Required password for Update Manager

Write suggestions and new ideas in here
More ideas here http://community.linuxmint.com/idea/welcome
Forum rules
  • Only post ideas here that are specifically about the Linux Mint distribution or its websites.
  • So that developers and users from any distribution can discuss ideas in one place, post ideas about improving software to the collaboration website for that software instead.
Post Reply
User avatar
palo
Level 4
Level 4
Posts: 459
Joined: Mon Jun 25, 2012 7:28 am
Location: Walking on sunshine

Required password for Update Manager

Post by palo » Sun Jul 27, 2014 9:14 am

Testing Qiana and find after starting Update Manager that a password is required to change software sources and run updates but it is not required when holding and unholding packages. It seems inconsistent security to allow an unprivileged user to do this. Would be better to have the same required authentication for this function as the other functions. An unprivileged user can also change things in preferences that could affect system stability, so requiring a password to start the opening of Update Manger would be even better.

Monsta
Level 10
Level 10
Posts: 3012
Joined: Fri Aug 19, 2011 3:46 am

Re: Required password for Update Manager

Post by Monsta » Mon Jul 28, 2014 7:42 am

I don't see anything to worry about.
Holding packages means writing them to the blacklist for the current user (~/.config/linuxmint/mintupdate.ignored). This blacklist is read and written only by mintUpdate.

In other words, it's not system-wide and it's totally ignored by apt-get/aptitude/Synaptic/whatever else except mintUpdate.

Still want a password for that? :)

User avatar
palo
Level 4
Level 4
Posts: 459
Joined: Mon Jun 25, 2012 7:28 am
Location: Walking on sunshine

Re: Required password for Update Manager

Post by palo » Tue Jul 29, 2014 1:03 pm

Monsta wrote:I don't see anything to worry about.
Holding packages means writing them to the blacklist for the current user (~/.config/linuxmint/mintupdate.ignored). This blacklist is read and written only by mintUpdate.

In other words, it's not system-wide and it's totally ignored by apt-get/aptitude/Synaptic/whatever else except mintUpdate.

Still want a password for that? :)
You are right - there is nothing to worry about but there are some people that use MintUpdate and let others use the computer. Consider this scenario:
Monsta lets Monsta jr use the computer. Monsta jr is a fearless explorer and clicker - he clicks on the icon in the panel and it opens. Exploring the preferences options finds the Levels tab and puts a check for "Always select and trust security updates", closes and done. Now the next day Monsta runs update manager without much attention to details because it is just routine but later finds the kernel has been updated (for example) but it shouldn't have according the the preferences Monsta set.

Okay it is a silly example but the point is that Mint 13 required a password to start the Update Manager whereas Mint 17 does not require the password to start the Update Manager and is that the best decision? If nobody else thinks it should be changed back then it is a worthless suggestion. That is what it is.

Windowbreaker
Level 1
Level 1
Posts: 34
Joined: Sun May 11, 2014 12:08 pm
Location: Wisconsin USA

Re: Required password for Update Manager

Post by Windowbreaker » Tue Jul 29, 2014 11:12 pm

What about those of us who live in a secure dwelling and are the only hands that ever touch their computers? If Update Manager would automatically place the cursor in the password box, maybe I wouldn't be such a grouch about it, but my Mint PC is on my left side and my left-handed mousing is less than accurate. I'd prefer to not need a password for updating. Let me select the updates and click install. But it's more secure the other way, even for single-user scenarios...
It has now been 18 years since I first installed Linux (Corel Linux, June 2000) and 9 years since Linux has been on at least one of my computers (currently Mint 18.3, Raspbian Jessie, and <cough> Windows 7)

Monsta
Level 10
Level 10
Posts: 3012
Joined: Fri Aug 19, 2011 3:46 am

Re: Required password for Update Manager

Post by Monsta » Wed Jul 30, 2014 3:06 am

palo wrote:Consider this scenario
This is a general problem of letting someone use your account instead of creating a separate one for that person. It's not just mintUpdate issue - the "fearless clickers" might do wrong things to any other application.
palo wrote:Mint 13 required a password to start the Update Manager whereas Mint 17 does not require the password to start the Update Manager
And now you can refresh the list of updates, view them, select/deselect them, change any preferences and do other stuff without having to type your password. Only if you decide to actually install/upgrade something you'll have to enter it.
It's so convenient that I'm already irritated at the way mintupdate-debian works in LMDE (it still works the old way, requiring a password first). :)

