Bug 5522 - prompt for privilege escalation
Summary: prompt for privilege escalation
Status: CONFIRMED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: unspecified Other
: NOR wishlist
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 16083 21434 22703 23010 28311 60668 81209 81662 83579 84165 107691 205267 251817 254238 265156 (view as bug list)
Depends on:
Blocks:
 
Reported: 2000-06-25 17:14 UTC by Unknown
Modified: 2011-02-02 16:52 UTC (History)
20 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Aakre 2000-06-24 09:07:31 UTC
(*** This bug was imported into bugs.kde.org ***)

Package: Konqueror
Version: 1.91
Severity: Wishlist

When Konqueror does not have enough permissions to access or modify a file 
it gives the user an error. A more user-friendly approach would be to bring 
up a Super-User password box and then edit the file with the newly acquired 
permissions (and revoke the permissions after the action is completed).



________________________________________________________________________
Get Your Private Free E-mail from MSN Hotmail at http://www.hotmail.com
Comment 1 Daniel Naber 2002-10-02 16:14:46 UTC
*** Bug 22703 has been marked as a duplicate of this bug. ***
Comment 2 John Firebaugh 2002-10-15 07:46:38 UTC
*** Bug 23010 has been marked as a duplicate of this bug. ***
Comment 3 John Firebaugh 2002-10-15 07:47:14 UTC
*** Bug 28311 has been marked as a duplicate of this bug. ***
Comment 4 John Firebaugh 2003-08-01 07:51:27 UTC
*** Bug 21434 has been marked as a duplicate of this bug. ***
Comment 5 John Firebaugh 2003-08-01 07:51:35 UTC
*** Bug 60668 has been marked as a duplicate of this bug. ***
Comment 6 Sashmit Bhaduri 2003-09-23 18:52:12 UTC
That would only work with local files. 
Comment 7 Ferdinand Gassauer 2003-09-23 19:15:17 UTC
well, not if fish://root@server:/  is used for remote connections 
Comment 8 Reivec Saltari 2004-01-16 13:22:18 UTC
This has been on the wishlist for a long time and obviously other people have requested it as it has been dupped so often. Why haven't we got something like this yet?
Comment 9 Stephan Kulow 2004-01-16 14:46:29 UTC
I see 20 votes. That's nothing if you look at the "most wanted features" links on bugs.kde.org
Comment 10 Georg Robbers 2004-05-16 09:52:19 UTC
*** Bug 81662 has been marked as a duplicate of this bug. ***
Comment 11 Maksim Orlovich 2005-04-12 18:29:18 UTC
*** Bug 84165 has been marked as a duplicate of this bug. ***
Comment 12 Maksim Orlovich 2005-04-12 18:29:35 UTC
*** Bug 83579 has been marked as a duplicate of this bug. ***
Comment 13 Jens 2005-07-11 09:54:26 UTC
Hi,

here are some thoughts about this. 

- For file actions (move / rename / delete) this should be pretty straight forward: if current permissions are not enough and cannot be changed by the users (e.g. own write protection) then call something like "kdesu -c 'kfmclient [move|copy|..]' ...".

- For opening files with write access (e.g. in /etc): Context menu "Open as ..." (that perhaps only appears when user presses "Shift+RMB", like on Windows), then a list of users to choose from and/or a modified 'kdesu'.

- For executing binaries, I think there should be a "Run as .." option in the context menu (perhaps, like Windows does it, only when user presses Shift+RMB). Additionally (not related to this), IMHO there should be a warning for apps in /bin, /sbin etc. that they aren't graphical apps if the user clicks on them.
Most "root" apps aren't supposed to be called by a normal user from a GUI anyway, so we can probably even restrict this "Run as..." feature to apps in the KDE menu (and add the context menu there).
OTOH, if the user installs external programs from CD-ROM (or something) that don't come as a RPM, then he'd need this feature too.

- Other stuff, like getting access to hardware (eg. USB slots or whatever) that aren't accessible for normal users: IMHO that's a distribution specific problem, which shouldn't be handled by KDE. If the distro's default permissions are bad enough to not let users access their hardware, then KDE shouldn't try to work around this.

Any other cases?
Comment 14 Shahar 2005-08-19 09:13:28 UTC
Such a feature would really make file management a lot simpler.

Hope to see it in KDE4.
Comment 15 Sebastien CELLES 2006-08-03 11:43:07 UTC
<quote>
A more user-friendly approach would be to bring
up a Super-User password box 
</quote>

This is exactly what Mac OS X do...
Comment 16 Henry Stanaland 2006-10-21 09:01:38 UTC
Wow, over 6 years!!  I remember wishing this when KDE 2.0 was about to come out....and then 3.0.  I guess I will now wish it for KDE 4.0.  I would pay a couple hundred $$ if it adds weight to my vote and helps gets this done--seriously.
Comment 17 Shahar 2006-10-21 11:16:14 UTC
For the time being, there's a service menu which can do something like that. It is limited, however (to actually opening the file using kfmclient, there isn't support for copy/move/delete in it).

The service menu is available here: http://www.kde-apps.org/content/show.php?content=36898

Would still be more than appropriate to see it built in in a more complete manner.
Comment 18 lexual 2007-02-24 14:53:09 UTC
*** Bug 107691 has been marked as a duplicate of this bug. ***
Comment 19 lawrence Pires 2007-05-27 22:00:27 UTC
7 years now!!!!! Outrageous - linux needs this. new users have not got the patience to go off and look for the way to do this is the shell - users want to move/edit/rename/delete files easily, that's what konqueror is all about!!

Its also easy to do in the shell - but for new users the shell is too much, and can cause confusion.

