Confirmation dialogue instead of root password for system actions

Although I appreciate the security openSUSE has, one thing I dislike compared to Windows 7 is having to type root’s password at least once per login when running a program that requires system access (like entering Yast, opening the software manager, etc). While this is very important on public machines like work computers, it’s not needed for home computers where I am the only user, no one touches my computer without asking, and my username’s password is the same as root’s for this very reason. It’s actually less secure… because if a messenger window pops up while I’m looking at the keyboard and focuses without me noticing, I might actually type my password to someone (lol). I prefer the way this is done in Windows 7, where a window with a yes or no button informs me that a program wants to make administrative changes and I must confirm its access (as it keeps bad applications from doing bad stuff).

Is there a way to make specific users not have to write root’s password and simply confirm with an ok / cancel dialogue? If a dialogue without the password isn’t possible, can I disable this entirely? Like I said there’s no risk of someone catching my computer unlocked and messing with my system (even trying to), so I don’t need it unless it’s to protect from malware and that sort of thing.

MirceaKitsune wrote:
> Is there a way to make specific users not have to write root’s password
> and simply confirm with an ok / cancel dialogue? If a dialogue without
> the password isn’t possible, can I disable this entirely? Like I said
> there’s no risk of someone catching my computer unlocked and messing
> with my system (even trying to), so I don’t need it unless it’s to
> protect from malware and that sort of thing.

You can do it using sudoers. But given that you have already said how
little you know and how worried you are about potential problems, I
would suggest you do not use it. Also, for that reason, I am not going
to explain all the details. If you want to use it then figuring out how
to set it up will go some way to demonstrating that you are ready to use it.

And added to that, I wonder what you are doing all the time that you need to be root so often. IMHO it must be possible to do your normal work (that is, the things you bought the computer for in the first place) as end-user without changing your role to system manager so often. When I forget about the times I do things as root because I want to help people here on the Forums (recreating their problem or prepariig a working solution that can be copied/pasted directly from the terminal into a post), I think I need root about once a week. Of course more often when I change an openSUSE version, but even then I gather things to be done and then switch to root to do them in one session.

And I guess, you are allready waiting for a remark like this. We generaly think it is pretty stupid:
. to use the same password as your (or any) end-user and root;
. to use root that often in an unorganised way (on Thuesday morning I do system management maintenance tasks if needed), because then happens what you experience, doing it so often that you loose security consiousness;
. removing build-in security by unarming it with tools like sudo/sudoers to the utmost;
. doing worse (I will not tell what).

But, in the end, it is your system, you can do what you like, but please do not ask advice here on how to switch to bad practices.

#  grep -A 2 wheel /etc/sudoers

On 2012-09-24 12:46, MirceaKitsune wrote:
>
> Although I appreciate the security openSUSE has, one thing I dislike
> compared to Windows 7 is having to type root’s password at least once
> per login when running a program that requires system access (like
> entering Yast, opening the software manager, etc).

In my W7 I have to type the administrator password everytime I try to do certain things. It is
the same on both sides. :slight_smile:


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Jailbreak it!

Thanks for all the replies. Though from the looks of it, I asked something rather immoral for the Linux world and got some weird looks for it :slight_smile: I’m still fairly new to Linux so not surprising if I missed anything. But well, since it’s a fully personal machine (physically located in my room too) and I have neither friends or relatives that might try to break into it, I don’t see why this would be considered insecure. Even so I always lock my session when I leave the room. Scripts or other applications from the web that might automatically try to run programs are my main concern.

I don’t do a lot of activities that require root, but there are some. 90% of the time it’s installing or uninstalling something via Yast. Either through the repositories, or by using make-install in the console (which requires root), but for the console I don’t mind. I’m also still experimenting a lot with with things in Yast and open the Yast window frequently. Also, I occasionally open Superuser-Dolphin since it’s the only way to edit some special folders.

As for Windows 7 requesting a password whenever doing administrative tasks, that never happened to me. Either you configured Win 7 to ask for a password on such tasks, or I configured mine not to when I installed it years ago and forgot it’s not even default. In my case it shows a window and I just click OK.

