|
On Sunday, 12/11/16 02:45:41 PM kamaraju kusumanchi wrote: > On Fri, Dec 9, 2016 at 3:17 PM, Mark Neidorff <mark@neidorff.com> wrote: > > I'm running Jesse 8.6 with a KDE desktop. > > > > I get a desktop notification that there is one or more package updates > > available. I select the package(s) and then I'm asked for authentication. > > I type in the root password, but it is rejected. I also try my user > > password, but that is also rejected. (Tried multiple times, so it doesn't > > seem to be a typo problem) > > > > If I go to the command line--as root--and do apt-get update and upgrade, > > then the update installs correctly. > > > > This sounds like something easy to fix, but I just don't know where to fix > > and what fix to apply. Please let me know. > > The technical term you are looking for is called "Privilege escalation". > > On a Debian system, "administrative" privileges are required to > install/upgrade/remove packages. When you run the command as root, you > have all the necessary privileges. A normal user does not have them > enabled by default. This explains why the commands fail unless they > are run as root. One possible approach (I am only guessing here and > have not tested this) is to grant the necessary privileges to this > user and see if the KDE application respects that. > > You can do this by modifying /etc/sudoers which is explained in > https://www.debian.org/doc/manuals/debian-reference/ch01.en.html#_sudo_confi > guration > https://www.debian.org/doc/manuals/debian-reference/ch04.en.html#_sudo > https://debian-handbook.info/browse/stable/sect.config-misc.html#sect.shari > ng-admin-rights > > The only caution is that /etc/sudoers can't be edited interactively in > an editor. You need to use another program called visudo to do that. > > You can accomplish some really complex tasks by tweaking the sudoers > configuration file (see man sudoers for all the gory details). But for > your use case, granting ALL permissions to one normal user should > probably be sufficient. > > hope that helps > raju
Sorry to seem stubborn, but I don't consider giving a user account full administrative access acceptable, even if there is only one user on the system. My reasoning is that by default if the user goes to a "naughty" web page and somehow downloads destructive software only the user's files are at risk. But, with full administrative access, the entire system (plus any attached networks) are at risk.
Question: Is not allowing an administrative (software update)task to run when the root password is given a bug or is it by design? If by design, why?
I see two alternatives to your suggestion, neither of which is convenient. 1. When I get a notification, log off and then log in as root. Then when the updates are downloaded and applied, log back in as the user. 2. When I get a notification, use "su" to change to the root user and then do the updates.
Both of these add more steps. If I have to add these steps, then I have to. But, I have been using linux (and KDE) for a long time and up until now, when an update arrives I select to apply the update, give the root password, and the update is installed. Now, when I get an update notification and supply the root password to apply the update, the update is not applied. (I am returned to the password prompt)
Thanks,
Mark
|