Vista does it - MAC OS does it apparently? - so why not linux?

looks as though linux is a sad 3rd in this race - so better get your skates on :-)
Comment 20 Johannes Tögel 2008-06-09 20:26:08 UTC
That feature request is certainly one of the best suggestions for Konqueror I've ever heard of. PLEASE implement it!
Comment 21 Mike Gashler 2008-06-12 23:34:04 UTC
There are some important design issues to consider with this feature. It is very important that this doesn't turn into a Windows-Vista-like privilege escalation prompt where users become trained to regularly enter their password in order to get any work done. If users become accustomed to entering their password when prompted, they will give it to any app that asks for it. This is a serious security liability.

A proper design requires that privilege escalation must always be initiated by the user. ("sudo" and "kdesudo" have this property.) So here's a design-candidate for this feature that has this property:

1- Add a menu-option to Konqueror/Dolphin to escalate the privileges of the window. (This would be trivial to implement--it would simply launch another window via kdesudo to open at the same location.) This feature is never initiated automatically, but the users can do it when he/she want to do something that requires more privileges.
2- Update error messages to be more helpful. For example, a message that used to say "Insufficient permissions" would now say "The destination folder is owned by %s, but you are operating as %s. To open a window as %s, go to File->Change User".

Unfortunately, this design still isn't perfect. Another major advantage of "sudo" (or "kdesudo") is that escalated privileges are automatically reverted as soon as the operation has completed. My design-candidate would leave a privileged window open. A good design must have both:

1- user-initiated privilege escalation, and
2- automatic privilege reverting

Perhaps escalated windows would have a count-down timer that auto-closes after some period of time? Naw, that would be really annoying. Can someone please propose a better design idea that has both of these properties?
Comment 22 rgpublic 2008-06-13 02:35:58 UTC
I agree 100% with everything Mike said. If it would simply ask for the password when deleting a protected file people would just enter it. Thus, my proposal is:

A menu entry: File->Impersonate... When you select it, a dialog opens and you can become root (or a different user, "root" is just already selected) and you always have to enter the password. After clicking on "OK" the same(!) window changes (I think it's quite confusing anyway if a different window opens all of a sudden) and becomes tinted in red with a nice balloon bubble in the lower-left of the window saying "Please be careful. You are working as root". Or tinted in orange if it's just a different user - but not root. Now, you get only one root command for free. No matter what. Either you right-click and select edit. Or you delete the selected files. Or you rename sth. Or you change file properties. Only one thing. After that, the window becomes normal again. The bubble disappears. But now there is a new menu entry below Impersonate... called "Impersonate again" and a simple(!) keyboard shortcut and toolbar button. A little bit like Find/Find again. If you want to become the same user again you can select this and don't have to go through the user/password dialog again. This works only as long as you keep the window open. Otherwise, you have to enter the password again of course. This forces the user to press i.e. F8 before doing a dangerous operation. I think that's not more annoying than having to enter sudo before each command in the terminal - less annoying rather because it's just one keystroke instead of five and it fulfills 1 and 2 of Mike's design requirements.
Comment 23 Anders E. Andersen 2008-06-13 08:43:01 UTC
I don't think it is possible in general to know when a user has initiated a particular action. Some privilege escalations in Vista happen as a side effect of something benign, like browsing a website that requires a particular plugin. I don't see the point of having a menu uption that enables the possibility of privilege escalation. People would just turn it on by default to make their day easier, and if you made it so they couldn't do that, they would complain and somebody would fix it so they could. Remember password-less kwallet?

I support better error messages. Error messages should be verbose.

Comment 24 rgpublic 2008-06-13 09:44:55 UTC
I always thought this bug is not about webbrowsing, plug-in-installation and stuff like that, but about the fact that Konqueror used to be the only application for file-management in pre-Dolphin days and you couldn't quickly edit a file like say /etc/fstab with it without starting a whole new Konqueror instance. Perhaps this bug should be moved over to dolphin? Or should I file a new one. Privilege escalation while browsing the web has lots more of security implications and I'm not in favor of implementing this at all.
Comment 25 FiNeX 2008-06-21 12:07:20 UTC
This is similar to bug #16083
Comment 26 Jonas Vejlin 2009-08-20 19:29:00 UTC
pritty old bug.Will someone look at it?
Comment 27 Barry Schatz 2009-08-20 21:04:20 UTC
Still in Konqueror 4.3.0 (using Debian Unstable packages).

Various options are disabled in context menus and cartain keyboard shortcuts are ignored if I don't have permission. However, if I drag a file in a folder I don't own, I still get the Move/Copy context menu. Moving or copying files to a folder I don't control fails with an error message that I don't have permission. 

Dolphin has the same behavior (it should, since they use the same file browsing KPart).

When the Access Denied error pops us, I think there should be a prompt for privilege escalation if the owner of the location is root.
Comment 28 Oswald Buddenhagen 2009-09-04 21:57:24 UTC
*** Bug 205267 has been marked as a duplicate of this bug. ***
Comment 29 FiNeX 2009-09-09 00:00:39 UTC
*** Bug 16083 has been marked as a duplicate of this bug. ***
Comment 30 FiNeX 2009-09-16 23:27:53 UTC
*** Bug 81209 has been marked as a duplicate of this bug. ***
Comment 31 FiNeX 2011-02-02 16:50:14 UTC
*** Bug 265156 has been marked as a duplicate of this bug. ***
Comment 32 FiNeX 2011-02-02 16:51:16 UTC
*** Bug 251817 has been marked as a duplicate of this bug. ***
Comment 33 FiNeX 2011-02-02 16:52:02 UTC
@Peter: what do you think about this wish? Could it be implemented in Dolphin?
Comment 34 FiNeX 2011-02-02 16:52:50 UTC
*** Bug 254238 has been marked as a duplicate of this bug. ***