There’s a slight inconsistency between two graphical permission elevation prompts – the absence versus presence of the ability to remember the authentication key / password.
I’d like to report inclusion of this ability into the one without it as a feature request at Log in to KDE Bugtracking System, but don’t know which component to use:
org.kde.kdesu
– KDE automatic device mounture after OS initialization
org.kde.polkit-kde-authentication-agent-1
– invoked upon manual initialization of YaST
I’d also like to know, if possible, where you believe that I should file an additional request for consistency between them – that is, the usage of “KDE su” over “PolicyKit1 KDE Agent” or whether this is misguided, for instance if they need to use separate components that for whatever rational reason need to duplicate this functionality.
Having the system remember your login password makes no sense and is a big security risk. KDESU shouldn’t be asking this.
1 Like
But, @ngraham, the user can just disable their password with
passwd -d $USER
(at least in Fedora) if things like that become annoying. They certainly are for me. If such features aren’t provided, surely users shall just remove their passwords? Many of my friends don’t even have passcodes for their smartphones.
It’s just as easy in Windows too
https://www.howtogeek.com/402283/how-to-remove-your-windows-password/
However, Windows doesn’t request authorization to mount their drives when the user logs in, since the login screen should handle that. On Windows, the user can even disable UAC entirely if they so desire:
So why is this such a ridiculous thing to request?
At the least, if you know, would you tell me the names of the components, so I can put this to the community more broadly to decide?
We aren’t Windows, so the comparison isn’t super relevant.
It doesn’t make sense to have the system remember your login password in general because then it can be stolen by apps that maliciously ask for the login password. Those apps then have admin access to everything. If you don’t want to have to enter passwords all the time, then making your user passwordless makes much more sense. But having a login password and asking the system to remember it does not make sense.
5 Likes
Alright, that’s quite sensical, not least because all of my examples used that method anyway. @ngraham, do you want to report the fact that “KDE su
” shouldn’t be asking that (humourously, it doesn’t work anyway) or should I? (I still don’t know the component, you see.)
Feel free to report it yourself. TBH in my opinion KDESU should simply be deleted as running whole apps as root is generally not a good idea. I think we do users a disservice by offering an app to do it, and then it puts us in a weird position to tell people not to use it! That’s awkward.
5 Likes
@ngraham, considering that the experience of using YaST like this means that it inherits root
’s Appearance KCM preferences, I agree – partitionmanager
demonstrates well how it should be done.