1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
|
<?xml version="1.0" ?>
<!DOCTYPE book PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN"
"dtd/kdex.dtd" [
<!ENTITY kappname "&kdesu;">
<!ENTITY package "kdebase">
<!ENTITY % addindex "IGNORE">
<!ENTITY % British-English "INCLUDE"
> <!-- change language only here -->
]>
<book lang="&language;">
<bookinfo>
<title
>The &kdesu; handbook</title>
<authorgroup>
<author
>&Geert.Jansen; &Geert.Jansen.mail;</author>
<othercredit role="translator"
><firstname
>John</firstname
><surname
>Knight</surname
><affiliation
><address
><email
>anarchist_tomato@herzeleid.net</email
></address
></affiliation
><contrib
>Conversion to British English</contrib
></othercredit
>
</authorgroup>
<copyright>
<year
>2000</year>
<holder
>&Geert.Jansen;</holder>
</copyright>
<legalnotice
>&FDLNotice;</legalnotice>
<date
>2002-01-18</date>
<releaseinfo
>1.00.00</releaseinfo>
<abstract
><para
>&kdesu; is a graphical front end for the &UNIX; <command
>su</command
> command.</para
></abstract>
<keywordset>
<keyword
>KDE</keyword>
<keyword
>su</keyword>
<keyword
>password</keyword>
<keyword
>root</keyword>
</keywordset>
</bookinfo>
<chapter id="introduction">
<title
>Introduction</title>
<para
>Welcome to &kdesu;! &kdesu; is a graphical front end for the &UNIX; <command
>su</command
> command for the K Desktop Environment. It allows you to run a program as different user by supplying the password for that user. &kdesu; is an unprivileged program; it uses the system's <command
>su</command
>.</para>
<para
>&kdesu; has one additional feature: it can remember passwords for you. If you are using this feature, you only need to enter the password once for each command. See <xref linkend="sec-password-keeping"/> for more information on this and a security analysis.</para>
<para
>This program is meant to be started from the command line or from <filename
>.desktop</filename
> files. Although it asks for the <systemitem class="username"
>root</systemitem
> password using a &GUI; dialogue, I consider it to be more of a command line <-> &GUI; glue instead of a pure &GUI; program.</para>
</chapter>
<chapter id="using-kdesu">
<title
>Using &kdesu;</title>
<para
>Usage of &kdesu; is easy. The syntax is like this:</para>
<cmdsynopsis
><command
>kdesu</command
> <arg
>USER</arg
> <arg
>-n</arg
> <arg
>-t</arg
> <arg
>-q</arg
> <arg
>-d</arg
> <arg
>-f <replaceable
>FILE</replaceable
></arg
> <arg
>-c <group
> <arg
> <replaceable
>COMMAND</replaceable
> <arg
><replaceable
>ARG1</replaceable
></arg
> <arg
><replaceable
>ARG2</replaceable
></arg
> <arg rep="repeat"
><replaceable
></replaceable
></arg
> </arg
> </group
> </arg
> </cmdsynopsis>
<cmdsynopsis
><command
>kdesu</command
> <group
> <arg
>-v</arg
> <arg
>-h</arg
> <arg
>-s</arg
> </group
> </cmdsynopsis>
<para
>The command line options are explained below.</para>
<variablelist>
<varlistentry>
<term
><option
>-c <replaceable
>PROGRAM</replaceable
></option
></term>
<listitem
><para
>This specifies the program to run as root. It has to be passed in one argument. So if, for example, you want to start a new file manager, you would enter at the prompt: <userinput
><command
>kdesu <option
>-c <replaceable
>kfm -sw</replaceable
></option
></command
></userinput
></para
></listitem>
</varlistentry>
<varlistentry>
<term
><option
>-f <replaceable
>FILE</replaceable
></option
></term>
<listitem
><para
>This option allow efficient use of &kdesu; in <filename
>.desktop</filename
> files. It tells &kdesu; to examine the file specified by <parameter
>FILE</parameter
>. If this file is writable by the current user, &kdesu; will execute the command as the current user. If it is not writable, the command is executed as user <parameter
>USER</parameter
> (defaults to root).</para>
<para
><parameter
>FILE</parameter
> is evaluated like this: if <parameter
>FILE</parameter
> starts with a <literal
>/</literal
>, it is taken as an absolute filename. Otherwise, it is taken as the name of a global &kde; configuration file. For example: to configure the K display manager, <application
>kdm</application
>, you could issue <command
>kdesu <option
>-c kdmconfig -f kdmrc</option
