Improving the password prompt situation for Linux

[Yfrwlf]

I hate a lot of things about Ubuntu, hence why I use Linux Mint instead, but the password request when opening Software Manager is a pain. With Ubuntu's Software Store it only asks you for a password once you tell it to install something. That got me wondering...

Windows got a lot of flack over the "Cancel or Allow" or whatever they are dialogue boxes, but clicking a button to allow "system changes" i.e. root access is easier than entering your password. It's been regarded as less secure, but I really don't see how it is much less secure than a password prompt. Either way, the user is being prompted to authorize root privileges, so the only issue I can think of is maybe if someone else uses your computer they can click a button instead of having to know your password. I believe PolicyKit acts as an authentication server to prevent malicious programs trying to gain root access like trying to sneak in their request when the user allows the request by a different legitimate program. I believe Ubuntu uses PolicyKit for their Software Store.

My question is do Linux Mint devs feel that some solution like PolicyKit is the future and the way to deal with root/admin privs? If not yet, are there at least plans to change Software Manager to only request root access upon making system changes (and only one time per Software Manager session, or have a timeout like I believe Ubuntu does)?

Just some thoughts! Thank you to everyone who contributes to Linux Mint!

[karlchen]

Hello, Yfrwlf.

Actually what you suggest is: make Linux imitate Windows behaviour more closely. Typical Windows convert misconception. Linux has never been created to be the better Windows just for free.

About the Windows UAC dialogue:

Your explanation about how it works is fundamentally incomplete.
Only a member of the Windows administrator group will be presented a UAC dialogue box where he can consent by clicking OK without having to enter any credentials.
If you only know this kind of UAC dialogue behaviour this means that you always login under an account who is a member of the Windows administrators.

A normal Windows user, however, will have to give the login credentials of an administrator user in the UAC dialogue, i.e. he will have to type in a password at minimum, i.e. in case there is only one administrator on the system, because in this case Windows will pre-select this account in the UAC dialogue and only expect you to type that administrator's password.

On Linux Mint / Ubuntu, there is no administrator group. There is the almighty user root who could best be compared to the Windows user System.
All the other users, even the ones that Linux Mint / Ubuntu refer to as administrative users, are normal users. The only difference is that administrative users have got the privilege of using the commands sudo/gksudo in order to switch their user ID to root temporarily and to execute commands with root privileges if need be.

So this is pretty close to the situation of a normal Windows user who tries to execute an action as administrator. Windows will request the user to know and type the password of that administrator, before it will switch the user ID temporarily and run the desired action under that administrator account.

In contrast to the Windows UAC dialogue, the Linux sudo/gksudo require you to enter your own password in order to verify your ID and then checks you against the sudoers list to find out whether you are really entitled to run operations as root.

In brief words, Linux does not make it more complicated for its users to run operations as root than Windows makes it to its users to run operations as administrator. Therefore there is no need to change anything in this area.

Cheers,
Karl
--
P.S.:
Just to make one thing clear: I have been using Windows since Windows 3.0, so I am not a professional Windows hater. At the same time, I have been using Unix/Linux on the job for the past 25 years (roughly). So I guess I am at home in both worlds.

[Cosmo.]

I hate a lot of things about Ubuntu, hence why I use Linux Mint instead, but the password request when opening Software Manager is a pain. With Ubuntu's Software Store it only asks you for a password once you tell it to install something.

2 additional remarks:
If you use synaptic for installing software you get only asked once for the password.

Windows got a lot of flack over the "Cancel or Allow" or whatever they are dialogue boxes, but clicking a button to allow "system changes" i.e. root access is easier than entering your password. It's been regarded as less secure, but I really don't see how it is much less secure than a password prompt.

Microsoft technicians see this absolutely different. UAC is not an security feature at all, but an convenience feature. Source and source from Mark Russinovich.

[Yfrwlf]

Waiting for someone to reply to this thread who actually understands the points I made and understands the situation, and isn't a conservative troglodyte who never considers new ideas based on their merits and tries to egotistically shoot all new ideas down.

And no, I am not a convert fresh from Windows (been using Linux for 10 years), and no you're wrong karlchen, there is an "administrator group". Please pull up your Users and Groups GUI window and notice the "Account Type" for your user. There is "Normal" and "Administrator". The first main user of every system upon installing Linux Mint as well as Ubuntu, just like on Windows, is an "Administrrator". I believe all this setting does is add the user to a set of groups like "adm" and "sudo" which allows for root escalation of privs, as well as other groups. So the first and primary Linux Mint user and the first and primary Windows user have basically the same set-up. The difference is what I outlined: the primary Linux Mint user has to enter their entire password while the first Windows user only has to click a button. Obviously other "normal" users on Linux, just like on Windows, have to enter in root's/admin's password in order to have admin access and cannot simply click a button.

I made this post because clicking a button is easier than entering a password, and should the former be doable while remaining secure, implementing the former will make life easier for Linux users and thus attract more users to the World's Operating System, which is something I care about.

[Pjotr]

Waiting for someone to reply to this thread who actually understands the points I made and understands the situation, and isn't a conservative troglodyte who never considers new ideas based on their merits and tries to egotistically shoot all new ideas down.

Do you really think that this is a constructive way of discussing things?

[Yfrwlf]

Waiting for someone to reply to this thread who actually understands the points I made and understands the situation, and isn't a conservative troglodyte who never considers new ideas based on their merits and tries to egotistically shoot all new ideas down.

Do you really think that this is a constructive way of discussing things?

