[SOLVED] Password for administrative tasks

Stanie · 2012-05-23 06:41:34

I have finally installed Waldorf instead of trying it only from live cd. So far it is almost perfect...
There is just one thing that bothers me though. And that is entering my password to perform administrative tasks all the time! There is an option to save the password for the whole session in debian wheezy/sid so I know it can be done somehow. Could anyone give me a hint how to accomplish it?

Last edited by Stanie (2012-05-28 16:58:23)

machinebacon · 2012-05-23 06:58:22

You mean the sudo session expiry time? These are the options for sudoers:

timestamp_timeout=NUMBER
passwd_timeout=NUMBER

These two lines can be added in sudoers (sudo visudo)

Please check here: http://www.gratisoft.us/sudo/sudoers.man.html

Last edited by machinebacon (2012-05-23 06:59:36)

Stanie · 2012-05-23 14:26:04

Yeah, I don't want to type my password for every single .deb package I want to install with gdebi. I usually have them in different folders and it is a real bother when I attemp to do it in a row.

Thanks for the link, interesting reading. But it didn't help. I have also tried this site https://wiki.archlinux.org/index.php/Su … he_timeout. But still no luck.
My /etc/sudoers looks like this

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
stanie ALL=(ALL:ALL) ALL

Defaults timestamp_timeout=15
Defaults passwd_timeout=15

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

On my other partition with debian sid xfce it works with no probs. And I had the same result with crunchified debian sid.

I have also tried to find any differences in /etc/xdg/autostart in policykit stuff, but nothing seems to differ so far...

snowpine · 2012-05-23 14:26:21

I do this:

sudo -i

Now I have a root terminal I can keep open in the corner of my desktop for all administrative tasks. smile

Stanie · 2012-05-23 15:10:19

snowpine wrote:

I do this:
sudo -i
Now I have a root terminal I can keep open in the corner of my desktop for all administrative tasks.

For that I can use su, but the terminal isn't the problem. There I can stay logged in for a while or till I close the window.
The trouble is with other apps that require sudo or root privileges. Like gdebi or when opening thunar as root or bleachbit as root - outside the terminal I mean.
For example I have a few games and apps in .deb packages and sometimes dpkg -i doesn't work especially with many dependencies, so the easiest way to install them is to double click it. Then gdebi opens and requires a password - that is good. But once I close it and try to install another .deb it wants me to enter my password again.
In debian sid there is an option to store the password for the whole session, so you don't have to enter it repeatedly...

machinebacon · 2012-05-23 16:13:29

The Defaults line should be in the first part, I guess. Or quite sure.

Edit:

Defaults:ALL timestamp_timeout=15

That's the one you need, valid for ALL users, and put in the first part where the other Defaults are.

Last edited by machinebacon (2012-05-23 16:18:12)

johnraff · 2012-05-23 17:08:42

How about opening Thunar as root with 'gksu thunar', then you should be able to double-click deb files without needing a password for gdebi.

Stanie · 2012-05-23 17:43:20

machinebacon wrote:

The Defaults line should be in the first part, I guess. Or quite sure.
Edit:
Defaults:ALL timestamp_timeout=15
That's the one you need, valid for ALL users, and put in the first part where the other Defaults are.

I have already tried Defaults:stanie timestamp_timeout=15; Defaults timestamp_timeout=15 and now Defaults:ALL timestamp_timeout=15 and no matter the location the result is the same for me as the only user. But it certainly looks better in the first part together with other Defaults.
And before in my previous post I obviously forgot to mention that it works - but only for entering commands from terminal...
So the culprit must be in PolicyKit or some other key storage config. Does it work for any of you? Can you open for example Thunar as root from Openbox menu and then immediately afterwards Synaptic without entering the password again?

johnraff wrote:

How about opening Thunar as root with 'gksu thunar', then you should be able to double-click deb files without needing a password for gdebi.

Yeah, that certainly is one way to do it. How come I haven't thought about this? Thinking outside the box big_smile I am probably a little spoilt from debian sid.

machinebacon · 2012-05-23 18:10:37

Ah I see big_smile You actually run sudo as another instance. Your second instance is not valid there (since version 1.7.4 something)

tty_tickets
If set, users must authenticate on a per-tty basis. Normally, sudo uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, sudo will use a file named for the tty the user is logged in on in that directory. This flag is on by default.

