Desktop Security
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Desktop Security
One of the things I find annoying about Linux is the need to enter my password multiple times in a session. This actually makes my computer less secure as I opt for a very simple password so I can enter it as quickly as possible. I was wondering if there was a way to add some granularity to the system. Commands that could/would hose the system issue a warning and require a password, depending on where in the system they are being executed. Changes to the system that may cause issues but the system would most likely still boot would simply get a warning messages. Instead of requiring a password to install an app, require it for the first run of the app, then mark that app as okay from now on. Also allowing the user to mark an app as 'good' so they don't have to enter their password if it needs to escalate would be nice.
I'm not saying this should be the default for everyone, but i find it strange that an OS that is all about customization, does not have a more granular and modular approach to security.
If you know of a way to accomplish these things I would be glad to hear it.
I'm not saying this should be the default for everyone, but i find it strange that an OS that is all about customization, does not have a more granular and modular approach to security.
If you know of a way to accomplish these things I would be glad to hear it.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Desktop Security
Security is not a question of granularity. If you would have the option to "mark the app as okay", it would mean, that an attacker could misuse this app to do what he wants. If such an option would exist, attackers would look up, for which apps this has been set - and bingo.
Besides that: I usually have to enter my password once (for login in) or twice (if there is an update available) per day. I don't see the problem.
Besides that: I usually have to enter my password once (for login in) or twice (if there is an update available) per day. I don't see the problem.
Re: Desktop Security
I bet you're setting up your system, and for that reason, making many more changes than you'll usually do. Yeah?
If that's the case, it's temporary. After all, Mint only requires a password when you're doing stuff that makes changes to the system, such as installing software and doing updates. Most of us don't do that more than once a day, if that.
That still means entering your password once for every new application, just like you're doing now. I don't see a big difference.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Desktop Security
Indeed. Perhaps the OP comes from MacOs and expects things done the 'MacOs way.' In fact the Mint way is measurably superior - you can install several applications from the software manager whilst only typing your password once.
Re: Desktop Security
Wow. Such nice passive aggressive responses to my post.
I am not going to try to continue this conversation by answering your many assumptions about me, or defend myself about how I use my computer. I posted my opinion and thoughts on how Linux mint could be made better in the hope of having a mature conversation. Instead I am told all is as it should be and that I am "holding it the wrong way." Talk about rude. Good day to you all.
I am not going to try to continue this conversation by answering your many assumptions about me, or defend myself about how I use my computer. I posted my opinion and thoughts on how Linux mint could be made better in the hope of having a mature conversation. Instead I am told all is as it should be and that I am "holding it the wrong way." Talk about rude. Good day to you all.
Re: Desktop Security
As an uninterested passer-by in this thread, I'd say you are over-reacting.
Re: Desktop Security
Given that you did not like the responses in earlier posts, it does make one wonder if you are just a troll, looking to stir up trouble. As has already been observed. Security is there for a purpose, like a chain it is only as good as its weakest link. I am still very much a newbie in the the things of Linux, and do find the security tedious, however, as a veteran Windows user, I also find it refreshing knowing that once set, things don't change without good reason. It's easier to maintain a stable system than one where tourists would gerfingerpoken in places that they shouldn't.
Fully mint Household
Out of my mind - please leave a message
Out of my mind - please leave a message
Re: Desktop Security
So far so good. But with this attempt you have to accept, that there are different opinions and thoughts. And as you accused the repliers for being aggressive you need to consider, that your reply appears much more aggressive. Your accusation is not even true at all:
There is in my reply not the least assumption. Doing accusations, which obviously are untrue, is aggressive and tells much about its author.
- Pjotr
- Level 23
- Posts: 19883
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Desktop Security
Well, that's indeed pretty much what's the case here...
You've submitted a technical idea, which was judged by the respondents in a serious, matter-of-fact and businesslike manner, and it was dismissed by them. With good arguments. I can't see the problem here?
My advice is: get used to the way that Linux Mint works. There's a reason why Linux Mint is as secure as it is.... You might find this article interesting, that I've written about security in Linux Mint:
https://sites.google.com/site/easylinux ... t/security
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Desktop Security
Thanks Pjotr, that explanation of security, and the attached graphic was both informative and entertaining.
Fully mint Household
Out of my mind - please leave a message
Out of my mind - please leave a message
Re: Desktop Security
If the 'MacOs' comment came off catty, I can understand how you might get that idea but it wasn't intended that way. More plainly stated: Typing a password to install an app at worst case (single installation) uses the same number of password entries as your suggestion. At best (installing multiple apps in one session) it requires fewer password entries.
Re: Desktop Security
I also think that the OP has some sort of problem.
My wife is also a typical computer user with a DOS and Windows background.
She wants No Passwords, ever. I have no problem with that.
every month or three I update her machine for her... and that is the Only time any password is needed.
She does not even know the root password or her user password, and has never needed either.
Ubuntu/Mint simplified it down to User only, to make it super easy.
She started using LMDE (Linux Mint Debian Edition) about 6 or 7 years ago, then moved to pure Debian about 1 year ago.
