Comment 14 for bug 8785

Here goes what I've found about this bug:

* The culprit is actually kdeinit, which is run by every kde program (so every
kde program run with "sudo" will trigger this bug). To confirm that, run these
commands as normal user (be sure not to be running any KDE application!):

ls -l ~/.ICEauthority # should have correct permissions
sudo kdeinit # will run kde init daemons
ls -l ~/.ICEauthority # should be owned by "root:root" now
sudo kdeinit_wrapper kdeinit_shutdown # shutdown kdeinit daemons
sudo chown user:user ~/.ICEauthority # fix permissions back

* By default, sudo runs with "always_set_home" flag disabled. This means that
the HOME variable is kept to current user's home and not /root. Run

sudo bash -c 'echo $HOME'

to confirm that. Whether this is expected or not, I don't know.

* kdeinit writes to $HOME/.ICEauthority by default (this can be changed by
setting the ICEAUTHORITY environment variable). Given that HOME is kept as
/home/user when running through sudo, /home/user/.ICEauthority is overwritten
and its ownership/permissions set to root:root.

* How to fix/workaround it - some options:

  1) Add the "always_set_home" flag to "Defaults" in /etc/sudoers. Note that
this will have the effect of setting the HOME variable to /root when sudo'ing to
root. This means that programs that rely upon $HOME and "~/" will have its
behaviour affected (e.g. KDE programs run through sudo will read config from
/root/.kde instead of /home/user/.kde).

  2) Create a wrapper around /usr/bin/kdeinit to set the ICEAUTHORITY variable
to "/root/.ICEauthority" when UID is 0.

  3) Add a session script to remove the old ICEauthority. The command:

echo 'rm -f $HOME/.ICEauthority' > /etc/X11/Xsession.d/99fix-iceauthority

seems to do the trick. I'm not sure whether this approach may have other
side-effects, though.

From these options, (2) seems the less intrusive and fixes exactly the problem
reported (i.e. is not "too generic" as (1) and (3)).