And this fits:

Major changes between version 1.7.4b2 and 1.7.4b3:
The tty_tickets option is now on by default.

You can check this behaviour if you open a terminal, apply sudo, then open another terminal, and try sudo there. It should in the new window ask you for a password again.

Last edited by machinebacon (2012-05-23 18:12:08)

Stanie · 2012-05-23 18:38:08

^ You are right! But I just checked and the same behaviour was in my debian sid. And still there the PolicyKit or storage or whatever works...

snowpine · 2012-05-23 20:18:53

Stanie wrote:

snowpine wrote:
I do this:
sudo -i
Now I have a root terminal I can keep open in the corner of my desktop for all administrative tasks.
For that I can use su, but the terminal isn't the problem. There I can stay logged in for a while or till I close the window.
The trouble is with other apps that require sudo or root privileges. Like gdebi or when opening thunar as root or bleachbit as root - outside the terminal I mean.

What I do is, into my root terminal, type:

gdebi &
thunar &

Stanie · 2012-05-23 21:10:49

^ Thanks, snowpine. It really seems, that opening everything from terminal is the best way to avoid entering password all the time.
The thing is that I have a lot of custom keyboard shortcuts for thunar as root, bleachbit as root, synaptic, gparted or even root terminal. In sid it is way faster to press the shortcut combo than opening terminal and writing the command (or an alias). If I could find a way to make it work in crunchbang waldorf as well, it would be great. But it is not a deal breaker...

pidsley · 2012-05-23 23:39:51

you can't bring your shortcuts from sid to waldorf?

Stanie · 2012-05-24 06:19:14

pidsley wrote:

you can't bring your shortcuts from sid to waldorf?

Of course I can. I have done it after install. I have even placed some of the commands in openbox menu. But every time I run a shortcut or click a menu item like gksudo thunar /, gksudo synaptic, gksudo bleachbit etc. I have to enter my password. And I mean every time! Even if I close thunar as root and then immediately open it again - here comes password request. In wheezy/sid there is an option to enter the password only once and store it for the rest of the session - much like if you use terminal. There you also don't fill password for every command, but only once every 15 or so minutes or until you close the terminal window.

Stanie · 2012-05-28 15:40:35

Well, I checked all my installed apps in both Waldorf and Sid XFCE and I seem to have all the necessary ones. Even autostart is almost the same. But I am unable to make it work in #! as it does in Debian Sid. It is probably some config file or other whatnot specific for XFCE...

Just to show you what I mean, look at the screenshots.

1) You can see, that in XFCE you have an option to save your password for the whole session

2) In Waldorf there is no such option, so you have to enter your password every time you want to start an app with root privileges outside the terminal (like synaptic from menu)

At least there was no problem to add #! repo (Statler so far - haven't tried Waldorf yet) into Debian Sid with xfce as I prefer Openbox. That way I can have the best of both worlds cool

pidsley · 2012-05-28 15:46:49

Have you seen this thread? Ozitraveller had the opposite issue -- wanted to remove the buttons from the Xfce dialog. I have not yet read the entire thread, but there might be some config tricks in there to let you go the opposite way...

(edit) I just tried this:

gconftool-2 --set /apps/gksu/sudo-mode --type bool false

And it added the "remember password" boxes to my gksu dialog...

(another edit) but the "remember password" doesn't seem to work... sad needs more research...

Last edited by pidsley (2012-05-28 17:36:22)

Stanie · 2012-05-28 16:07:39

^ Pity indeed. Just tried it with the same result.
It looks promising, though.

pidsley · 2012-05-28 16:11:31

Stanie wrote:

^ Pity indeed. Just tried it with the same result.
It looks promising, though.

^ still working on it...

(edit) OK weird. I tried gksudo instead of gksu, and it seems to work like sudo (it remembers my password). The gksudo dialog doesn't have "remember password" but it seems to do it anyway (it's working like sudo).

I just logged out and logged back in, and it still works that way -- I have my custom actions in thunar set to use gksudo instead of gksu, and the first time I "edit file as root" with this

gksudo "leafpad %f"

I get asked for my password. But after that I can edit as root, open root terminals, all with gksudo and no password. If I switch the custom action to use gksu, I get asked for the password every time. I can't duplicate what you're seeing.

