Vote for new Ubuntu Feature---Let's try it again

Jeffrey F. Bloss jbloss at tampabay.rr.com
Tue Jan 9 10:07:38 UTC 2007


mtyoung wrote:

> I guess I wasn't very clear in the way I worded it the first time.
> 
> I am the owner of this Ubuntu machine. It's a personal computer, and
> not a business desktop.

How would Ubuntu know that? What means is there for your operating
system to reliably determine whether it's installed on Joe Blow's game
machine, or a workstation belonging to the CFO of MegaCorp?

> So, if Ubuntu wants to make me think twice before it allows me to
> change something, then let it give me a warning message and ask for

It's not what "Ubuntu wants", it's called keeping a multiuser operating
system secure. If you want free and clear access to everything as a
user, then either run your system in a horribly insecure way by logging
in and doing everything as root all the time, or choose an operating
system that doesn't make any distinction between users and
administrators. 

> my root password; instead of making me do research, ask questions on
> a forum, and take a circuitous route in order to change what was
> already right in front of me.
> 
> Ubuntu already does this, in some places. For instance, when you use
> Applications>Add/Remove Programs, it displays the following message
> Applications>when you try to apply a change.
> 
> "Administrative rights are required to..." and then it allows you to
> enter your root password and continue.

This should give you some clues as to why you're being prompted for a
password. Obviously there's something, somewhere, that's aware you want
to do something only an administrator should be doing. ;)

> 
> Yet if I've opened  /boot/grub/menu.lst, figured out what I want to
> change, then tried to save (save as actually) the changes, it tells
> me this...
> 
> "Could not save the file /boot/grub/menu.lst.
> You do not have the permissions necessary to save the file. Please,
> check that you typed the location correctly and try again."
> 
> ...when it could just as easily given me the former response.

Actually no, it can't be done that way for at least two reasons.

First, you're confusing two different operations... seeing something,
and changing something. It's necessary for users to have access to
certain information that's put in place by an administrator. That's why
you can see and read the menu.lst file but not save it. That's why
permissions are broken down into read, write, and execute for owners,
groups, and others. The administrator sets policy and configurations,
but unless users can know about those things nothing would work.

When you open a file in a text editor you're essentially making a copy
of it in memory. That's why you can make changes on your screen. You own
that copy. When you try to save it you can't because you don't own the
original. You could save it to another location as long as you have
permission to save files to that location. Why this is the way things
are done should be apparent. If anyone could make changes to system
configuration files there wouldn't be any security at all. :(

The second thing you seem to be confused about is what "Ubuntu" actually
is. Gedit and Vim are not part of Ubuntu. They're third party
applications which Ubuntu gives you easy access to because they're very
useful third party applications. :) That being fact, there's no way for
Ubuntu to know what you're going to do with an application when you
start it. It's completely out of "Ubuntu's" hands. To get what you want
every software author would have to rewrite their application to
somehow "guess" that you were intending to make an actual change to a
file you don't have native permission to change, and magically elevate
your privilege level accordingly. That, or you'd be entering your
password every single time you started any application, opened another
file, read an email, etc.

Even if anything like this were remotely possible, there's no way in
hell it's ever going to happen.

The reason you see some applications ask for a password when you start
them is because those applications are specifically designed to make
changes or otherwise function in an administrator capacity. There's no
valid reason why normal users should be able to install or remove
software system wide, so Synaptic naturally prompts for you password to
validate you as someone who is "authorized" to make administrative
changes. 

You can do the same thing with applications that aren't specifically
designed to be run as an administrator by using sudo. That's what it's
there for, it's purpose in life. It does the exact same thing Synaptic
does when it prompts you for a password. Verifies that you are who you
say you are, and checks to see if you're allowed to do what you want to
do, And there's even spiffy "GUI" versions of sudo for people who don't
care to muddle around at the command prompt, so when you're planning to
make changes to a file you don't have native permissions to change why
not just go ahead and use them. :)

> 
> Ubuntu seems to be inconsistent in the way that it allows/forces you
> to accomplish system tasks. Hopefully, if enough of you agree, we can
> get the former method extended to as many functions as possible.

> 
> Thanks for your time,
> 
> MTYoung
> 
> PS: read the post...
> "Change Permissions on a new hard drive to allow write...Problem
> Solved" ...if you want an easy way to get around these type of
> problems.

Nope. If you across the board change permissions so that everyone has
read/write access to everything your system will fail to work. It's OK
for storage space and "extra hard drives", but *any* Linux system as
well as any version of Windows past 9x will, or should fail to run if
it sees this disastrous breach of security.

-- 
     _?_      Outside of a dog, a book is a man's best friend.
    (o o)         Inside of a dog, it's too dark to read.
-oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
    grok!              Registered Linux user #402208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070109/af1d0b06/attachment.pgp>


More information about the ubuntu-users mailing list