You only read my response to them, but not their original response to my first post? Well that's lopsided. Every time I post on these forums I get "THAT'S NOT HOW THINGS ARE" responses to proposing new ideas and I'm tired of that. There are some really helpful commenters sometimes though, but starting off posts calling me a Windows convert like I don't know how Linux works is quite insulting and that isn't constructive.

[MartyMint]

You're asking about possibly weakening the fundamental underpinnings of the Linux security schema...


...on a Linux Mint forum...


...and it's surprising to you that folks are getting their backs up?


You're kidding, right?

[Cosmo.]

Waiting for someone to reply to this thread who actually understands the points I made and understands the situation

You think, that you understand it? We will see:

isn't a conservative troglodyte who never considers new ideas based on their merits and tries to egotistically shoot all new ideas down.

Welcome in the world of troglodytes. Don't get astonished, if you get handled, as you expect it. Replacing security by convenience (referring to my last post with the quote about what you "don't see" and the linked articles) is a new idea? It is IMHO not even an idea at all, it is in best case an expression of a troglodyte, who doesn't understand anything.

... been using Linux for 10 years ... Users and Groups GUI window and notice the "Account Type" for your user.

One would expect, that after 10 years the difference between an account type (this is indeed nothing else than an convenient pre-selection for the group sudo) and user-groups should get known.

I believe all this setting does is add the user to a set of groups like "adm" and "sudo" which allows for root escalation of privs, as well as other groups.

Believing instead of 10 years experience? You believe wrongly, the type "Administrator" sets the group sudo, nothing more. And it makes absolutely no difference, if the group gets set for a user via the account type or directly selecting sudo.

So the first and primary Linux Mint user and the first and primary Windows user have basically the same set-up. The difference is what I outlined: the primary Linux Mint user has to enter their entire password while the first Windows user only has to click a button.

There is a huge and fundamental difference: The user, who logs in in an admin account in Windows is admin, his shell runs with privileged rights and he gets the owner of system files he creates. The user, who is sudo-member in Linux is a very normal and non-privileged user, his shell runs with non-privileged rights and only by doing something stupid he can get owner of system files. He may aks root to do administrative tasks, but in this case root does that, not the user. This implies consequences for ownership and permissions. - karlchen had explained that already in other words, a 10-years-Linux-troglodyte is expected to understand that - otherwise the 10 years are gone without experience. I do not state, that this is the case, but it reads so.

Really bad is the fact, that you still claim, that the "Windows user only has to click a button" method has anything to do with security, whereas I linked you articles which show, that this is not even the demand of Microsoft; drawing the conclusion, that you did either ignore or not understood the articles is the only thinkable consequence. But you did not hesitate to write, that you wait for someone who actually understand your points.

[Habitual]

LM is not responsible for the password prompt 'situation'. You are.

Good Luck.

[DeMus]

My question is do Linux Mint devs feel that some solution like PolicyKit is the future and the way to deal with root/admin privs? If not yet, are there at least plans to change Software Manager to only request root access upon making system changes (and only one time per Software Manager session, or have a timeout like I believe Ubuntu does)?

Okay, I will try to explain it to you. Maybe it works, maybe it doesn't. We'll see.

When you install Windows on a computer, your account is automatically an administrator account. This means you are entitled to install software as you please. I dare to say that most Windows home computers are set up that way. One user who is administrator as well.
Before being able to install software or change settings you do have to tell the system you want to do so. Microsoft chose to use a simple mouse-click to enable this.

When you install a Linux system, during installation you make a user account which automatically is on the sudoers list. A list which enables users to install software by becoming temporary root (the almighty administrator). Other Linux systems really have a root account for which you need a password to enable it. Since it is you who installed the whole thing you obviously know the password.

In Linux you do have to tell the system it is really you who wants to install software by typing your password. A simple mouse-click is not enough. Why not? Imagine (as you yourself wrote also) you are logged in on your computer and somebody else is using it for a while. This person could, by using the simple mouse-click, install software, change settings or even take down the whole system. I can also believe when your system is being hacked a simple mouse-click would be very easy to imitate and your security system is totally gone. Do you want that? I don't. I am happy with using the password. When I do install something my hands are on the keys already before the window shows up where it asks to type the password. It's all automatic.

Only when installing an OS, changing settings, adding software, setting up the whole thing, you have to type your password a couple of times. Later on, when the system is ready, you almost never do it. Is this so terrible? I see weeks go by without ever typing the password. It's because I, as user, don't have to do that. I can do with the system what I want, as simple user. Once I am logged in I can start my work. No need for passwords anymore.

Your question about multiple instances typing your password while using Software Manager is completely unknown to me. I open the manager, type a password, and it doesn't matter if I want to install 1 program or 1000, I did type the password already and the program doesn't ask me for another. I can just do what I like. Once I shutdown the Software Manager and restart it I have to type my password again but that is because it is another instance of the program for which I did not type my password before.

I would say, let's just leave things the way it is. It works, it is safe (that's what we all want) and the extra hassle is almost nothing.

[Flemur]

Waiting for someone to reply to this thread who actually understands the points I made and understands the situation, and isn't a conservative troglodyte who never considers new ideas based on their merits and tries to egotistically shoot all new ideas down.

Well then, I'm going to put on my pants and go home.

[MartyMint]

Well then, I'm going to put on my pants and go home.

Wait...you mean, this was a "pants optional" thread?

[Crewp]

Well OP you made your suggestion, but it is not well received. MS is a mess, with security. What you are suggesting goes against one of the many things people love about Linux, ie, it's great security. I too cannot see what is so hard about typing a password, to keep a system secure.

[Pilosopong Tasyo]

The OP could have responded to the initial replies with tact/diplomacy. But (s)he chose to throw an insult instead. From that moment, this thread started going downhill.

No point in keeping it open. Thread locked.