I installed the systems, with the apps she wants and a few I thought she may want in the future. That did require root and user password.
so, obviously if there is no futzing around, no password is needed... and that is on a very secure two factor system.
so, what gives Sir? explain your use case please.
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
- Pjotr
- Level 23
- Posts: 19883
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Desktop Security
I'd change that to weekly, if I were you.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Desktop Security
Well I simply don't understand the fuss. I have installed LM on at least 8 systems for other folks who are not computer geeks - and no complaints about passwords. They have all come from Windows, none from Mac (installed lubuntu on an old Mac mini my wife had then gave it away) and not one has complained or even mentioned that they have to enter their password more often than with Windows. I always set them up with auto-login (after my brother casually told me he lost forgot his LM password but could login anyway - no big deal). And as part of my LM security briefing I always explain the need to check for updates daily - so I suppose they are typically only using there password once each day.
Re: Desktop Security
Ya I've got a really simple password too, it seems like the only thing you can do to maintain reasonable security even though there's stuff that is password protected that has nothing to do with user security.
In fact there are some things that are kind of strange if you consider them from the point of user security.
If I create an encrypted zip container using a password other than my sudo pw on a usb and then use the usb format tool it will ask for my sudo password, upon entering my sudo password the tool proceeds to destroy my encrypted data. I can even simply choose to delete the zip without entering a password at all. Of course if I attempt to open system files some of them I can view without a password but I certainly can't delete them.
Why this disparity between the importance of user data and system files? User data is much more likely to be irreplaceable.
Which GPU is it safe to use? Why do I have to enter a password to switch that? Truth is this has nothing to do with security.
Updates anyone? Now the system contradicts itself, with flatpaks running auto updates and the rest of the software on the system requiring a password to install updates. This has nothing to do with security either.
Software runs on my system without requiring a password, it does on yours too. Right from your home folder. So a would be attacker could run amok in a users personal space installing whatever malicious software they choose in some hidden .config folder. Yet it isn't filling up with stuff I don't put in it.
Now there are other valid reasons for some of this, but they are not valid for everyone.
Security updates can and often do come on a daily basis, if you don't update a system for one to three months at a time then that system is insecure for more than 90 percent of the time. Now if entering that password once a month makes you feel more secure that is your prerogative.
I don't install updates often anymore because they seem to make my system more secure by breaking it, but this is clearly a case where people's reverence for the password is doing more harm than good.
It would be perfectly safe to actually set her machine to update automatically on a daily basis. Set up timeshift to take scheduled snapshots and her system will be reasonably stable too.
In the event that an update breaks something which is immediately apparent it would make isolating the update that broke the system a lot easier as well.
This thread is dripping with condescension. Its repulsive, such attitude only catalyzes people who are alienated, as the OP has been, to run as root.
Re: Desktop Security
because of the nature of Debian Stable we get much fewer security updates than you do. If something comes to me (I update daily, or more often) I can walk across the room, make a phone call, send a text, or visit. No big deal, that "every month or three" is guestimation from personal experience.stormryder wrote: ⤴Fri Apr 20, 2018 3:44 pmChronigan wrote: ⤴Tue Apr 17, 2018 10:28 pm <snip>Security updates can and often do come on a daily basis, if you don't update a system for one to three months at a time then that system is insecure for more than 90 percent of the time. Now if entering that password once a month makes you feel more secure that is your prerogative.<snip>
Worst case would be a reinstall, all Data is automatically backedup and updated off machine daily, so no damage.
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
- smurphos
- Level 18
- Posts: 8501
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Desktop Security
I'm not sure why when this type of question comes up people aren't just pointed in the direction of a sudoers / visudo tutorial with an appropriate disclaimer to ensure they understand what they are doing before making changes. It really doesn't look that problematic to modify the default behaviour so a user in the sudoers/admin group is permitted to escalate from the terminal without the requirement to enter a password, or to extend the timeout so the password is required less frequently or only once per session. People providing support might think that's a bad idea, but that's no reason not to point people in the right direction. It is their system after all.
e.g.
https://askubuntu.com/questions/147241/ ... le_rich_qa
https://www.garron.me/en/linux/visudo-c ... ditor.html
https://www.digitalocean.com/community/ ... and-centos
e.g.
https://askubuntu.com/questions/147241/ ... le_rich_qa
https://www.garron.me/en/linux/visudo-c ... ditor.html
https://www.digitalocean.com/community/ ... and-centos
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Re: Desktop Security
If you feel that that's the right answer, you should go ahead and give that answer. As long as it comes with some warning (the disclaimer you mentioned), I see nothing wrong with that. The forum is a collective effort; the answer to 'why isn't this done' will usually be 'go ahead and do it'.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
- smurphos
- Level 18
- Posts: 8501
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Desktop Security
Fair enough - off to a VM to test it first though...Moem wrote: ⤴Sat Apr 21, 2018 2:46 amIf you feel that that's the right answer, you should go ahead and give that answer. As long as it comes with some warning (the disclaimer you mentioned), I see nothing wrong with that. The forum is a collective effort; the answer to 'why isn't this done' will usually be 'go ahead and do it'.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.