SUMMARY I am a user who usually tries to avoid the need to access the console (CLI) to perform operations that can be done from Plasma. I have always used the "kdesu kate /etc/fstab" sequence of instructions to edit the fstab file from Plasma. However, for months now, it is impossible to even launch "kate" with administrator permissions. STEPS TO REPRODUCE 1. Login as non privileged user 2. "Alt+F2" and type "kdesu kate /etc/fstab" and press "Enter" key 3. Introduce your root password in the window that will ask for it and click "Accept" OBSERVED RESULT Nothing happens after password accepted EXPECTED RESULT To open "/etc/fstab" file with root privileges (as for years it worked) SOFTWARE/OS VERSIONS Windows: Operating System: openSUSE Tumbleweed 20230613 KDE Plasma Version: 5.27.5 KDE Frameworks Version: 5.107.0 Qt Version: 5.15.9 Kernel Version: 6.3.7-1-default (64-bit) Graphics Platform: X11 Processors: 8 × Intel® Core™ i7-9700K CPU @ 3.60GHz Memory: 15.5 GiB of RAM Graphics Processor: NVIDIA GeForce RTX 2060/PCIe/SSE2 Manufacturer: HP Product Name: HP Z1 Entry Tower G5 ADDITIONAL INFORMATION I had a big discussion about it because typical users, who have never used such a script, denied that it worked, since it doesn't currently work. However, I have versions from early 2023 and earlier where, as always, it worked perfectly. There must have been some change in KDE Frameworks or Plasma and from then on, it doesn't work.
Normally what you're doing shouldn't be necessary; Kate includes Polkit support, so you can just open the file normally, edit it, save it, and enter your password when prompted to save your changes to disk. However the openSUSE packagers have patched out PolKit support in Kate, causing you to need to turn to this workaround. As a result I'm afraid you're using Kate in a configuration unsupported by the developers, and I would encourage you to contact the openSUSE folks for support. Thanks for understanding!
You can use EDITOR="kate -b" sudoedit /etc/fstab instead. (In reply to Nate Graham from comment #1) > Normally what you're doing shouldn't be necessary; Kate includes Polkit > support, so you can just open the file normally, edit it, save it, and enter > your password when prompted to save your changes to disk. > > However the openSUSE packagers have patched out PolKit support in Kate, > causing you to need to turn to this workaround. Well, *had* to... Please file a bug report downstream and compain to the security team. > As a result I'm afraid > you're using Kate in a configuration unsupported by the developers, and I > would encourage you to contact the openSUSE folks for support. > > Thanks for understanding!
(In reply to Fabian Vogt from comment #2) > > However the openSUSE packagers have patched out PolKit support in Kate, > > causing you to need to turn to this workaround. > > Well, *had* to... Please file a bug report downstream and compain to the > security team. I've talked to them in the past about this, and while I understand their perspective regarding potential security vulnerabilities in Polkit and Kate's implementation of it, what I don't understand is removing the feature in favor of re-adding the ability to open a GUI app as root that had been deliberately disabled before. That just re-opens a bigger vulnerability. It feels a bit like saying, "the door to your house is insecure, so we welded the door shut and removed a window so you can enter that way instead". Anyway, this is a conversation for elsewhere. :)
(In reply to Nate Graham from comment #3) > (In reply to Fabian Vogt from comment #2) > > > However the openSUSE packagers have patched out PolKit support in Kate, > > > causing you to need to turn to this workaround. > > > > Well, *had* to... Please file a bug report downstream and compain to the > > security team. > > I've talked to them in the past about this, and while I understand their > perspective regarding potential security vulnerabilities in Polkit and > Kate's implementation of it, what I don't understand is removing the feature > in favor of re-adding the ability to open a GUI app as root that had been > deliberately disabled before. That just re-opens a bigger vulnerability. It > feels a bit like saying, "the door to your house is insecure, so we welded > the door shut and removed a window so you can enter that way instead". I asked for that explicitly to show how their policy and decision backfires and ultimately makes it worse - but it led nowhere... > Anyway, this is a conversation for elsewhere. :) Yep.
(In reply to Fabian Vogt from comment #2) > You can use EDITOR="kate -b" sudoedit /etc/fstab instead. That's not working for me from "Alt+F2" (krunner). Nothing happens after pressing "Enter".
Thank you for your information in this regard. I didn't know if the change was a result of KDE or openSUSE updates. I will tell them about it and see if they come to their senses ...
(In reply to Rafael Linux User from comment #6) > Thank you for your information in this regard. I didn't know if the change > was a result of KDE or openSUSE updates. I will tell them about it and see > if they come to their senses ... Note that this is nothing new, it's been this way for several years. It's not clear what actually broke running kate from within kdesu. Maybe the daemonization.
I don't know if this can help, but when I launch from CLI the usual "kdesu kate /etc/fstab", journald show this error after entering root password: 16/11/23 9:13 kate qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found. 16/11/23 9:13 kate This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb. 16/11/23 9:13 akonadiserver org.kde.pim.akonadiserver: ItemRetrievalJob for request 12469 finished I'm sorry cause I can't find a toolbar here to give format to my text
> Note that this is nothing new, it's been this way for several years. I'm not sure what do you mean. If it's about "kdesu kate whatever" working, I can confirm it worked until 3 o 4 months ago, before some openSUSE uptdate.
Yeah, it's the feature that kate opens in the background. This makes kdesu quit and the X11 access is revoked. (In reply to Rafael Linux User from comment #9) > > Note that this is nothing new, it's been this way for several years. > > I'm not sure what do you mean. If it's about "kdesu kate whatever" working, > I can confirm it worked until 3 o 4 months ago, before some openSUSE uptdate. Exactly. What Nate is talking about has been the case for way longer than that.
Thank you again for all your prompt attention. I will try to find out what security issues openSUSE considers to exist now after being able to use it for years.