480082 – kdesu -u option doesn't work

Bug 480082 - kdesu -u option doesn't work

Summary: kdesu -u option doesn't work

Status:	REPORTED

Alias:	None

Product:	kdesu
Classification:	Applications
Component:	general (other bugs)
Version First Reported In:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdesu bugs tracker

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-01-20 04:04 UTC by andy
Modified:	2024-01-20 04:04 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description andy 2024-01-20 04:04:50 UTC

A use-case of kdesu is to have a gui password dialog for programs that will run in the background (e.g. launched from a desktop file, or a script you want to start from krunner that has a section that needs sudo).

This works for root privileges, but does not for other users like `su - other user -c command` would.

STEPS TO REPRODUCE
1. This works to run a non-interactive command as root: kdesu -- bash -c "touch /tmp/hi-from-su"
2. This is an interactive command as root that does not work: kdesu -- bash
3. This is a non interactive command as another user that partially works: kdesu -u myotheruser -- bash -c "touch /tmp/hi-from-another-user"
4. An interactive command as another user with similar behavior: kdesu -u myotheruser -- bash
5. An example of how it should work: su - myotheruser -c bash

OBSERVED RESULT
1. See /tmp/hi-from-su
2. kdesu command does not exit and there is no bash prompt
3. First see the expected password prompt asking for the user's password. After entering the correct password:
- journalclt shows
su[64386]: (to myotheruser) myuser on pts/7
su[64386]: pam_unix(su:session): session opened for user myotheruser(uid=1001) by myuser(uid=1000)
- The kdesu program shows another password prompt saying "Permission denied." "Possibly incorrect password, please try again"
- Checking /tmp the new file does not exist yet
- Click the "Ignore" button in the new password prompt
- Checking /tmp now the new file exists, but was created by myuser and not myotheruser as desired

4. Same as (3.) showing the session opened in journalctl. Then if we click Ignore in the new password prompt, we drop into a bash shell. But the id command shows this is not for the new user.

5. You get prompted for the password, and after entering it correctly you are dropped into a bash shell for the new user.

EXPECTED RESULT
1. As expected
2. We should have a bash prompt as root
3. Since the password was correct, this should not prompt for a password again. The command should not run as the user calling kdesu, but the requested user
4. Same as 3, and we should have a bash prompt as the new user

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: arch linux 6.6.12-1-lts
KDE Plasma Version: 5.27.10
KDE Frameworks Version: 5.114.0
Qt Version: 5.15.12
Graphics Platform: Wayland