Torvalds:requiring root password for mundane things is moronic

Neal Becker ndbecker2 at
Sat Mar 3 20:00:19 UTC 2012

Adam Williamson wrote:

> On Fri, 2012-03-02 at 10:18 -0500, Matthias Clasen wrote:
>> On Thu, 2012-03-01 at 21:53 -0800, Adam Williamson wrote:
>> > 
>> > In case anyone's wondering what that actually does, here's what I can
>> > figure out.
>> > 
>> > What it does directly is to add the user to the 'wheel' group. I'm not
>> > sure what all the consequences of that are, but there's two I've been
>> > able to find. The first is that the default /etc/sudoers allows people
>> > in the wheel group to run any command as root, which is great and all,
>> > but we don't use sudo for anything at the desktop level, so it really
>> > only affects people who run sudo from the console.
>> > 
>> > The other thing it does, if I'm reading stuff right, is that users in
>> > the wheel group are considered 'admins' by PolicyKit. That's good. Now
>> > as to what that means, I'm not 100% sure, but I *think* what it means is
>> > that for any action which would require a non-admin user to authenticate
>> > as root, an admin user can authenticate as themselves. i.e. instead of a
>> > root password dialog, you'd get a your-own-password dialog. I might be
>> > off base there, though, and if I am I'm sure someone smarter will
>> > correct me. :)
>> No, you pretty much nailed it.
> I guess the next step, then, besides fixing these bugs with admin group
> handling that people have started reporting in this thread, would be to
> consider if re-authentication actually makes any sense to many of these
> actions. Couldn't we just let users in the admin group go ahead and do
> things like printer configuration without having to re-enter their own
> password? Do we have a solid basic theory about when re-authentication
> should be asked for, or is it more the case right now that no-one's
> really thought too hard about this stuff lately and it's one of those
> things that's considered to 'work well enough' and people are spending
> time on 'more important' things?

Here's one part of the principle:

I. The ONLY reason for re-auth is to prevent trojans/web attacks.

This implies

-> Don't ask for re-auth for an action that isn't really potentially harmful 
(e.g., adding a printer)

More information about the devel mailing list