Bug #11013

Consider removing applications that require administration password from menu if no password is set

Added by muri 2016-01-27 18:40:38 . Updated 2018-10-09 02:10:11 .

Status:
Resolved
Priority:
Normal
Assignee:
sajolida
Category:
Target version:
Start date:
2016-01-27
Due date:
% Done:

100%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Additional Software Packages
Deliverable for:
299

Description

if no root password is set and a user clicks on the root terminal, it looks as if it would start and fails to do so. i thing we should remove the item from the menu, if no password is set.
(you can assign to me, if you trust me doing this. i think i could have a look)


Files


Subtasks


Related issues

Related to Tails - Feature #9554: Explain how to set an administration password instead of asking for one when none is set Confirmed 2015-06-10

History

#1 Updated by muri 2016-01-28 21:41:16

  • QA Check set to Ready for QA
  • Affected tool set to Greeter

oke, i think that can be done in greeter.
i’ve pushed a commit on https://gitlab.com/muri/greeter, branch fix-11013, 7426218 “added a line that disables gksu and synaptic from applications menu if no password is set”
(i didn’t have time to test this, bc i would have to build an iso and i don’t know how just yet)

#2 Updated by sajolida 2016-01-29 14:19:22

  • related to Feature #9554: Explain how to set an administration password instead of asking for one when none is set added

#3 Updated by sajolida 2016-01-29 14:25:30

  • Subject changed from remove root terminal from menu if no root password is set to Remove applications that require administration password from menu if no password is set
  • Status changed from New to Confirmed
  • Assignee set to muri
  • QA Check changed from Ready for QA to Info Needed

Super cool! I’m marking this as related to Feature #9554.

I think that the long-term solution should be the one described in Feature #9554, but I would be in favor of temporarily removing these items from the menu for the time being if you come up with a patch for this (as it seems easier to implement than Feature #9554 and we have a volunteer).

Then people might wonder “why isn’t there Synaptic or Root Terminal in Tails?” and maybe find in the documentation that they need a password for this to appear. But I think this is still better than asking a question that has no possible answer.

Note that as a consequence, we might have to adjust something in the documentation. I’ll do this once we have a working patch.

Regarding building and ISO and testing, I could push your branch on the main repo and then it will be built automatically. Then you can download the ISO and see the result.

But right now I can’t find your branch, can you make sure it’s pushed?

#4 Updated by muri 2016-01-29 15:49:45

sajolida wrote:
> Super cool! I’m marking this as related to Feature #9554.
ah, oke- yeah, i’ll look into that

> Regarding building and ISO and testing, I could push your branch on the main repo and then it will be built automatically. Then you can download the ISO and see the result.
i will look into building the iso, cannot be that hard ;)

> But right now I can’t find your branch, can you make sure it’s pushed?
yes, it’s there: https://gitlab.com/muri/greeter/tree/fix-11013
it’s only one additional line, i’ve now also attached a patch

#5 Updated by sajolida 2016-01-31 10:57:16

Damn, I’m realizing now that this is a branch on the Greeter and not on the main repo. So actually, building an ISO wouldn’t help (unless you build a tails-greeter package first).

So feel free to reassign this to anonym (RM for 2.2) whenever you think this is ready as I won’t be able to test these changes myself (I don’t know how to build a Debian package).

#6 Updated by muri 2016-02-03 18:14:45

  • Assignee changed from muri to anonym

oke, so i’ve built an iso with the patched file and it works as expected. i’m not sure if its the right way to do that in the greeter, but it works for now (one could also use a user-startup script and hide the desktop files if there are no sudo permissions).

i’ve added laptop-mode-tools to the list of hidden applicatins:
https://gitlab.com/muri/greeter.git fix-11013
d9a2f8f85c47dfb0d71c5a5cb648525b05f905a6 added laptop-mode-tools to hidden apps when not root

#7 Updated by muri 2016-02-03 18:14:58

  • QA Check changed from Info Needed to Ready for QA

#8 Updated by anonym 2016-02-04 19:18:47

  • Assignee changed from anonym to muri
  • % Done changed from 0 to 60
  • QA Check changed from Ready for QA to Info Needed

It looks good! I think I’d prefer to simply rm the files, though. Any reason not to? FTR I certainly could merge this in its current shape, but IMHO it’s a good thing if we can stick to really basic things, to make the code boring, uncreative, unsurprising and less dependent on knowing obscure .desktop properties (=> good for maintainability). :)

> i’m not sure if its the right way to do that in the greeter

Well, it clearly feels wrong, doesn’t it? :) The problem is that we haven’t implemented a proper way to do post-greeter hooks. Probably the PostLogin file should be mostly reduced to something that just run-parts all scripts in /etc/tails-greeter.d. But we’re not there yet, so you did the right thing.

