[Bug 59946] Re: Admin tools require admin group membership
NB: The resolution of this bug caused bug #124993 as the gconf settings are now read as root instead of as $user. The long term fix is probably to move to PolicyKit. Alternatively, if it's not ready yet, it might be possible to switch group instead of switching user, for example sg stb or gksg stb, but this isn't supported by gksu yet. -- Admin tools require admin group membership https://bugs.launchpad.net/bugs/59946 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 59946] Re: Admin tools require admin group membership
Hi Floris, Floris Kruisselbrink (vloris) [2007-03-08 22:46 -]: The gnome-system-tools have stopped working for me completely now in Feisty Fawn. I'm not sure since when, when it doesn't work, my first reaction is I can do this faster on commandline, so lets do so. Can you please open a new bug about your problem? This bug is closed and forgotten for a long time. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
The gnome-system-tools have stopped working for me completely now in Feisty Fawn. I'm not sure since when, when it doesn't work, my first reaction is I can do this faster on commandline, so lets do so. Right now, all tools show start up nice, ask for a password, but then show an empty list (empty userlist, empty sharelist, empty services list, etc.) When started from a terminal, it gives me this warning: [EMAIL PROTECTED]:~$ gksu services-admin (services-admin:17446): Liboobs-WARNING **: There was an unknown error communicating with the backends: Message did not receive a reply (timeout by message bus) It starts up, but shows an empty services list -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
** Tags removed: verification-needed -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Accepted into edgy-updates. Thanks for preparing! ** Changed in: xubuntu-system-tools (Ubuntu) Status: Confirmed = Fix Committed -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Erm, of course I meant 'accepted into edgy-proposed'. Sorry for the typo. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
xubuntu-system-tools has been regression tested and it looks good. x-s-t is approved for upload to edgy-updates. Thanks! ** Tags added: verification-done -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
All packages uploaded to edgy-updates and accepted. ** Changed in: gnome-system-tools (Ubuntu Edgy) Status: Fix Committed = Fix Released -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
... including x-s-t. ** Changed in: xubuntu-system-tools (Ubuntu) Status: Fix Committed = Fix Released -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
gnome-system-tools, system-tools-backends, gnome-panel, gnome-applets, and gnome-netstatus are approved for upload into edgy-updates. They have been regression tested to continue setting preferences while requiring password authentication. gnome-nettool has not been tested, so it will break in Edgy. But Séb is working on a separate SRU for that. xubuntu-system-tools has also not been tested. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
x-s-t has not yet been approved for proposed so it cannot be easily tested. If the new system-tools-backends goes in edgy-updates it can break un-updated x-s-t, as is the case now for those xubuntu users who have ubuntu-proposed in their sources list. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
http://librarian.launchpad.net/5767658/d.diff approved for edgy- proposed, but please mention this bug number in the changelog too. Also, isn't there a debian/patches/00list file that needs to be edited to include the crash fix from Sebastien, as there was for gnome-system- tools? After talking with Simon, this set of updates shouldn't go into edgy- updates until xubuntu-system-tools is ready, but I'm willing to waive the aging requirement as long as the Xubuntu guys have tested this thoroughly. Simon says that he'll go and talk to you about the required level of testing. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
I'm testing the patches, and will upload if it's OK. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Colin, thanks for approving. There's no 00list file as x-s-t uses CDBS so the patch being there does it. Gauvain, feel free to upload if the diff works for you, then please ping the xubuntu-devel list thread of two weeks ago so people complaining about the breakage update and test again. Thanks. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
The patch works fine for me. I've added a reference to the bug number, added the missing line in the changelog, and uploaded to edgy-proposed. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
This adds the same patch to x-s-t as g-s-t has, dropping the nautilus bits as they are not built for x-s-t. Also added the two small patches from bug 69566 that fix crashers and are already in edgy-updates for g-s-t. ** Attachment added: x-s-t patch http://librarian.launchpad.net/5767658/d.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
** Also affects: xubuntu-system-tools (Ubuntu) Importance: Undecided Status: Unconfirmed ** Changed in: xubuntu-system-tools (Ubuntu) Status: Unconfirmed = Confirmed Target: None = edgy-updates ** Changed in: xubuntu-system-tools (Ubuntu) Importance: Undecided = High -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
I've approved the second update to gnome-system-tools, uploaded by Martin (http://librarian.launchpad.net/5593422/g-s-t.edgy-2.debdiff has the diff). -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
this affects xubuntu-system-tools as well (it's still a separate source package even if the same upstream tarball - Gauvain has a solution for this), a corresponding debdiff and SRU will follow shortly as a separate LP bug if required. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 59946] Re: Admin tools require admin group membership
