Linux Mint Forums

[dolphin]

1. When I update system I need to type user password. The problem is that it is active long time afterwards. I mean I can reopen this mintupdate after it was closed, or even open Synaptic without typing password again. I think this might be a potential security threat. I want to set my password settings, so that after closing application that works with sudo privileges my password will be immediately inactive. That means that if I want reopen mintupdate or open another application with sudo, for example Synaptic I will have to type password again.
Who can I do that?

2. I know that in Mint after installation root account is inactive by default. Should I set root password anyway, even I work only with sudo privileges?

3. Is it safe that root account doesn't have to have password set during installation, as this is the case in other distributions?

[vincent]

1. https://help.ubuntu.com/community/RootSudoTimeout

2. Mint works a bit differently than Ubuntu. In Ubuntu, root's password is set to gibberish which you don't know, thus locking you out of root, so your root account is "inactive". In Mint, your root password is the same password you created for your first user. Try it out; open up a terminal and type:

Code: Select all

su -

And enter your user password. You already have a root password, you just didn't know what it was 'til now!

3. As explained above, root does have a password setup during the installation. It's just that the Ubuntu's Ubiquity installer never asks you about it.

[dolphin]

1. My sudoers file looks like this:

Code: Select all

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults timestamp_timeout = 0

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root   ALL=(ALL) ALL

# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

When I open Synaptic and close it and try reopen I need retype password again. But when I open and close mintupdate and reopen it opens without asking for password again. Is it safe to have mintupdate lets call it 'active'?

2. I'm the only user of my linux and I'm in a admin group. Is it safe to have

Code: Select all

%admin ALL=(ALL) ALL

or should I limit privileges somehow?

3.

3. As explained above, root does have a password setup during the installation. It's just that the Ubuntu's Ubiquity installer never asks you about it.

Thats seems strange to me, because I've never seen this option in Mint. Maybe it would be a good idea to make this option more visible in Mint installer.
Now I established password for root with command

Code: Select all

sudo passwd

so now I have separate passwords for root and sudo.

[vincent]

Concerning point #1 and 2...that's what the default sudoers file looks like, and it's perfectly safe (and yes, the first user you create, with the installer, will be automatically added to the admin group; that means you're granted the right to use sudo. If you were to remove yourself from the admin group (without adding yourself in sudoers manually afterwards), you would not be able to run administrative commands with sudo anymore). What I don't know is why mintUpdate never requires a password after starting it for the first time, but I don't use mintUpdate anyways, so it's not a concern for me.

As for #3, Mint uses the Ubiquity installer as well, except for LMDE (the Debian version), which uses a barebones, written-from-scratch installer created by Clem and Ikey (and which still needs a lot of work, imo). Ubiquity does not allow you to set a root password during installation...this is one of its quirks. Practically every other Linux distro (ones not based on Ubuntu) have an option in the installer that allows you to explicitly set a root password, and Ubiquity is the sole exception. I suppose Ubuntu considers this more newbie-friendly.

[dolphin]

Does anyone know why mintupdate doesn't require a password when starting it for the second time? Maybe it is a bug?

[DrHu]

Does anyone know why mintupdate doesn't require a password when starting it for the second time? Maybe it is a bug?

It's a trade off between convenience and security
--for a single user computer, that is no one else is remotely connected to your machine; then the default 15mins of password aliveness is OK.

Treat it as a convenience that you are not asked for the password immediately after having used sudo, for the next root privilege needed within the same grouping (GUI or Terminal). Or if you prefer to always be asked for the password for consistency sake (and of course security), then adjust the /etc/sudoers file time settings

http://shibuvarkala.blogspot.com/2009/1 ... ering.html

Code: Select all

Defaults        env_reset , timestamp_timeout = X
Where X is the time that we remember the sudo password, if we put 0 (zero) that we always get the request.

[dolphin]

I added 'env_reset' so now it looks like this

Code: Select all

Defaults        env_reset , timestamp_timeout = 0

When I open mint update 4.0.7 for the first time from tray icon, I have to type in password. When I close it, it closes down to the tray icon but I can open it at any time, even after one or few hours, without retyping password. The situation changes only when I click right mouse button on the tray icon and close it. Only then the application seems to be really closed.
Then, when I go to Control Center and start mintupdate from there I have to type password again. But only in this situation, after closing tray icon first.

I think that closing mintupdate should send it to the tray icon but this operation should stop sudo privileges and should make application ask for password again, of course after time set in sudoers file. Am I correct?
At present closing mintupdate from main windows works as if I could only minimalize/close window, not the application. This is the case regardless whether I click on x - close window, or choose menu File and Close.

[julianmarble]

I'm grateful to know all the tips you've mentioned. I could used it for me to change my password. Great sharing of info! Thanks a lot.