Desktop Security

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Chronigan

Desktop Security

Post by Chronigan »

One of the things I find annoying about Linux is the need to enter my password multiple times in a session. This actually makes my computer less secure as I opt for a very simple password so I can enter it as quickly as possible. I was wondering if there was a way to add some granularity to the system. Commands that could/would hose the system issue a warning and require a password, depending on where in the system they are being executed. Changes to the system that may cause issues but the system would most likely still boot would simply get a warning messages. Instead of requiring a password to install an app, require it for the first run of the app, then mark that app as okay from now on. Also allowing the user to mark an app as 'good' so they don't have to enter their password if it needs to escalate would be nice.

I'm not saying this should be the default for everyone, but i find it strange that an OS that is all about customization, does not have a more granular and modular approach to security.

If you know of a way to accomplish these things I would be glad to hear it.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Cosmo.
Level 24
Level 24
Posts: 22968
Joined: Sat Dec 06, 2014 7:34 am

Re: Desktop Security

Post by Cosmo. »

Security is not a question of granularity. If you would have the option to "mark the app as okay", it would mean, that an attacker could misuse this app to do what he wants. If such an option would exist, attackers would look up, for which apps this has been set - and bingo.

Besides that: I usually have to enter my password once (for login in) or twice (if there is an update available) per day. I don't see the problem.
User avatar
Moem
Level 22
Level 22
Posts: 16226
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Desktop Security

Post by Moem »

Chronigan wrote: Tue Apr 17, 2018 10:28 pm One of the things I find annoying about Linux is the need to enter my password multiple times in a session.
I bet you're setting up your system, and for that reason, making many more changes than you'll usually do. Yeah?
If that's the case, it's temporary. After all, Mint only requires a password when you're doing stuff that makes changes to the system, such as installing software and doing updates. Most of us don't do that more than once a day, if that.
Chronigan wrote: Tue Apr 17, 2018 10:28 pm Instead of requiring a password to install an app, require it for the first run of the app, then mark that app as okay from now on.
That still means entering your password once for every new application, just like you're doing now. I don't see a big difference.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
User avatar
majpooper
Level 8
Level 8
Posts: 2084
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Desktop Security

Post by majpooper »

Chronigan wrote: Tue Apr 17, 2018 10:28 pm One of the things I find annoying about Linux is the need to enter my password multiple times in a session.
I have to agree - something does not seem right here. Why are you making system changes so frequently?
MintBean

Re: Desktop Security

Post by MintBean »

Moem wrote: Wed Apr 18, 2018 6:36 amThat still means entering your password once for every new application, just like you're doing now. I don't see a big difference.
Indeed. Perhaps the OP comes from MacOs and expects things done the 'MacOs way.' In fact the Mint way is measurably superior - you can install several applications from the software manager whilst only typing your password once.
Chronigan

Re: Desktop Security

Post by Chronigan »

Wow. Such nice passive aggressive responses to my post.

I am not going to try to continue this conversation by answering your many assumptions about me, or defend myself about how I use my computer. I posted my opinion and thoughts on how Linux mint could be made better in the hope of having a mature conversation. Instead I am told all is as it should be and that I am "holding it the wrong way." Talk about rude. Good day to you all.
User avatar
Schultz
Level 9
Level 9
Posts: 2935
Joined: Thu Feb 25, 2016 8:57 pm

Re: Desktop Security

Post by Schultz »

As an uninterested passer-by in this thread, I'd say you are over-reacting.
User avatar
lsemmens
Level 11
Level 11
Posts: 3936
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Desktop Security

Post by lsemmens »

Given that you did not like the responses in earlier posts, it does make one wonder if you are just a troll, looking to stir up trouble. As has already been observed. Security is there for a purpose, like a chain it is only as good as its weakest link. I am still very much a newbie in the the things of Linux, and do find the security tedious, however, as a veteran Windows user, I also find it refreshing knowing that once set, things don't change without good reason. It's easier to maintain a stable system than one where tourists would gerfingerpoken in places that they shouldn't.
Fully mint Household
Out of my mind - please leave a message
Cosmo.
Level 24
Level 24
Posts: 22968
Joined: Sat Dec 06, 2014 7:34 am

Re: Desktop Security

Post by Cosmo. »

Chronigan wrote: Wed Apr 18, 2018 8:51 pm I posted my opinion and thoughts on how Linux mint could be made better in the hope of having a mature conversation.
So far so good. But with this attempt you have to accept, that there are different opinions and thoughts. And as you accused the repliers for being aggressive you need to consider, that your reply appears much more aggressive. Your accusation is not even true at all:
Chronigan wrote: Wed Apr 18, 2018 8:51 pm Such nice passive aggressive responses to my post.
...
I am not going to try to continue this conversation by answering your many assumptions about me
There is in my reply not the least assumption. Doing accusations, which obviously are untrue, is aggressive and tells much about its author.
User avatar
Pjotr
Level 23
Level 23
Posts: 19883
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Desktop Security

