Project

General

Profile

Bug #11013

Feature #14568: Additional Software Packages

Bug #15567: Fix bugs and UX issues in the Additional Software beta

Consider removing applications that require administration password from menu if no password is set

Added by muri over 2 years ago. Updated 11 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
01/27/2016
Due date:
% Done:

100%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Additional Software Packages

Description

if no root password is set and a user clicks on the root terminal, it looks as if it would start and fails to do so. i thing we should remove the item from the menu, if no password is set.
(you can assign to me, if you trust me doing this. i think i could have a look)


Related issues

Related to Tails - Feature #9554: Explain how to set an administration password instead of asking for one when none is set Confirmed 06/10/2015

History

#1 Updated by muri over 2 years ago

  • QA Check set to Ready for QA
  • Affected tool set to Greeter

oke, i think that can be done in greeter.
i've pushed a commit on https://gitlab.com/muri/greeter, branch fix-11013, 7426218 "added a line that disables gksu and synaptic from applications menu if no password is set"
(i didn't have time to test this, bc i would have to build an iso and i don't know how just yet)

#2 Updated by sajolida over 2 years ago

  • Related to Feature #9554: Explain how to set an administration password instead of asking for one when none is set added

#3 Updated by sajolida over 2 years ago

  • Subject changed from remove root terminal from menu if no root password is set to Remove applications that require administration password from menu if no password is set
  • Status changed from New to Confirmed
  • Assignee set to muri
  • QA Check changed from Ready for QA to Info Needed

Super cool! I'm marking this as related to #9554.

I think that the long-term solution should be the one described in #9554, but I would be in favor of temporarily removing these items from the menu for the time being if you come up with a patch for this (as it seems easier to implement than #9554 and we have a volunteer).

Then people might wonder "why isn't there Synaptic or Root Terminal in Tails?" and maybe find in the documentation that they need a password for this to appear. But I think this is still better than asking a question that has no possible answer.

Note that as a consequence, we might have to adjust something in the documentation. I'll do this once we have a working patch.

Regarding building and ISO and testing, I could push your branch on the main repo and then it will be built automatically. Then you can download the ISO and see the result.

But right now I can't find your branch, can you make sure it's pushed?

#4 Updated by muri over 2 years ago

sajolida wrote:

Super cool! I'm marking this as related to #9554.

ah, oke- yeah, i'll look into that

Regarding building and ISO and testing, I could push your branch on the main repo and then it will be built automatically. Then you can download the ISO and see the result.

i will look into building the iso, cannot be that hard ;)

But right now I can't find your branch, can you make sure it's pushed?

yes, it's there: https://gitlab.com/muri/greeter/tree/fix-11013
it's only one additional line, i've now also attached a patch

#5 Updated by sajolida over 2 years ago

Damn, I'm realizing now that this is a branch on the Greeter and not on the main repo. So actually, building an ISO wouldn't help (unless you build a tails-greeter package first).

So feel free to reassign this to anonym (RM for 2.2) whenever you think this is ready as I won't be able to test these changes myself (I don't know how to build a Debian package).

#6 Updated by muri over 2 years ago

  • Assignee changed from muri to anonym

oke, so i've built an iso with the patched file and it works as expected. i'm not sure if its the right way to do that in the greeter, but it works for now (one could also use a user-startup script and hide the desktop files if there are no sudo permissions).

i've added laptop-mode-tools to the list of hidden applicatins:
https://gitlab.com/muri/greeter.git fix-11013
d9a2f8f85c47dfb0d71c5a5cb648525b05f905a6 added laptop-mode-tools to hidden apps when not root

#7 Updated by muri over 2 years ago

  • QA Check changed from Info Needed to Ready for QA

#8 Updated by anonym over 2 years ago

  • Assignee changed from anonym to muri
  • % Done changed from 0 to 60
  • QA Check changed from Ready for QA to Info Needed

It looks good! I think I'd prefer to simply rm the files, though. Any reason not to? FTR I certainly could merge this in its current shape, but IMHO it's a good thing if we can stick to really basic things, to make the code boring, uncreative, unsurprising and less dependent on knowing obscure .desktop properties (=> good for maintainability). :)

i'm not sure if its the right way to do that in the greeter

Well, it clearly feels wrong, doesn't it? :) The problem is that we haven't implemented a proper way to do post-greeter hooks. Probably the PostLogin file should be mostly reduced to something that just run-parts all scripts in /etc/tails-greeter.d. But we're not there yet, so you did the right thing.