Here’s how I like to describe the situation.

The reason that I am strict about security, is that I know that if I stop being careful, somebody is going to make a mess of my system.

Furthermore, I even know who is that somebody. It will be me (in a moment of carelessness).

As they say:

To err is human;
to really mess up, you will need a computer.

On 09/24/2012 04:46 PM, MirceaKitsune wrote:
> Scripts or other
> applications from the web that might automatically try to run programs
> are my main concern.

while running openSUSE as yourself if you download an intrusive
something (script, root kit, keylogger, whatever) it will not be able to
operate with root permissions…that is, it won’t be able to take over
your entire system…and make it respond to the commands of a foreign
machine.

but, if YOU can perform system wide changes without entering a root
password, so could anything you download, install with a thumb
drive/CD, get in an email etc etc etc…

so: be happy to have a naturally more secure system, and don’t be so
keen to make it as easy as Win7, because as you do you also make easier
to crack and control.

yes, it takes a little more effort…but, the good side is you don’t
have to buy or run any anti-virus.


dd http://tinyurl.com/DD-Caveat

On 2012-09-24 16:46, MirceaKitsune wrote:
>
> Thanks for all the replies. Though from the looks of it, I did ask
> something immoral for the Linux world and got some weird looks for it :slight_smile:
> I’m still fairly new to Linux so not surprising if I missed anything.
> But well, since it’s a fully personal machine (physically located in my
> room too) and I have neither friends or relatives that might try to
> break into it, I don’t see why this would be considered insecure.

You forget internet.

> As for Windows 7 requesting a password whenever doing administrative
> tasks, that never happened to me. Either you configured Win 7 to ask for
> a password on such tasks, or I configured mine not to when I installed
> it years ago and forgot it’s not even default. In my case it shows a
> window and I just click OK.

I use the recommended practice of NOT running Windows as administrator. If you do then you do
get the prompt to click ok. You are using Windows incorrectly and dangerously.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Someone clarified me about this on IRC as well. I didn’t consider that if an evil program takes control of the system, it could be set to automatically confirm a dialogue asking you for root access. Yeah, I guess that in the end this is safer… as annoying as it is to write your password all the time. On the bright side, once I’ll finish configuring my system entirely over the weeks, I’ll probably need to go much more rarely in Yast, so this will be less annoying. Compered to Windows 7, openSUSE asks for root less frequently (eg: You don’t need root to run some programs that don’t make changes to the system).

As a general remark to you, my advice would be to stop compairing constantly with Windows. I understand that it may be you only other experience with an operating system, but LInux is simply not Windows and Windows is not Linux. Linux contains a lot of very well thought over concepts. Concepts that are much older then Linux and much older then Windows or even MS-DOS. These concepts were alreay teached at universities in the 1970/80s. They are implemented in Unix systems starting from the end of the 1960s. Thus you must be aware that fiddling around with these concepts when not realy understanding them (e.g. when you missed the point that downloaded progams can ruin your system when they can run as root without a password that only you as system manager know) may bring havoc to your system.

It is of cource very good that you try to get more grip on what Linux does and ho and why. But you better read some good documentation, ask here when you do not understand, etc. then trying to do everything different fot the solely reason that they anoy you and that Windows does it different. We al know that Windows does it different. And we all know what are the results.

Hope ths helps in understanding the wondefull world of Unix/Linux.

And to become practical. I do not see a problem that, when you are trimming your system after an install and you need YaST time and again, to leave the main YaST window open, iconized or not, for several hours. Especialy if your are careful in leaving the system for the toilet locked in such state. But be carefull leaving open a “terminal as root”. As allready someone said in this thread, it you that is the most dangerous to your system. There comes a moment that you damage it (almost) beyond repair. We all did in our career and now and then dream of it :frowning:

On 2012-09-24 21:36, hcvv wrote:
> It is of cource very good that you try to get more grip on what Linux
> does and ho and why. But you better read some good documentation, ask
> here when you do not understand, etc. then trying to do everything
> different fot the solely reason that they anoy you and that Windows does
> it different. We al know that Windows does it different. And we all know
> what are the results.