Last edited by pidsley (2012-05-28 16:54:18)

Stanie · 2012-05-28 16:37:51

Damn, you're fast. I just wanted to write down, that it works after restart, but I fiddled a little with /bin/ execs to make it work with gksu instead of gksudo lol
But kudos to you!!! Thanks for the link to the other thread - it was very useful.

pidsley · 2012-05-28 16:43:51

^ so do you have the "remember password" dialog working now, or does it just work?

Stanie · 2012-05-28 16:55:24

pidsley wrote:

^ so do you have the "remember password" dialog working now, or does it just work?

Ok. I'm back. Tried logout and restart to be sure, that it really works.
I have it working with gksu instead of gksudo (that's the way I prefer it). My gksu dialog has the "remember password" option and actually remembers it. My gksudo dialog doesn't have "remember password" option and I have to enter my password every time I run it.

pidsley · 2012-05-28 16:58:44

^ sweet! what did you do to make the gksu dialog work (for the next person who finds this thread)?

Last edited by pidsley (2012-05-28 17:04:47)

Stanie · 2012-05-28 17:06:13

pidsley wrote:

^ sweet! what did you do to make the gksu dialog work?
(and if you're happy, mark your thread solved before rhowaldt finds you)
(edit -- never mind, I see you already did it)

Yeah, I am indeed very happy now.

Back to your question. I checked my debian execs in usr and bin and copied su into #! where it was missing. But I honestly can't remember which directory it was. Check if you have /bin/su in your crunchbang. If not, that is the one I copied.

Last edited by Stanie (2012-05-28 17:15:37)

pidsley · 2012-05-28 17:14:01

Thanks. I have /bin/su but the dialog still asks for my password. Not a problem -- I never use gksu and only rarely use gksudo. I just like solving problems...

Stanie · 2012-05-28 17:18:14

pidsley wrote:

Thanks. I have /bin/su but the dialog still asks for my password. Not a problem -- I never use gksu and only rarely use gksudo. I just like solving problems...

Hopefully I will be able to recreate my steps in the future, because I rarely use gksudo.
Thanks again!

CrunchBang Linux

SEARCH

#1 2012-05-23 06:41:34

[SOLVED] Password for administrative tasks

#2 2012-05-23 06:58:22

Re: [SOLVED] Password for administrative tasks

#3 2012-05-23 14:26:04

Re: [SOLVED] Password for administrative tasks

#4 2012-05-23 14:26:21

Re: [SOLVED] Password for administrative tasks

#5 2012-05-23 15:10:19

Re: [SOLVED] Password for administrative tasks

#6 2012-05-23 16:13:29

Re: [SOLVED] Password for administrative tasks

#7 2012-05-23 17:08:42

Re: [SOLVED] Password for administrative tasks

#8 2012-05-23 17:43:20

Re: [SOLVED] Password for administrative tasks

#9 2012-05-23 18:10:37

Re: [SOLVED] Password for administrative tasks

#10 2012-05-23 18:38:08

Re: [SOLVED] Password for administrative tasks

#11 2012-05-23 20:18:53

Re: [SOLVED] Password for administrative tasks

#12 2012-05-23 21:10:49

Re: [SOLVED] Password for administrative tasks

#13 2012-05-23 23:39:51

Re: [SOLVED] Password for administrative tasks

#14 2012-05-24 06:19:14

Re: [SOLVED] Password for administrative tasks

#15 2012-05-28 15:40:35

Re: [SOLVED] Password for administrative tasks

#16 2012-05-28 15:46:49

Re: [SOLVED] Password for administrative tasks

#17 2012-05-28 16:07:39

Re: [SOLVED] Password for administrative tasks

#18 2012-05-28 16:11:31

Re: [SOLVED] Password for administrative tasks

#19 2012-05-28 16:37:51

Re: [SOLVED] Password for administrative tasks

#20 2012-05-28 16:43:51

Re: [SOLVED] Password for administrative tasks

#21 2012-05-28 16:55:24

Re: [SOLVED] Password for administrative tasks

#22 2012-05-28 16:58:44

Re: [SOLVED] Password for administrative tasks

#23 2012-05-28 17:06:13

Re: [SOLVED] Password for administrative tasks

#24 2012-05-28 17:14:01

Re: [SOLVED] Password for administrative tasks

#25 2012-05-28 17:18:14

Re: [SOLVED] Password for administrative tasks

Board footer