#9 Updated by intrigeri over 2 years ago

  • Target version set to Tails_2.2

#10 Updated by muri over 2 years ago

  • Assignee changed from muri to anonym

On 02/04/2016 08:18 PM, wrote:

It looks good! I think I'd prefer to simply rm the files, though. Any reason not to? FTR I certainly could merge this in its current shape, but IMHO it's a good thing if we can stick to really basic things, to make the code boring, uncreative, unsurprising and less dependent on knowing obscure .desktop properties (=> good for maintainability). :)

yes, you're totally right- i've pushed
c2252f7e93c140b182983bcd6816440250ad9bcd replacing the Hidden=true
with rm

i'm not sure if its the right way to do that in the greeter

Well, it clearly feels wrong, doesn't it? :) The problem is that we haven't implemented a proper way to do post-greeter hooks. Probably the PostLogin file should be mostly reduced to something that just run-parts all scripts in /etc/tails-greeter.d. But we're not there yet, so you did the right thing.

well, there would also be the way of doing it as a user startup script:
copy the relevant .desktop files to .local/share/applications and
add the Hidden=true. that would then be a fix independent of the greeter

#11 Updated by anonym over 2 years ago

  • QA Check changed from Info Needed to Ready for QA

#12 Updated by anonym over 2 years ago

  • Status changed from Confirmed to Fix committed
  • Assignee deleted (anonym)
  • % Done changed from 60 to 100
  • QA Check changed from Ready for QA to Pass

Merged! Thanks for your contribution!

[I won't bother preparing and uploading a new Tails Greeter package for this but it will of course end up in Tails 2.2.]

#13 Updated by anonym over 2 years ago

  • Status changed from Fix committed to Resolved

#14 Updated by sajolida 9 months ago

  • Status changed from Resolved to New
  • Assignee set to sajolida
  • Target version deleted (Tails_2.2)
  • % Done changed from 100 to 0
  • Parent task set to #14568
  • QA Check changed from Pass to Dev Needed
  • Type of work changed from Code to Discuss

This lead to problems while testing Additional Software, so I'll give it a bit more thoughts.

#15 Updated by sajolida 9 months ago

  • Related to deleted (Feature #9554: Explain how to set an administration password instead of asking for one when none is set)

#16 Updated by sajolida 9 months ago

  • Blocked by Feature #9554: Explain how to set an administration password instead of asking for one when none is set added

#17 Updated by sajolida 9 months ago

  • Subject changed from Remove applications that require administration password from menu if no password is set to Consider removing applications that require administration password from menu if no password is set
  • Status changed from New to Confirmed
  • QA Check deleted (Dev Needed)

First I'll wait until Alan tells us how hard it would be to fix #9554 :)

#19 Updated by sajolida 6 months ago

During the user testing of the Additional Software beta, this lead to tons of troubles for our participants:

  • 3 participants our of 5 when straight to look for Synaptic but couldn't find it.
  • 2 of them tried to click in the "Synaptic" link in Additional Software but it didn't work.

Whenever I run synaptic-pkexec for them, the understood that they needed to look for some kind of root password and found their way searching online or our documentation.

So I changed my mine regarding this and I think that it's better to prompt for a password that doesn't exist (which leads to questioning and people finding solution) than to hide an application that would be here if there was a password (that leads to thinking that this application is not available in Tails at all).

Of course, the real solution is #9554.

#20 Updated by sajolida 5 months ago

  • Parent task changed from #14568 to #15567

#21 Updated by sajolida 5 months ago

  • Target version set to Tails_3.8

#22 Updated by sajolida 5 months ago

  • Affected tool changed from Greeter to Additional Software Packages

#23 Updated by sajolida 4 months ago

  • Target version changed from Tails_3.8 to Tails_3.9

#24 Updated by sajolida 4 months ago

  • Assignee changed from sajolida to alant
  • QA Check set to Ready for QA

I'm reverting this with 0dd4db3 in greeter.git.

I tested it by patching /etc/gdm3/PostLogin/Default in a running Tails:

  • With no admin password, I could find Synaptic and Root Terminal in the Applications overview but I couldn't start them.
  • With an admin password, I could find Synaptic and Root Terminal in the Applications overview and I could start them with the sudo password.

Please have a look!

#25 Updated by alant 4 months ago

  • Status changed from Confirmed to Fix committed
  • Assignee deleted (alant)
  • % Done changed from 0 to 100
  • Type of work changed from Discuss to Code

Merged thanks.

#26 Updated by u 4 months ago

  • QA Check deleted (Ready for QA)

#27 Updated by u 2 months ago

  • Blocked by deleted (Feature #9554: Explain how to set an administration password instead of asking for one when none is set)

#28 Updated by u 2 months ago

  • Related to Feature #9554: Explain how to set an administration password instead of asking for one when none is set added

#29 Updated by u 2 months ago

  • Status changed from Fix committed to Resolved

#30 Updated by mercedes508 15 days ago

  • Status changed from Resolved to Confirmed
  • Assignee set to sajolida
  • Target version changed from Tails_3.9 to Tails_3.10

Hi,

we received a user saying that it' snot fixed in Tails 3.9.1.

If no defines admin password, when clicking on Synaptics from the applications menu, you're asked for a password.

#31 Updated by sajolida 11 days ago

  • Status changed from Confirmed to Resolved

The behavior that you are describing is expected. Please read #11013#note-19 again. The better solution would be #9554.

Also available in: Atom PDF