I’m a happy user of Kicksecure 17, but since major release 18 is out I feel a bit frustrated as some things that worked before simply don’t anymore.
Give you a couple of examples:
The system tools GParted and GSmartControl can’t work any more due to the higher privileges required.
Even after removing sysmaint account they don’t work. I do understand it’s related to privleap and Wayland, but unfortunately I am not skilled enough to find a way to ‘fix’ this.
I’m really concerned as my threat model also implies I use KVM in live mode host and ZuluCrypt, where both required higher privileges.
Any suggestion to make all these apps with higher privileges to work?
These applications most likely still case be used. Use sysmaint session (or unrestricted admin mode). Then please follow the documentation, which has been updated just now: Graphical Applications and Root Rights
Unrelated to privleap.
Related to Wayland indeed but with the updated documentation it should be fixable.
While functional, these commands might be a bit cumbersome to type at this time. In the next point update version, we might provide wrapper commands (shortcuts, so there is less to type) to simplify this.
Sorry for newb question but does this relate to /etc/group? Would booting into sysmaint and adding of user to the correct group fix this or be dangerous?
Looks related to 1413 where VPN app has Insufficient privileges
Am I misunderstanding user-sysmaint-split and how it works?
Yes, I did replace application-name by the one I needed such.
For lxsudo gparted, you mentioned ‘wrong platform’ my guess is you are referring to Wayland (and the command I successfully used according to your guidance).
If I may, to make more clear, I would suggest to revise the documentation as it is confusing, especially because in the example it is mentioned lxsudo gparted in point 2 of the documentation you are referring too earlier:
This is not related to groups. The applications discussed in this thread require root access, but also are graphical applications, so they need some environment variables set correctly so they can connect to the Wayland compositor. user-sysmaint-split is uninstalled in this scenario, so it doesn’t apply.
These require administrative (“root”) rights. Not necessarily lxsudo. For which tools to actually use - depending on the platform - please refer to Graphical Applications and Root Rights.
gparted is actually started through an sh script. You can view it in file /usr/sbin/gparted. For curiosity, for verbosity with it with sh -x /usr/sbin/gparted (without using sudo or anything). You’ll see that it attempts to use pkexec. Related: Polkit (formerly PolicyKit) / pkexec