In Ubuntu 18.4 I wonder why there are so many places where I’m required to enter a password that is always the same as my login password?
Today when I did the process to bring in a new software package, I had to enter my p/w again;
When I opened up the word processor that came with 18.4 and tried to open a file, I was again hit with a p/w requirement for a “group” and the box for the p/w had my actual name in the box as what, the head or member of a group?
I’m on my PC and no one else uses it but me, so as the one who created the dual boot on my windows 10 pc and loaded the Ubuntu, and created the login, why all the p/w requirements?
I’m kind of new user myself and agree that having to type that PW over and over again is a real pain in the a**. From all I read, it is highly recommended NOT to disable the root PW. But there are sites on the internet that tell you how to do it. One I found is;
that would be my suggestion. it may seem annoying or frustrating when learning to use a new system, but it is a security feature with a long history of being effective.
my understanding is that most of this has to do with how linux deals with file permissions. the link at the bottom covers the whole subject better than i could, but here are a few thoughts and examples.
if you create a text file and want to put that in your documents directory, the system won’t ask you for permission because you own both the file and the directory it is going in. you can see most of those permissions when you look at the properties of your documents directory in the file manager:
the difference on your system should be that Owner and Group should be the user name that you log in with.
in ubuntu, programs like firefox (and probably zim) are created in a directory located at /usr/bin. most system programs are created in /bin. those directories are both owned by and belong to the group “root”:
so if you want to install a new program or update an existing one, you need to provide proof to your system that you should be allowed access to those directories. your password provides that proof or authentication.
one reason i read today that helped me understand why it is a good idea to need that password when doing things like this described the possibility of going to a malicious website that was able to gain access to your system. if you have changed the settings for sudo to where it doesn’t need the password, suddenly that person has a much easier time of permanently compromising your system.
The reason why we have to put our password in, is because when you install Linux it asks for a password, as it is so much the norm in Linux. Windows gets attacked all the time because you as it’s user are set to administrator and instead of asking you for a password whilst installing something, it asks if you trust the person or site that you got that particular software from? Here in Linux you are setup as custom, which means you must put in your password, that you signed up with. A lot of people when they install Linux don’t bother with logging into their accounts. What if someone had say switched on your computer and they wanted to install something, say a Synaptic app for instance? They would need your password to be able to install. Windows users have theirs auto logging in too, but if someone wanted to install something on there, they’ll only have to tell the computer, by clicking yes on the do you trust this app or the site screen. So that is why we have passwords and we use them here in Linux. Windows you don’t which is why it’s full of security holes.
You can achieve the same, if you are logged in as root. However, that obviously opens every door to accidentally breaking your system or losing all your data.
Because I “own” most of my systems, here’s one of the things I do almost at the start of a new build :
sudo -i
export EDITOR=vi
visudo
And set “NOPASSWD” e.g. my username is “dan” :
dan ALL=(NOPASSWD): ALL
But - the GUI escalated privileges application I believe is gksu (not sudo) and it doesn’t read the “NOPASSWD” entries in /etc/sudoers, but I believe it must read /etc/sudoers or something (or else the installer does some trickery with pam files in /etc/pam.d/ ) otherwise it wouldn’t let you escalate.
Fortunately for me - there are VERY few things I do in the GUI that need escalated privileges, 95% of stuff I do - I do from the shell in a terminal, or on the console…
Just about the only time I ever need to type my password again, is when gnome prompts me for my keyring (i.e. my user password if I’ve got autologin enabled), and sometimes when I used “Software and Updates” to do stuff (like remove PPA’s I foolishly added), or to install “Additional Drivers” - but 90% of software installation and removal I do from command line, e.g. apt install, apt purge, dpkg -i $package_file.deb.
There’s also a bunch of servers I support where I’ve set “NOPASSWD” in sudoers for my account - this is because the customer does not have any configuration management in place (e.g. no puppet or ansible) - so to automate stuff I write single liner for loops to ssh to all these servers and sudo to change things (usually backup the file to be changed as part of the loop) - because I’m not about to write an expect script to do that…