On Tue, Jan 09, 2007 at 11:49:07AM -, Jani Monoses wrote: this affects xubuntu-system-tools as well (it's still a separate source package even if the same upstream tarball - Gauvain has a solution for this), a corresponding debdiff and SRU will follow shortly as a separate LP bug if required. Please use the same bug if an update is required; open a separate task on this one. -- - mdz -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Martin: http://librarian.launchpad.net/5593422/g-s-t.edgy-2.debdiff is OK for edgy-proposed. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Sebastien: Yes, I would be inclined to fix gnome-nettool in edgy. http://librarian.launchpad.net/5484068/05_gksu_for_network_admin.patch is OK with some appropriate changelog entry. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Colin: Thanks for review, I uploaded the new gnome-system-tools 2.15.5-0ubuntu5~prop2. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
I fixed bug 76055 in Feisty and prepared and tested the bug fix for Edgy, attaching debdiff. Apart from calling shares-admin with gksu in the nautilus plugin, this also requires to fix shares-admin itself for root operation. Its initialization function indirectly connects to the session dbus (thus it didn't appear in the initial grep) and thus needs the same 'temporarily drop to SUDO_UID' patch as time-admin got. OK to upload to -proposed? ** Attachment added: g-s-t debdiff for edgy-proposed followup http://librarian.launchpad.net/5593422/g-s-t.edgy-2.debdiff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
bug #76055 has been opened about the edgy-proposed update, the shares- admin feature for nautilus requite a patch to use gksu -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
fixed to feisty, I've patch gnome-nettool too, there was a similar bug open on it ** Changed in: gnome-system-tools (Ubuntu) Status: Fix Committed = Fix Released -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
gnome-nettool was already lacking a change for that on dapper, that's not a regression and we had only one bug about about it, not sure if we want to backport the fixed to edgy ** Attachment added: patch for gnome-nettool http://librarian.launchpad.net/5484068/05_gksu_for_network_admin.patch -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
g-s-t and s-t-b are fixed in Feisty. Talked with Seb, he wants to apply the remaining minor bits (panel, applets, netstatus) with the next round of regular updates. ** Changed in: gnome-system-tools (Ubuntu) Assignee: Martin Pitt = Sebastien Bacher -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
All fixes accepted into edgy-proposed. Please proceed to testing now. ** Changed in: gnome-system-tools (Ubuntu Edgy) Status: In Progress = Fix Committed ** Description changed: Binary package hint: gnome-system-tools - On my edgy system, the tools bundled within gnome-system-tools can be launched without entering a password. Even by a user that shoult not be allowed to run it. Once launched, it still performs well, modifying the system without ANY check. + On my edgy system, the tools bundled within gnome-system-tools can be launched without entering a password. Even by a user that should not be allowed to run it. Once launched, it still performs well, modifying the system without ANY check. I am not sure that nothing is wrong with my system has it has been updated from dapper (from breezy). My /etc/sudoers looks like a default one : Defaults!lecture,tty_tickets,!fqdn rootALL=(ALL) ALL %admin ALL=(ALL) ALL The binaries are not setuid, the UI run normally as a simple user. pitti: This should be fixed in Edgy, too, since it allows malicious programs (even things like a firefox plugin) to modify system settings. edgy-proposed debdiffs attached, explanations of patches are in comment 41 and 42. ** Tags added: verification-needed -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Updated s-t-b patch with an added conflicts to earlier system-tools that didn't gksu. ** Attachment added: s-t-b debdiff for edgy-proposed http://librarian.launchpad.net/5404526/system-tools-backends.edgy.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Fixed memory leak, thank to Colin for spotting. ** Attachment added: gnome-applets debdiff for edgy-proposed http://librarian.launchpad.net/5395461/gnome-applets.edgy.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
All current patches from Martin approved for edgy-proposed. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Setting to 'in progress' to comply with SRU updating practice and catching Colin's awareness. ** Changed in: gnome-system-tools (Ubuntu Edgy) Status: Fix Committed = In Progress -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
I have the fix ready for feisty, upload pending unfreezing the archive. ** Changed in: gnome-system-tools (Ubuntu) Assignee: Ubuntu Desktop Bugs = Martin Pitt Status: Confirmed = Fix Committed -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
** Changed in: gnome-system-tools (Ubuntu Edgy) Importance: Undecided = High Assignee: (unassigned) = Martin Pitt Status: Unconfirmed = In Progress -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Patch for gnome-system-tools. It changes all *.desktop files to execute the frontend through gksu, and adds the 'X-KDE-SubstituteUID=true' flag, so that only administrators will see the programs in the menu (this is what it looked like in dapper). The patch to time-tool is necessary because it connects to the user's session dbus (no other g-s-t programs do), in order to poke the screensaver to not start when changing the time. Since root does not have a session bus when running though gksu, time-admin just hangs in current edgy when run as root. The patch checks if time-admin runs as root through sudo and temporarily drops the real uid to the user so that dbus_bus_get (DBUS_BUS_SESSION, NULL) connects to the user's session bus. ** Attachment added: g-s-t debdiff for edgy-proposed http://librarian.launchpad.net/5247795/gnome-system-tools.edgy.