Post by Pjotr »

Chronigan wrote: Wed Apr 18, 2018 8:51 pm I am told all is as it should be and that I am "holding it the wrong way."
Well, that's indeed pretty much what's the case here... :lol:

You've submitted a technical idea, which was judged by the respondents in a serious, matter-of-fact and businesslike manner, and it was dismissed by them. With good arguments. I can't see the problem here? :?

My advice is: get used to the way that Linux Mint works. There's a reason why Linux Mint is as secure as it is.... You might find this article interesting, that I've written about security in Linux Mint:
https://sites.google.com/site/easylinux ... t/security
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
User avatar
lsemmens
Level 11
Level 11
Posts: 3936
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Desktop Security

Post by lsemmens »

Thanks Pjotr, that explanation of security, and the attached graphic was both informative and entertaining.
Fully mint Household
Out of my mind - please leave a message
MintBean

Re: Desktop Security

Post by MintBean »

If the 'MacOs' comment came off catty, I can understand how you might get that idea but it wasn't intended that way. More plainly stated: Typing a password to install an app at worst case (single installation) uses the same number of password entries as your suggestion. At best (installing multiple apps in one session) it requires fewer password entries.
User avatar
sdibaja
Level 5
Level 5
Posts: 900
Joined: Sun May 08, 2011 12:57 pm
Location: Baja California, Mexico

Re: Desktop Security

Post by sdibaja »

majpooper wrote: Wed Apr 18, 2018 11:59 am
Chronigan wrote: Tue Apr 17, 2018 10:28 pm One of the things I find annoying about Linux is the need to enter my password multiple times in a session.
I have to agree - something does not seem right here. Why are you making system changes so frequently?
I also think that the OP has some sort of problem.

My wife is also a typical computer user with a DOS and Windows background.
She wants No Passwords, ever. I have no problem with that.
every month or three I update her machine for her... and that is the Only time any password is needed.
She does not even know the root password or her user password, and has never needed either.

Ubuntu/Mint simplified it down to User only, to make it super easy.

She started using LMDE (Linux Mint Debian Edition) about 6 or 7 years ago, then moved to pure Debian about 1 year ago.
I installed the systems, with the apps she wants and a few I thought she may want in the future. That did require root and user password.

so, obviously if there is no futzing around, no password is needed... and that is on a very secure two factor system.

so, what gives Sir? explain your use case please.
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
User avatar
Pjotr
Level 23
Level 23
Posts: 19883
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Desktop Security

Post by Pjotr »

sdibaja wrote: Thu Apr 19, 2018 10:47 pm every month or three I update her machine for her...
I'd change that to weekly, if I were you. :wink:
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
User avatar
majpooper
Level 8
Level 8
Posts: 2084
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Desktop Security

Post by majpooper »

Well I simply don't understand the fuss. I have installed LM on at least 8 systems for other folks who are not computer geeks - and no complaints about passwords. They have all come from Windows, none from Mac (installed lubuntu on an old Mac mini my wife had then gave it away) and not one has complained or even mentioned that they have to enter their password more often than with Windows. I always set them up with auto-login (after my brother casually told me he lost forgot his LM password but could login anyway - no big deal). And as part of my LM security briefing I always explain the need to check for updates daily - so I suppose they are typically only using there password once each day.
stormryder

Re: Desktop Security

Post by stormryder »

Chronigan wrote: Tue Apr 17, 2018 10:28 pm I opt for a very simple password so I can enter it as quickly as possible.
Ya I've got a really simple password too, it seems like the only thing you can do to maintain reasonable security even though there's stuff that is password protected that has nothing to do with user security.
In fact there are some things that are kind of strange if you consider them from the point of user security.

If I create an encrypted zip container using a password other than my sudo pw on a usb and then use the usb format tool it will ask for my sudo password, upon entering my sudo password the tool proceeds to destroy my encrypted data. I can even simply choose to delete the zip without entering a password at all. Of course if I attempt to open system files some of them I can view without a password but I certainly can't delete them.
Why this disparity between the importance of user data and system files? User data is much more likely to be irreplaceable.

Which GPU is it safe to use? Why do I have to enter a password to switch that? Truth is this has nothing to do with security.

Updates anyone? Now the system contradicts itself, with flatpaks running auto updates and the rest of the software on the system requiring a password to install updates. This has nothing to do with security either.