></command
></para
></listitem>
</varlistentry>
<varlistentry>
<term
><option
>-t</option
></term>
<listitem
><para
>Enable terminal output. This disables password keeping. This is largely for debugging purposes; if you want to run a console mode app, use the standard <command
>su</command
> instead.</para
> </listitem>
</varlistentry>
<varlistentry>
<term
><option
>-n</option
></term>
<listitem
><para
>Do not keep the password. This disables the <guilabel
>keep password</guilabel
> checkbox in the password dialogue.</para
></listitem>
</varlistentry>
<varlistentry>
<term
><option
>-q</option
></term>
<listitem
><para
>Be quiet.</para
></listitem>
<!-- Lauri: This could do with a little expansion. quiet as in no screen -->
<!-- output, quiet as in no gui prompt for the password, or quiet as in no -->
<!-- beeping? -->
</varlistentry>
<varlistentry>
<term
><option
>-d</option
></term>
<listitem
><para
>Show debug information.</para
></listitem>
</varlistentry>
<varlistentry>
<term
><option
>-v</option
></term>
<listitem
><para
>Print version information and exit.</para
></listitem>
</varlistentry>
<varlistentry>
<term
><option
>-h</option
></term>
<listitem
><para
>Print some help.</para
></listitem>
</varlistentry>
<varlistentry>
<term
><option
>-s</option
></term>
<listitem
><para
>Stop the kdesu daemon. See <xref linkend="sec-password-keeping"/>.</para
></listitem>
</varlistentry>
</variablelist>
</chapter>
<chapter id="configuration">
<title
>Configuration</title>
<para
>&kdesu; comes with a control module named <application
>kcmkdesu</application
>. You can find it in the <guimenu
>K</guimenu
> menu under <menuchoice
><guisubmenu
>Settings</guisubmenu
> <guisubmenu
>Applications</guisubmenu
> <guimenuitem
>KDE su</guimenuitem
></menuchoice
>. You can change the following things:</para>
<variablelist>
<varlistentry>
<term
><guilabel
>Echo Mode</guilabel
></term>
<listitem
><para
>This is how characters you type are echoed to the screen. Possible choices are: one star per character, three stars or no echo at all. The default is one star per character.</para
></listitem>
</varlistentry>
<varlistentry>
<term
><guilabel
>Keeping passwords</guilabel
></term>
<listitem
><para
>You can instruct &kdesu; remember passwords you enter by checking the <guilabel
>keep password</guilabel
> check box. If this checked, you can enter a timeout value in the text field below it. This is the amount of time, in minutes, that the password will be remembered. The default is not to remember passwords.</para
></listitem>
</varlistentry>
</variablelist>
</chapter>
<chapter id="Internals">
<title
>Internals</title>
<sect1 id="x-authentication">
<title
>X authentication</title>
<para
>The program you execute will run under the root user id and will generally have no authority to access your X display. &kdesu; gets around this by adding an authentication cookie for your display to a temporary <filename
>.Xauthority</filename
> file. After the command exits, this file is removed. </para>
<para
>If you don't use X cookies, you are on your own. &kdesu; will detect this and will not add a cookie but you will have to make sure that root is allowed to access to your display.</para>
</sect1>
<sect1 id="interface-to-su">
<title
>Interface to <command
>su</command
></title>
<para
>&kdesu; uses the sytem's <command
>su</command
> for acquiring priviliges. In this section, I explain the details of how &kdesu; does this. </para>
<para
>Because some <command
>su</command
> implementations (&ie; the one from &RedHat;) don't want to read the password from <literal
>stdin</literal
>, &kdesu; creates a pty/tty pair and executes <command
>su</command
> with it's standard filedescriptors connected to the tty.</para>
<para
>To execute the command the user selected, rather than an interactive shell, &kdesu; uses the <option
>-c</option
> argument with <command
>su</command
>. This argument is understood by every shell that I know of so it should work portably. <command
>su</command
> passes this <option
>-c</option
> argument to the target user's shell, and the shell executes the program. Example command: <command
>su <option
>root -c <replaceable