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Patch for gnome-system-tools. It changes all *.desktop files to execute the frontend through gksu, and adds the 'X-KDE-SubstituteUID=true' flag, so that only administrators will see the programs in the menu (this is what it looked like in dapper). The patch to time-tool is necessary because it connects to the user's session dbus (no other g-s-t programs do), in order to poke the screensaver to not start when changing the time. Since root does not have a session bus when running though gksu, time-admin just hangs in current edgy when run as root. The patch checks if time-admin runs as root through sudo and temporarily drops the real uid to the user so that dbus_bus_get (DBUS_BUS_SESSION, NULL) connects to the user's session bus. ** Attachment added: g-s-t debdiff for edgy-proposed http://librarian.launchpad.net/5247800/gnome-system-tools.edgy.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
(Sorry for the previous double comment, LP timed out) Patch for system-tools-backends. This changes the s-t-b admin group from 'admin' to 'root', so that /etc/dbus-1/system.d/system-tools-backends.conf does not allow access to members of the admin group any more, i. e. it changes policy group=admin to policy group=root ** Attachment added: s-t-b debdiff for edgy-proposed http://librarian.launchpad.net/5247805/system-tools-backends.edgy.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
** Description changed: Binary package hint: gnome-system-tools On my edgy system, the tools bundled within gnome-system-tools can be launched without entering a password. Even by a user that shoult not be allowed to run it. Once launched, it still performs well, modifying the system without ANY check. I am not sure that nothing is wrong with my system has it has been updated from dapper (from breezy). My /etc/sudoers looks like a default one : Defaults!lecture,tty_tickets,!fqdn rootALL=(ALL) ALL %admin ALL=(ALL) ALL The binaries are not setuid, the UI run normally as a simple user. + + pitti: This should be fixed in Edgy, too, since it allows malicious + programs (even things like a firefox plugin) to modify system settings. + edgy-proposed debdiffs attached, explanations of patches are in comment + 41 and 42. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
So it turned out that some more fixes are required in applets that call one of the g-s-t tools. They have to be changed to run that tool through gksudo. First, clock-applet (from gnome-panel). The command string is fed through g_shell_parse_argv(), thus the simple string change works. This has been tested on edgy and feisty. ** Attachment added: gnome-panel debdiff for edgy-proposed http://librarian.launchpad.net/5248945/gnome-panel.edgy.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Next, modemlights in gnome-applets. Same approach, just here we need to prepend 'gksu --' since network-admin is called with options, and gksu must not process them. ** Attachment added: gnome-applets debdiff for edgy-proposed http://librarian.launchpad.net/5249210/gnome-applets.edgy.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
And, last but not least, gnome-netstatus. Same old story, prepending 'gksu --' to the network-admin command callout. ** Attachment added: gnome-netstatus debdiff for edgy-proposed http://librarian.launchpad.net/5250750/gnome-netstatus.edgy.diff -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
I've discussed that with Martin on IRC during the week, that seems the best way to me too and the patches look good -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Many people running ubuntu work with only one user (which is in the administrator's group) - and this is also the default. Considering this, it is really a great security risk that the admin tools do not check the password because if the admin user gets compromised, one can easily add a new user, log in as this one and do everything. This should be fixed as soon as possible. I know that edgy is not considered as stable as dapper, but it is considered stable. Many people are not aware that edgy does not have the same stability and that the edgy release does probably have more security holes than dapper. Maybe it might be the time for a discussion if a third branch between the unstable and the stable one, probably something like testing in Debian, might be useful to prevent the users who want a really stable and secure system from using the releases like edgy because at this point edgy can really not be considerated stabe and secure. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 59946] Re: Admin tools require admin group membership
Le mercredi 29 novembre 2006 à 20:19 +, Kurt a écrit : Considering this, it is really a great security risk that the admin tools do not check the password because if the admin user gets compromised, one can easily add a new user, log in as this one and do everything. The admin user already has to be compromised. And if that happen gnome-system-tools will probably not be the only problem you will have then This should be fixed as soon as possible. I know that edgy is not considered as stable as dapper, but it is considered stable. Many people are not aware that edgy does not have the same stability and that the edgy release does probably have more security holes than dapper. edgy is not a LTS but it's rather stable too Maybe it might be the time for a discussion if a third branch between the unstable and the stable one, probably something like testing in Debian, might be useful to prevent the users who want a really stable and secure system from using the releases like edgy because at this point edgy can really not be considerated stabe and secure. Are you making that from that only bug? Adding complexity to the system will not prevent bugs to happen. All the versions of Ubuntu are meant to be stable and secure and I don't think that calling edgy unsecure is a fair statement. Using those tools require to be logged with an user from the admin group. Right asking for the password again is better, if somebody can connect with your admin user you already a problem though -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 59946] Re: Admin tools require admin group membership