Not that different :slight_smile:

I’ll clarify for the non-windows users here.

If you run W7 as plain user, same as in Linux, Windows does ask for the full password of the
administrator. Both systems do basically the same. However, if you run W7 as the administrator
user it doesn’t, naturally; instead it asks for confirmation. Linux in this case asks nothing.

W7 designers had to add that prompt for confirmation because they know that many people will
refuse to run W7 as user no matter how much they are told not to: the custom is ingrained into
windows user’s genes, it seems.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Thanks for those clarifications. True, I know Windows and Linux are different. My reflex to compare them is due to the fact I’ve used only Windows for 17 years, and last week is the first time I actually switched over to Linux (even if my PC is dual-boot with openSUSE for 5 years). I learned computers by myself as I grew up (since the Windows 95 times), so it’s not surprising if I might not understand some concepts and how Linux always worked. I usually tend to be concerned with everything looking good and working well, hence why I didn’t think writing your root password after logging in would be important.

I was wondering if it’s safe to forget a Yast window open. I occasionally leave terminals open as well after using the su command… never thought that might be dangerous. I’m rather paranoid about breaking my system, specifically “being stuck with a console I don’t understand anything from during the boot splash screen” which is my nightmare. So I totally don’t wanna do anything that would cause damage hard or impossible to repair.

On 2012-09-24 23:16, MirceaKitsune wrote:

> I was wondering if it’s safe to forget a Yast window open. I
> occasionally leave terminals open as well after using the su command…
> never thought that might be dangerous.

Depends. Some people are more careful than others. Me, I always keep one or two root’s
terminals. The danger is forgetting that the terminal runs commands as root, and that will
eventually happen. And it does happen.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Thankfully when root, the text to the left of the cursor (showing the user name) is bold and red, so it’s a visible reminder you’re on root. So far I was never even close to risking a harmful command by mistake… I hope it won’t happen either.

Microsoft itself conditioned people to think that way. Windows 95, 98; The default in the XP installation was to create admin accounts for everybody. Yea, they advised against that on their website, but they did a poor job putting this into practice.

On 2012-09-25 01:16, MirceaKitsune wrote:

> Thankfully when root, the text to the left of the cursor (showing the
> user name) is bold and red, so it’s a visible reminder you’re on root.
> So far I was never even close to risking a harmful command by mistake…
> I hope it won’t happen either.

Any command can be risky. I almost destroyed a system by using rsync…


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

On 2012-09-25 01:36, chief sealth wrote:
>
> robin_listas;2490189 Wrote:
>>
>> W7 designers had to add that prompt for confirmation because they know that many people will
>> refuse to run W7 as user no matter how much they are told not to: the custom is ingrained into
>> windows user’s genes, it seems.
>
> Microsoft itself conditioned people to think that way. Windows 95, 98;
> The default in the XP installation was to create admin accounts for
> everybody. Yea, they advised against that on their website, but they did
> a poor job putting this into practice.

Oh, absolutely.
They have made very poor choices in the past and they will make more, but they are not daft:
and sometimes they try to rectify.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

On Mon, 24 Sep 2012 15:06:02 GMT, nrickert
<nrickert@no-mx.forums.opensuse.org> wrote:

>
>Here’s how I like to describe the situation.
>
>The reason that I am strict about security, is that I know that if I
>stop being careful, somebody is going to make a mess of my system.
>
>Furthermore, I even know who is that somebody. It will be me (in a
>moment of carelessness).

Oooh. Nicely said. And yes, i have mangled my systems far worse and far
more often than all others combined.

Still i have to wonder, what has been done to the system that it is always
asking for root privileges. The only time any of my systems asks is
directly the moment i choose to do administrative tasks.
>
>As they say:
>
>To err is human;
>to really mess up, you will need a computer.