By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.

Bug 2286

Summary: Fedora 21: 'Keep password' check box is not available in tdesu dialog
Product: TDE Reporter: Darrell <darrella>
Component: tdebaseAssignee: Francois Andriot <albator78>
Status: ASSIGNED ---    
Severity: normal CC: albator78, bugwatch, darrella, slavek.banko
Priority: P5    
Version: R14.0.x [Trinity]   
Hardware: Other   
OS: Linux   
Compiler Version: TDE Version String:
Application Version: Application Name:

Description Darrell 2014-12-29 19:27:15 CST 
The 'Keep password' check box is not available in Fedora 21/R14. The check box is available in R14 in Slackware 14.1. I don't know whether the missing check box is related to pkexec, systemd, pamd etc. Slackware does not use those.
Comment 1 Francois Andriot 2014-12-31 04:39:21 CST 
Funny, I did not even know there was a "keep password" option in tdesu, because I've never seen it :-)

It looks like the checkbox is visible only if "tdesud" daemon is run with "setuid" bit.
Some the quick fix should be: chmod 2755 /opt/trinity/bin/tdesud


BTW:
There is some funny code in "tdebase/tdesu/tdesud/CMakeLists.txt" that runs chown/chmod commands to install the tdesud binary.
I think we should use the keyword "SETUID" in the "tde_add_executable" macro instead. There are other examples of setuid programs in tdebase (kcheckpass ...)

I also need to fix the SPEC file accordingly for RPM packages.
Comment 2 Francois Andriot 2014-12-31 04:46:56 CST 
To be more precise:
tdesud is supposed to be "setgid", not "setuid", and belonging to group "nobody".

I see this is disabled on purpose in RPM Spec file; now I think I remember this was disabled on purpose on Fedora because it was considered a security issue. 

Google gives some old discussions about it, e.g:
http://lists.kde.org/?l=kfm-devel&m=99284543029553&w=2

It's not just a matter of packaging after all.
Comment 3 Slávek Banko 2014-12-31 06:57:28 CST 
(In reply to Francois Andriot from comment #2)
> To be more precise:
> tdesud is supposed to be "setgid", not "setuid", and belonging to group
> "nobody".
> 
> I see this is disabled on purpose in RPM Spec file; now I think I remember
> this was disabled on purpose on Fedora because it was considered a security
> issue. 
> 
> Google gives some old discussions about it, e.g:
> http://lists.kde.org/?l=kfm-devel&m=99284543029553&w=2
> 
> It's not just a matter of packaging after all.

Thank you for the clarification of the reason for setgit + nogroup!
Comment 4 Darrell 2014-12-31 13:34:01 CST 
>tdesud is supposed to be "setgid", not "setuid", and belonging to group
>"nobody".
Okay, thank you. Manually updating does fix the problem. For now. How should this be addressed in the future? I am sure users who want this feature prefer not to have to manually fix this with with every release update.