On Wed, Nov 29, 2006 at 10:14:46PM -, Sebastien Bacher wrote: Are you making that from that only bug? Adding complexity to the system will not prevent bugs to happen. All the versions of Ubuntu are meant to be stable and secure and I don't think that calling edgy unsecure is a fair statement. Using those tools require to be logged with an user from the admin group. Right asking for the password again is better, if somebody can connect with your admin user you already a problem though Verifying the user's identity with password authentication is an important safeguard; we explicitly do not use NOPASSWD in sudoers for this reason, and the lack of a check in Edgy is a regression. The security team are discussing potential ways to address this. -- - mdz -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Sebastien Bacher wrote: Are you making that from that only bug? Adding complexity to the system will not prevent bugs to happen. All the versions of Ubuntu are meant to be stable and secure and I don't think that calling edgy unsecure is a fair statement. Using those tools require to be logged with an user from the admin group. Right asking for the password again is better, if somebody can connect with your admin user you already a problem though The philosophy of ubuntu (as I have understood it) is that you can use, when you're a single user, the first user (which is an administrator) for your daily work because at every change of the system you must enter your password. Shurely it is much saver to use, in any case, a unprivileged user for your daily work, but very few desktop user do it because it is not very comfortable (e. g. you must change user if you want to make installations; the notification of updates only shows up if you're loged in as an administrator). The problem of that bug are, in my opinion, other bugs which led to the execution of code with the rights of the user. Finally I do not considerate edgy completely unsecure or unstable; I just considerate it not as stable as dapper. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
For me the error occured when I wanted to disable some services via services-admin. Accidentally I unchecked dbus. And since there was the problem. Fix: Run Synaptic (should still work) Re-Install following packages: -gnome-system-tools -system-tools-backend -dbus -libdbus-1-3 (or simply all packages in which names occur dbus, don't know exactly, so I did) Now try to run services-admin again and check that dbus there is enabled. Maybe Re-Login or Reboot is needed. Hope this was helpful Regards, Chris -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Sorry forgot something: Now after Rebooting I experienced, that e.g. services-admin starts without asking permissions. Then you need to run alacarte menu editor and check the section System Administration and put gksu before these commands: gksu gdmsetup gksu users-admin gksu time-admin gksu services-admin gksu network-admin -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Instructions by Justin Dugger solved my problem. I guess some kind of check script should be pushed as an update of some sort, to make sure this is solved on all systems. Not that this matters in my case, I need to completely re-install Ubuntu because of all the upgrade issues :( -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
After upgrade I was bitten by https://launchpad.net/bugs/69145 as I initially installed Breezy, in March. I have now fixed the problem by adding admin by hand, but what does admin signify that adm does not? My /etc/sudoers has adm and I was (and am) a member of adm, but that was apparantly not enough for the new architecture. -Affi -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
** Summary changed: - run action as root without prompting for a password + Admin tools require admin group membership -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Darn. I thought I had rebooted the box. It's working now. So apparently this is caused by an earlier version of Ubuntu (say Dapper?) and when upgrading to Edgy the admin group isn't created? -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 59946] Re: Admin tools require admin group membership
Le mardi 31 octobre 2006 à 16:23 +, Aaron C. de Bruyn a écrit : Darn. I thought I had rebooted the box. It's working now. So apparently this is caused by an earlier version of Ubuntu (say Dapper?) and when upgrading to Edgy the admin group isn't created? that's happening for people who installed warty and are dist-upgrading since that -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Breezy - Dapper - Edgy Rebooted several times. Still not solved. Maybe this helps. The username I'm using is 'tom' which was created during the breezy installation. This user is in the following groups: $ cat /etc/group |grep tom adm:x:4:tom dialout:x:20:tom,cupsys cdrom:x:24:tom,hal,haldaemon floppy:x:25:tom,hal,haldaemon audio:x:29:tom dip:x:30:tom video:x:44:tom plugdev:x:46:tom,hal,haldaemon tom:x:1000: lpadmin:x:104:tom scanner:x:105:tom,cupsys,hplip -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59946] Re: Admin tools require admin group membership
Tom, Clearly the upgrade didn't add user tom to the admin group, or possibly even create one. Workaround: 1. run gksudo users-admin 2. Click manage groups 3. Click add Group 4. Put admin as the name of the group, and put whatever users you want to allow to change system wide settings such as networking. 5. Close the users-admin program and reboot. But thank you for clarifying that this persists from at original installs of breezy, possibly dapper installs. -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs