LINFO

The KDE su Command



KDE su is a graphical front end for the frequently used su (substitute user) command, and it is commonly included in Linux distributions.

A graphical front end is a GUI application (i.e., a program that operates within a graphical user interface) that operates on top of a command line program (i.e., an all-text mode program) and which replaces the latter's character-based user interface with a pictorial one. Graphical front ends often add to the ease of use, but frequently they lack the full power or versatility of the underlying command line program.

KDE su was developed for use with KDE (the K Desktop Environment), one the two dominant desktop environments for Linux. It can also be used with GNOME (GNU Network Object Model Environment), the other major desktop environment, if the KDE su base package has been installed on the system.

su makes it possible to change a session's owner (i.e., the user who originally logged into the session) without the owner having to first log out of that session, and it plays an important role in enhancing system security. Although su can be used to change the ownership of a session to any user, it is most commonly employed by a system administrator to change ownership from an ordinary user to the root user (i.e., administrative user), thereby providing access to all parts of and all commands on the machine or system.

Syntax

The basic syntax for KDE su is:

kdesu [-u username] [options] command

In contrast to most common GUI applications, KDE su can only be launched from the command line. It is started by typing   kdesu   followed by the name of the program to run (and any options for that program) in a terminal window. A terminal window is an all-text window that can be opened during a GUI session and which emulates console mode (i.e., the entire screen consisting of text only).

In contrast to KDE su, it is not necessary to type in the name of the command when su is launched. The reason that it is required with KDE su is that KDE su is designed to provide root access for just one specific command, whereas su can be used to provide general root access for subsequent use by any number of commands.

When the ENTER key is then pressed, KDE su produces a small dialog box (i.e., GUI window) with a space for the password. The default user for KDE su is root (as it is with su), and thus, if no user name is specified in the command, root's password will be requested by this dialog box. With su, the user is prompted for the password on the command line.

KDE su can be used to launch any GUI application, as is the case with su. Unlike su, however, KDE su cannot be used to launch command line programs.

As an example of the use of KDE su, the following command can be used to allow Nautilus (the official file manager for the GNOME desktop) to be run as root during an ordinary user session:

kdesu -c nautilus

Opening Nautilus as root can be very useful because it provides access to all directories and files on the system, in contrast to the very limited access that is provided when it is opened as an ordinary user. The degree of access is similar to that which is provided to root on the command line (e.g., when root access is obtained using su), except that it is with a GUI rather than with the command line, and it is thus very convenient for administrators, home users, etc. who prefer working with a GUI. When Nautilus is started as root, it opens in root's home directory, i.e., /root, rather than in the current directory (e.g., the current user's home directory) as is the default with su.

KDE su's documentation states that the -c option tells KDE su that what follows is the name of a command. However, with at least some versions, it is possible to just provide the name of the command and not precede it with -c.

The dialog box by default contains a checkbox that is labeled Keep password and which allows the password for the same user to be remembered for subsequent restarting of the same program. However, this capability is disabled by default as a security measure (even though the checkbox can be checked and thus appears to be functional). The checkbox can be eliminated from the dialog box with the use of the -n option. For example:

kdesu -nc nautilus

As is the case with su, KDE su can be used to open programs with accounts other than the root account. This is accomplished using the -u option. For example, the following command would open the GIMP (a highly acclaimed, free art program comparable to Adobe Photoshop) with the account of user jason:

kdesu -u jason -c gimp

If the command used with KDE su contains any options or arguments, then that command and its options and arguments must be enclosed in quotation marks (either double or single). For example, to start the GIMP with its -s option (which eliminates the splash screen that normally appears at startup), the following command could be used:

kdesu -u jason -c "gimp -s"

The dialog box also provides a button labeled Ignore. If this button is pushed, the program opens in the current user's account rather than in the root account or other account specified in the command.

As is the case with many Unix commands (including su), additional information about kdesu can be obtained by using the --help option, i.e.,

kdesu --help


Configuration

Two attributes of KDE su can be configured. One is how the password is echoed in the dialog box. The choices are one star per character (the default), three stars per character and no echo.

The other is whether to remember the password for a specific user for a specific application for the next use of that application. If KDE su is set so that passwords are to be remembered, the interval for which the passwords are retained can also be set (from five to 1200 minutes). The ability to remember passwords is probably the most useful and distinctive feature of KDE su (although it might not always work as desired); su does not share this capability.

KDE su's control panel can be accessed by first typing   kcontrol&   at the command line, pressing the ENTER key to bring up the KDE Control Center, clicking on the Security and Privacy icon on its left hand side and, finally, clicking on the Passwords icon. It is not necessary to be root to open this panel or change any of the settings.

Usefulness of KDE su

Because KDE su can be used to launch any GUI program, it can even be used to open a terminal window as root. Such window can then be used to launch any program with root privileges, just as can a root terminal window opened with su. However, this is probably no more convenient than just using su to switch to the root from a terminal window opened by an ordinary user.

In fact, it is not clear that KDE su really has any important advantage over su, although it might be somewhat more reassuring for persons who are not yet comfortable with command line operations. In fact, this is probably true for the GUI front ends for a number of other command line programs as well. However, part of the Unix philosophy is to provide a variety of choices, including multiple programs that perform the same tasks, and the provision of KDE su and other GUI front ends is consistent with this philosophy.

It should also be kept in mind that there have been some security issues with KDE su, at least in the past. Even KDE su's official documentation1 warns that "Allowing KDE su to remember passwords opens up a (small) security hole in your system." Clearly, the possible existence of security problems should be weighed against any small advantage when considering the use of KDE su on a regular basis.

KDE su is free software and is licensed under the terms of the Artistic License (an open source license). su is likewise free software and is licensed under the GNU Public License (GPL).

________
1The official documentation for KDE su is The KDE su handbook, which can be found online at http://docs.kde.org/en/3.3/kdebase/kdesu/.






Created November 20, 2004.
Copyright © 2004 Bellevue Linux. All Rights Reserved.