>the_program</replaceable
></option
></command
>.</para>
<para
>Instead of executing the user command directly with <command
>su</command
>, &kdesu; executes a little stub program called <application
>kdesu_stub</application
>. This stub (running as the target user), requests some information from &kdesu; over the pty/tty channel (the stub's stdin and stdout) and then executes the user's program. The information passed over is: the X display, an X authentication cookie (if available), the <envar
>PATH</envar
> and the command to run. The reason why a stub program is used is that the X cookie is private information and therefore cannot be passed on the command line.</para>
</sect1>
<sect1 id="password-checking">
<title
>Password Checking</title>
<para
>&kdesu; will check the password you entered and gives an error message if it is not correct. The checking is done by executing a test program: <filename
>/bin/true</filename
>. If this succeeds, the password is assumed to be correct.</para>
</sect1>
<sect1 id="sec-password-keeping">
<title
>Password Keeping</title>
<para
>For your comfort, &kdesu; implements a <quote
>keep password</quote
> feature. If you are interested in security, you should read this paragraph.</para>
<para
>Allowing &kdesu; to remember passwords opens up a (small) security hole in your system. Obviously, &kdesu; does not allow anybody but your user id to use the passwords, but, if done without caution, this would lower <systemitem class="username"
>root</systemitem
>'s security level to that of a normal user (you). A hacker who breaks into your account, would get <systemitem class="username"
>root</systemitem
> access. &kdesu; tries to prevent this. The security scheme it uses is, in my opinion at least, reasonably safe and is explained here.</para>
<para
>&kdesu; uses a daemon, called <application
>kdesud</application
>. The daemon listens to a &UNIX; socket in <filename
>/tmp</filename
> for commands. The mode of the socket is 0600 so that only your user id can connect to it. If password keeping is enabled, &kdesu; executes commands through this daemon. It writes the command and <systemitem class="username"
>root</systemitem
>'s password to the socket and the daemon executes the command using <command
>su</command
>, as describe before. After this, the command and the password are not thrown away. Instead, they are kept for a specified amount of time. This is the timeout value from in the control module. If another request for the same command is coming within this time period, the client does not have to supply the password. To keep hackers who broke into your account from stealing passwords from the daemon (for example, by attaching a debugger), the daemon is installed set-group-id nogroup. This should prevent all normal users (including you) from getting passwords from the <application
>kdesud</application
> process. Also, the daemon sets the <envar
>DISPLAY</envar
> environment variable to the value it had when it was started. The only thing a hacker can do is execute an application on your display.</para>
<para
>One weak spot in this scheme is that the programs you execute are probably not written with security in mind (like setuid <systemitem class="username"
>root</systemitem
> programs). This means that they might have buffer overruns or other problems and a hacker could exploit those.</para>
<para
>The use of the password keeping feature is a tradeoff between security and comfort. I encourage you to think it over and decide for yourself if you want to use it or not.</para>
</sect1>
</chapter>
<chapter id="Author">
<title
>Author</title>
<para
>&kdesu;</para>
<para
>Copyright 2000 &Geert.Jansen;</para>
<para
>&kdesu; is written by &Geert.Jansen;. It is somewhat based on Pietro Iglio's &kdesu;, version 0.3. Pietro and I agreed that I will maintain this program in the future.</para>
<para
>The author can be reached through email at &Geert.Jansen.mail;. Please report any bugs you find to me so that I can fix them. If you have a suggestion, feel free to contact me.</para>
&underFDL; &underArtisticLicense; </chapter>
</book>
<!--
Local Variables:
mode: sgml
sgml-omittag: nil
sgml-shorttag: t
End:
-->
|