Software runs on my system without requiring a password, it does on yours too. Right from your home folder. So a would be attacker could run amok in a users personal space installing whatever malicious software they choose in some hidden .config folder. Yet it isn't filling up with stuff I don't put in it.

Now there are other valid reasons for some of this, but they are not valid for everyone.
surabaja wrote: Thu Apr 19, 2018 10:47 pm every month or three I update her machine for her
Security updates can and often do come on a daily basis, if you don't update a system for one to three months at a time then that system is insecure for more than 90 percent of the time. Now if entering that password once a month makes you feel more secure that is your prerogative.
Pjotr wrote: Fri Apr 20, 2018 4:37 am I'd change that to weekly, if I were you.
I don't install updates often anymore because they seem to make my system more secure by breaking it, but this is clearly a case where people's reverence for the password is doing more harm than good.
It would be perfectly safe to actually set her machine to update automatically on a daily basis. Set up timeshift to take scheduled snapshots and her system will be reasonably stable too.
In the event that an update breaks something which is immediately apparent it would make isolating the update that broke the system a lot easier as well.

This thread is dripping with condescension. Its repulsive, such attitude only catalyzes people who are alienated, as the OP has been, to run as root.
User avatar
sdibaja
Level 5
Level 5
Posts: 900
Joined: Sun May 08, 2011 12:57 pm
Location: Baja California, Mexico

Re: Desktop Security

Post by sdibaja »

stormryder wrote: Fri Apr 20, 2018 3:44 pm
Chronigan wrote: Tue Apr 17, 2018 10:28 pm <snip>
surabaja wrote: Thu Apr 19, 2018 10:47 pm every month or three I update her machine for her
Security updates can and often do come on a daily basis, if you don't update a system for one to three months at a time then that system is insecure for more than 90 percent of the time. Now if entering that password once a month makes you feel more secure that is your prerogative.
Pjotr wrote: Fri Apr 20, 2018 4:37 am I'd change that to weekly, if I were you.
<snip>
because of the nature of Debian Stable we get much fewer security updates than you do. If something comes to me (I update daily, or more often) I can walk across the room, make a phone call, send a text, or visit. No big deal, that "every month or three" is guestimation from personal experience.
Worst case would be a reinstall, all Data is automatically backedup and updated off machine daily, so no damage.
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
User avatar
smurphos
Level 18
Level 18
Posts: 8501
Joined: Fri Sep 05, 2014 12:18 am
Location: Irish Brit in Portugal
Contact:

Re: Desktop Security

Post by smurphos »

I'm not sure why when this type of question comes up people aren't just pointed in the direction of a sudoers / visudo tutorial with an appropriate disclaimer to ensure they understand what they are doing before making changes. It really doesn't look that problematic to modify the default behaviour so a user in the sudoers/admin group is permitted to escalate from the terminal without the requirement to enter a password, or to extend the timeout so the password is required less frequently or only once per session. People providing support might think that's a bad idea, but that's no reason not to point people in the right direction. It is their system after all.

e.g.

https://askubuntu.com/questions/147241/ ... le_rich_qa
https://www.garron.me/en/linux/visudo-c ... ditor.html
https://www.digitalocean.com/community/ ... and-centos
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
User avatar
Moem
Level 22
Level 22
Posts: 16226
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Desktop Security

Post by Moem »

smurphos wrote: Fri Apr 20, 2018 10:52 pm I'm not sure why when this type of question comes up people aren't just pointed in the direction of a sudoers / visudo tutorial with an appropriate disclaimer to ensure they understand what they are doing before making changes.
If you feel that that's the right answer, you should go ahead and give that answer. As long as it comes with some warning (the disclaimer you mentioned), I see nothing wrong with that. The forum is a collective effort; the answer to 'why isn't this done' will usually be 'go ahead and do it'.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
User avatar
smurphos
Level 18
Level 18
Posts: 8501
Joined: Fri Sep 05, 2014 12:18 am
Location: Irish Brit in Portugal
Contact:

Re: Desktop Security

Post by smurphos »

Moem wrote: Sat Apr 21, 2018 2:46 am
smurphos wrote: Fri Apr 20, 2018 10:52 pm I'm not sure why when this type of question comes up people aren't just pointed in the direction of a sudoers / visudo tutorial with an appropriate disclaimer to ensure they understand what they are doing before making changes.
If you feel that that's the right answer, you should go ahead and give that answer. As long as it comes with some warning (the disclaimer you mentioned), I see nothing wrong with that. The forum is a collective effort; the answer to 'why isn't this done' will usually be 'go ahead and do it'.
Fair enough - off to a VM to test it first though... :)
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Locked

Return to “Other topics”