC by Axel Braun
Modified:	2024-02-22 10:01 UTC (History)
CC List:	7 users (show)

See Also:	437286
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Axel Braun 2017-04-20 07:21:00 UTC

When changing the password of the current user (the one that is currently being logged in) KDe asks for the root password to do so.
This is something an ordinary user should never see - as he mostly does not know the root passwd.

Comment 1 kolAflash 2019-10-21 14:55:10 UTC

Same for me and confirmed for:
- openSUSE-Tumbleweed-20191016
- openSUSE-15.1
- KDE NEON (18.04 unstable 2019-10-15)

Which password is being required actually depends on the OS (e.g. Linux distribution).
In general KDE requires root access, which is clearly unnecessary.

But for distributions which work "sudo" based, using the users own password to authenticate for root permissions, the users password is asked for. And that's the same what "passwd" need to change the users own password.

So clearly KDE shouldn't need to authenticate for root permissions here.
And because of that, it's always the users old password which should be asked for and not the password which is needed to authenticate for root permissions (regardless if it's a "sudo" based OS or not).

Comment 2 Christoph Feck 2020-01-20 20:38:09 UTC

*** Bug 416457 has been marked as a duplicate of this bug. ***

Comment 3 Justin Zobel 2020-11-12 05:15:42 UTC

If you're changing your password you should be asked for your current password so that nobody can change it if you accidentally leave your device unlocked.

If you're changing someone else's the same applies, you should have to provide a password of a member of the sudo group.

Comment 4 Nate Graham 2021-08-29 14:27:40 UTC

*** Bug 419276 has been marked as a duplicate of this bug. ***

Comment 5 Nate Graham 2021-08-29 14:29:03 UTC

The problem is that an administrator password is currently required to change your own password even if you are a non-admin user. Therefore, you can't change your own password without an admin user's credentials or intervention.

Comment 6 Axel Braun 2023-02-10 15:37:04 UTC

This bug is still present in
Operating System: openSUSE Tumbleweed 20230205
KDE Plasma Version: 5.26.5
KDE Frameworks Version: 5.102.0
Qt Version: 5.15.8

Comment 7 Anton 2024-02-22 10:01:53 UTC

Still present in Debian 12 with KDE Plasma 5.27.10.

While passwd only requires the user to know their own password to change it, KDE for some reason requires the presence of the admin. This is at the same time bad and surprising.

1) If possible, please address the "bad" part: remove the need for the user to enter the admin's password in this use case;
2) If not, please address the "surprising" part:
2.1) State VERY explicitly in the PolicyKit1 KDE Agent window for the "Standard" user that it's the admin's password that's required. Users keep entering their passwords only to get auth failures, thinking they've made a mistake, this creates a lot of frustration;
2.2) Admins creating "Standard" users don't know about this bug beforehand. Please state this explicitly, as early as the user is created (at least, if created through KDE).