#9 Updated by intrigeri 2016-02-04 19:30:51

  • Target version set to Tails_2.2

#10 Updated by muri 2016-02-05 18:43:00

  • Assignee changed from muri to anonym

On 02/04/2016 08:18 PM, redmine@labs.riseup.net wrote:
> It looks good! I think I’d prefer to simply rm the files, though. Any reason not to? FTR I certainly could merge this in its current shape, but IMHO it’s a good thing if we can stick to really basic things, to make the code boring, uncreative, unsurprising and less dependent on knowing obscure .desktop properties (=> good for maintainability). :)
yes, you’re totally right- i’ve pushed
c2252f7e93c140b182983bcd6816440250ad9bcd replacing the Hidden=true
with rm

>> i’m not sure if its the right way to do that in the greeter
>
> Well, it clearly feels wrong, doesn’t it? :) The problem is that we haven’t implemented a proper way to do post-greeter hooks. Probably the PostLogin file should be mostly reduced to something that just run-parts all scripts in /etc/tails-greeter.d. But we’re not there yet, so you did the right thing.
well, there would also be the way of doing it as a user startup script:
copy the relevant .desktop files to .local/share/applications and
add the Hidden=true. that would then be a fix independent of the greeter

#11 Updated by anonym 2016-02-08 14:11:16

  • QA Check changed from Info Needed to Ready for QA

#12 Updated by anonym 2016-02-09 10:54:06

  • Status changed from Confirmed to Fix committed
  • Assignee deleted (anonym)
  • % Done changed from 60 to 100
  • QA Check changed from Ready for QA to Pass

Merged! Thanks for your contribution!

[I won’t bother preparing and uploading a new Tails Greeter package for this but it will of course end up in Tails 2.2.]

#13 Updated by anonym 2016-03-08 19:02:56

  • Status changed from Fix committed to Resolved

#14 Updated by sajolida 2018-01-28 18:26:20

  • Status changed from Resolved to New
  • Assignee set to sajolida
  • Target version deleted (Tails_2.2)
  • % Done changed from 100 to 0
  • Parent task set to Feature #14568
  • QA Check changed from Pass to Dev Needed
  • Type of work changed from Code to Discuss

This lead to problems while testing Additional Software, so I’ll give it a bit more thoughts.

#15 Updated by sajolida 2018-01-29 10:48:35

  • related to deleted (Feature #9554: Explain how to set an administration password instead of asking for one when none is set)

#16 Updated by sajolida 2018-01-29 10:48:44

  • blocked by Feature #9554: Explain how to set an administration password instead of asking for one when none is set added

#17 Updated by sajolida 2018-01-29 10:54:18

  • Subject changed from Remove applications that require administration password from menu if no password is set to Consider removing applications that require administration password from menu if no password is set
  • Status changed from New to Confirmed
  • QA Check deleted (Dev Needed)

First I’ll wait until Alan tells us how hard it would be to fix Feature #9554 :)

#18 Updated by sajolida 2018-02-05 13:13:30

  • Deliverable for set to 299

#19 Updated by sajolida 2018-05-05 16:11:18

During the user testing of the Additional Software beta, this lead to tons of troubles for our participants:

  • 3 participants our of 5 when straight to look for Synaptic but couldn’t find it.
  • 2 of them tried to click in the “Synaptic” link in Additional Software but it didn’t work.

Whenever I run synaptic-pkexec for them, the understood that they needed to look for some kind of root password and found their way searching online or our documentation.

So I changed my mine regarding this and I think that it’s better to prompt for a password that doesn’t exist (which leads to questioning and people finding solution) than to hide an application that would be here if there was a password (that leads to thinking that this application is not available in Tails at all).

Of course, the real solution is Feature #9554.

#20 Updated by sajolida 2018-06-05 15:59:50

#21 Updated by sajolida 2018-06-05 16:27:44

  • Target version set to Tails_3.8

#22 Updated by sajolida 2018-06-05 16:31:56

  • Affected tool changed from Greeter to Additional Software Packages

#23 Updated by sajolida 2018-06-25 15:57:04

  • Target version changed from Tails_3.8 to Tails_3.9

#24 Updated by sajolida 2018-06-26 14:07:23

  • Assignee changed from sajolida to alant
  • QA Check set to Ready for QA

I’m reverting this with 0dd4db3 in greeter.git.

I tested it by patching /etc/gdm3/PostLogin/Default in a running Tails:

  • With no admin password, I could find Synaptic and Root Terminal in the Applications overview but I couldn’t start them.
  • With an admin password, I could find Synaptic and Root Terminal in the Applications overview and I could start them with the sudo password.

Please have a look!

#25 Updated by alant 2018-07-02 15:56:44

  • Status changed from Confirmed to Fix committed
  • Assignee deleted (alant)
  • % Done changed from 0 to 100
  • Type of work changed from Discuss to Code

Merged thanks.

#26 Updated by Anonymous 2018-07-05 12:20:26

  • QA Check deleted (Ready for QA)

#27 Updated by Anonymous 2018-08-07 13:45:19

  • blocks deleted (Feature #9554: Explain how to set an administration password instead of asking for one when none is set)

#28 Updated by Anonymous 2018-08-07 13:45:23

  • related to Feature #9554: Explain how to set an administration password instead of asking for one when none is set added

#29 Updated by Anonymous 2018-08-07 13:45:36

  • Status changed from Fix committed to Resolved

#30 Updated by mercedes508 2018-10-05 12:00:51

  • Status changed from Resolved to Confirmed
  • Assignee set to sajolida
  • Target version changed from Tails_3.9 to Tails_3.10.1

Hi,

we received a user saying that it’ snot fixed in Tails 3.9.1.

If no defines admin password, when clicking on Synaptics from the applications menu, you’re asked for a password.

#31 Updated by sajolida 2018-10-09 02:10:11

  • Status changed from Confirmed to Resolved

The behavior that you are describing is expected. Please read Bug #11013#note-19 again. The better solution would be Feature #9554.