User avatar
palo
Level 4
Level 4
Posts: 459
Joined: Mon Jun 25, 2012 7:28 am
Location: Walking on sunshine

Re: Required password for Update Manager

Post by palo » Wed Jul 30, 2014 5:20 am

I get that many would like a system where you don't need to type passwords period (I'm not one of them).
Monsta wrote:And now you can refresh the list of updates, view them, select/deselect them, change any preferences and do other stuff without having to type your password. Only if you decide to actually install/upgrade something you'll have to enter it.
Well you still have to type a password - it is just a matter of when :)

Edit: If you want to make a change to repository sources and do updates you can have the pleasure of entering your password twice.
Last edited by palo on Wed Jul 30, 2014 5:42 am, edited 1 time in total.

User avatar
PatH57
Level 13
Level 13
Posts: 4576
Joined: Tue Mar 25, 2014 12:11 pm
Location: here and there

Re: Required password for Update Manager

Post by PatH57 » Wed Jul 30, 2014 5:28 am

freedom of linux, you decide "when" :wink:
People disagree with me. I just ignore them.
(Linus Torvalds, regarding the use of C++ for the Linux kernel.)

Please Add [Solved] to the topic-title of your first post when appropriate so others know they might find a solution here.

User avatar
palo
Level 4
Level 4
Posts: 459
Joined: Mon Jun 25, 2012 7:28 am
Location: Walking on sunshine

Re: Required password for Update Manager

Post by palo » Wed Jul 30, 2014 5:39 am

PatH57 wrote:freedom of linux, you decide "when" :wink:
A false sense of freedom - do you really get to decide?

User avatar
PatH57
Level 13
Level 13
Posts: 4576
Joined: Tue Mar 25, 2014 12:11 pm
Location: here and there

Re: Required password for Update Manager

Post by PatH57 » Wed Jul 30, 2014 5:42 am

never, ask your wife, girlfriend or boyfriend they just smile at you and say "yes honey" :mrgreen:
no wonder I divorced twice
People disagree with me. I just ignore them.
(Linus Torvalds, regarding the use of C++ for the Linux kernel.)

Please Add [Solved] to the topic-title of your first post when appropriate so others know they might find a solution here.

Monsta
Level 10
Level 10
Posts: 3012
Joined: Fri Aug 19, 2011 3:46 am

Re: Required password for Update Manager

Post by Monsta » Wed Jul 30, 2014 6:30 am

palo wrote:Edit: If you want to make a change to repository sources and do updates you can have the pleasure of entering your password twice.
Do you change the sources that often to complain about it? :)

User avatar
palo
Level 4
Level 4
Posts: 459
Joined: Mon Jun 25, 2012 7:28 am
Location: Walking on sunshine

Re: Required password for Update Manager

Post by palo » Wed Jul 30, 2014 6:57 am

Monsta wrote:Do you change the sources that often to complain about it? :)
This isn't the complaint department and I'm not complaining (well maybe some) :wink:

Just trying to make the suggestion that between the Mint 13 way and the Mint 17 way, the more sensible way would appear to be the old way and the preferred way would be the way most users want it. At this point you appear to be "most users". I do not do updates this way at all - just came across it while playing in VBox. I (and anyone else using my computer) operate from an unprivileged account and sudo and authentications are never required. I just su in terminal and start everything from there - no password nagging at all. It appears now anyone can muck with Mint Update in any account.

This just appears to be a weakness in what was a secure system IMO and I would prefer to stay with 13 at this point or hide the option for the update manager in 17 if I go that route (I'll just miss that little shield telling me there are updates) - no biggie. I don't care how many passwords you have to enter - I use one to rule them all.

Post Reply

Return to “Suggestions & New Ideas”