Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: A question about unnecessary authentication

  1. #1

    Question A question about unnecessary authentication

    Hi, guys:

    These two days I meet a boring thing on my suse 11.4.(I know this version is a little old, but I love it, So I am using it for some years ).
    A small hint window always pops out when I use my pc machine. It says that "Authentication is required to suspend the system".
    So it need my root password for this action. I don't know why it need to perform this action, and I never see this before.

    The details are below:

    "Action: org.freedesktop.upower.suspend
    Vendor: The UPower Project"

    After I follow this, It seems my computer go to sleep.

    Thanks the help from you!

    Lei

  2. #2

    Default Re: A question about unnecessary authentication

    What are your security settings?
    Code:
    grep SECURITY /etc/sysconfig/security
    They should be set to "easy local", otherwise you have to enter the root password for suspend.

  3. #3

    Default Re: A question about unnecessary authentication

    Quote Originally Posted by wolfi323 View Post
    What are your security settings?
    Code:
    grep SECURITY /etc/sysconfig/security
    They should be set to "easy local", otherwise you have to enter the root password for suspend.
    It display :

    # PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or
    PERMISSION_SECURITY="secure local"

    What did I change some setting? I don't remmber I did.
    Why do this suspend come ?

  4. #4

    Default Re: A question about unnecessary authentication

    Quote Originally Posted by volcanolei View Post
    It display :

    # PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or
    PERMISSION_SECURITY="secure local"
    Set it back to "easy local" then to fix your "problem".

    You can either edit the file directly with a text editor.

    Or use YaST->Security and Users->Security Center and Hardening->Miscellanous->File Permission (on 13.2 at least, 11.4 might slightly differ but you should find it I suppose). Choose "Easy" there.

    What did I change some setting? I don't remmber I did.
    You must have.
    "easy local" is the default.

    Why do this suspend come ?
    Again, with "secure" settings, suspend requires the root password, and many other things too.

    "secure" is not really suited for a great desktop experience, and that's *not* what it aims at either.

  5. #5

    Default Re: A question about unnecessary authentication

    Quote Originally Posted by wolfi323 View Post
    Set it back to "easy local" then to fix your "problem".

    You can either edit the file directly with a text editor.

    Or use YaST->Security and Users->Security Center and Hardening->Miscellanous->File Permission (on 13.2 at least, 11.4 might slightly differ but you should find it I suppose). Choose "Easy" there.


    You must have.
    "easy local" is the default.


    Again, with "secure" settings, suspend requires the root password, and many other things too.

    "secure" is not really suited for a great desktop experience, and that's *not* what it aims at either.

    Thank your help very much. I have changed it back, hoping that it work.
    But I still don't understand why this cauthentication hint occur.

  6. #6
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,769

    Default Re: A question about unnecessary authentication

    If you have KDE it can be changed there also. You must have changed it as some point

  7. #7

    Default Re: A question about unnecessary authentication

    Quote Originally Posted by volcanolei View Post
    Thank your help very much. I have changed it back, hoping that it work.
    But I still don't understand why this cauthentication hint occur.
    Because "secure" settings require the root password for suspend.
    The security team decided on the default settings, they should know why.

    But just think of a system that offers Network/Internet services. It would probably be bad if any "normal" user could just suspend it.

    Quote Originally Posted by gogalthorp View Post
    If you have KDE it can be changed there also. You must have changed it as some point
    I'm not aware of any place in KDE where this could be changed.

    You probably think of the polkit config module that got removed years ago, because it was broken by design (it modified completely wrong files) and didn't really work (IIRC, the settings in /etc/polkit-default-privs.* would take preference anyway).
    And even if it did work for a specific action, updates would revert your changes.

    I'm not sure whether it was still part of 11.4 though.

    But this did *not* allow to change the system security level (i.e. modify /etc/syconfig/security), it allowed you to change the requirements for each separate action.

  8. #8
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,769

    Default Re: A question about unnecessary authentication

    Configure Desktop - Login Screen - Shut-down

  9. #9

    Default Re: A question about unnecessary authentication

    Quote Originally Posted by gogalthorp View Post
    Configure Desktop - Login Screen - Shut-down
    That's for shutdown/reboot, not suspend. KDM, the login screen doesn't even allow you to suspend.

  10. #10
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,769

    Default Re: A question about unnecessary authentication

    Got lost though shut down was the subject

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •