From 90bc58fef327bf69e644dfab8dcc9be0d74289fc Mon Sep 17 00:00:00 2001 From: Javier Rubio Date: Fri, 25 Apr 2025 19:12:05 +0200 Subject: [PATCH] Add kate-admin-helper plugin for elevated file access This plugin provides automatic privilege elevation for the Kate editor using the `admin://` KIO protocol. It ensures secure handling of files requiring root permissions and prevents running Kate as root, adhering to KDE security practices. --- plugins/kate-admin-helper/README.md | 40 +++++++++++++ .../kate-admin-helper.plugin.zsh | 60 +++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 plugins/kate-admin-helper/README.md create mode 100644 plugins/kate-admin-helper/kate-admin-helper.plugin.zsh diff --git a/plugins/kate-admin-helper/README.md b/plugins/kate-admin-helper/README.md new file mode 100644 index 000000000..cfed74511 --- /dev/null +++ b/plugins/kate-admin-helper/README.md @@ -0,0 +1,40 @@ +# kate-admin-helper + +This plugin provides an automatic privilege elevation helper for **Kate** (KDE text editor) when opening files in zsh. + +When opening files that the user does not have write access to, the plugin automatically uses the `admin://` KIO protocol, allowing **Kate** to request privilege elevation via Polkit. +This avoids running the entire **Kate** process as root and follows modern KDE security practices. + +If privilege elevation is needed, a message will be shown, and the user will be prompted to authenticate with their password through Polkit. + +## Installation + +Add `kate-admin-helper` to your plugin list in `~/.zshrc`: + +```zsh +plugins=( + ... + kate-admin-helper +) +``` + +## Usage + +Open files as usual: + +```zsh +kate /etc/hosts +kt /etc/fstab /etc/ssh/sshd_config +``` + +If the file requires elevated privileges to edit, it will be opened automatically with `admin://`. +A colored message will inform you that privilege elevation is needed, and a Polkit prompt will ask for your password. + +The `kt` command is also available and behaves the same way. + +## Requirements + +- **Kate** installed +- **kio-admin** installed +- A running **Polkit authentication agent** (e.g., `polkit-kde-agent-5` or `polkit-kde-agent-6`) +- `pkexec` available to create new files if needed diff --git a/plugins/kate-admin-helper/kate-admin-helper.plugin.zsh b/plugins/kate-admin-helper/kate-admin-helper.plugin.zsh new file mode 100644 index 000000000..28526d92d --- /dev/null +++ b/plugins/kate-admin-helper/kate-admin-helper.plugin.zsh @@ -0,0 +1,60 @@ +# Kate admin helper + +# Color definitions (standard and portable) +RED="$(printf '\033[0;31m')" +GREEN="$(printf '\033[0;32m')" +YELLOW="$(printf '\033[1;33m')" +RESET="$(printf '\033[0m')" + +kt_internal() { + if [[ $# -eq 0 ]]; then + echo -e "${RED}Usage: kt [file2 ...]${RESET}" + return 1 + fi + + for file in "$@"; do + local abs_path + abs_path="$(realpath -m "$file")" + + if [[ -e "$file" ]]; then + # File exists + if [[ -w "$file" ]]; then + echo -e "${GREEN}Opening '$file' normally...${RESET}" + command kate "$file" + else + echo -e "${YELLOW}No write permission for '$file', opening with admin://...${RESET}" + command kate "admin://$abs_path" + fi + else + # File does not exist, check parent directory + local parent_dir + parent_dir="$(dirname "$abs_path")" + + if [[ -w "$parent_dir" ]]; then + echo -e "${GREEN}Opening new file '$file' normally...${RESET}" + command kate "$file" + else + echo -e "${YELLOW}File '$file' does not exist and no write permission for directory '$parent_dir', creating it with sudo...${RESET}" + if pkexec touch "$abs_path"; then + echo -e "${GREEN}File '$file' created successfully.${RESET}" + command kate "admin://$abs_path" + else + echo -e "${RED}Failed to create file '$file'.${RESET}" + fi + fi + fi + done +} + +# Allow kt command: calls the internal logic +kt() { + kt_internal "$@" +} + +# Allow kate command: uses the same internal logic as kt +kate() { + kt_internal "$@" +} + +# Remove any previous alias for kate to avoid conflicts +unalias kate 2>/dev/null