cross-posted from: https://discuss.online/post/34255100
Thought I’d create a distinct thread from the previous one asking about daily use, because I really do want to hear more on people’s pain points. Great to know people are generally sounding pretty positive in those posts who recently switched, but want to know your difficulties as well! This way old and new users can share their thoughts, hopefully to inspire a respectful discussion.
Debian in its GUI (at least KDE, which I’m using at the moment) demanding the root password to install the updates it’s blinking at me about in the tray all the time. In this context, demanding a password at all is rather silly (Windows doesn’t require your password to install updates in a single user environment, and it doesn’t even pop up a UAC prompt) and this is going to be yet another one of those things that prior Windows users will moan about, declaring that “Linux is complicated and hard” and drive them back to the comfort of the devil they know when they feel like their own computer is actively trying to stymie them at seemingly every turn.
My user account is a sudoer so there is absolutely no technical reason my own password shouldn’t work. And, in fact, if I run updates via apt in a terminal it does. But allowing updates to install from the desktop environment, something ostensibly ought to be a routine userspace kind of operation, requires everyone using the system who might want to do this to know the system-wide root password. This is a monumentally stupid idea.
I am well aware there are myriad ways around this but they all involve hand-editing config files and come with stern warnings about “this may break your system so proceed ‘carefully,’” as if anyone who is not already an experienced Linux nerd will know just what the hell “proceeding carefully” is supposed to look like.
The inevitable XKCD comic succinctly sums this up:
The UNIX permissions and administration model may have made great sense on glass teletypes in the '70s and when nobody knew any better, but it’s certainly long outmoded now. It’s going to make a lot of people very angry to read this, but that’s actually one of the few things that Windows does much better, at least starting from NT onwards.
While I have switched from Windows to Mint with most of my PCs, permissions are the single most annoying thing I still deal with on Linux. And have been over the last decade of trying out distros over the years. I truly detest the way permissions work and were the main reason it took me so long to switch. The current political world and tech company garbage is what did it.
I’m not sure what app that is.
Software upgrades package on Fedora without requiring a password, so that future is a reality for some.
Reading up on PolKit and ACLs would probably be good.
Doesn’t Ubuntu disable the root user out of the box and expect these actions to be performed via sudo/polkit. There is clearly a precedent for not needing a root password and being able to use your own user’s password for these kinds of things. So it is a monumentally stupid idea to require the system-wide root password, but not one that is done by all of linux, and seems to be a decision made by your distro to not use the modern solution.
The fact is though, you’re right and the pain point is that distros are still doing things the silly way.
If I can
sudo apt installwithout requiring a password, I could generate a package that installs a custom sudoers config file that allows me to do anything, so “passwordless sudo, but just for apt” is potentially easily exploitable to gain full access. But that also still assumes A) you care and B) someone has access to your account anyway (at which point you may already have bigger problems)Hear me out: It still makes sense for servers, shared hosting, etc. So … where Linux has predominantly been the tool of choice.
It probably does. And in e.g. such a headless system, it makes sense as the default. Or more likely, whoever set that system up set it up in the way they want it to behave, hand-editing config files be damned because that certainly wouldn’t have been the only config file they had to edit.
From a home desktop computer perspective, however, it’s baffling. At minimum that should be one of the questions in the graphical installer: “Would you like Debian to make your routine installation of software updates annoying? Yes/no. You cannot change your choice on this later without doing a bunch of scary commandline shit.”
Oh I realize I didn’t mention this in my original comment at all. I agree with you 103%. I want to write a separate comment about this very thing, updating things in general on Linux. I have my dad daily driving Linux along with me, and he’s somewhere between a power user and a regular “need web, document editing and PDFs” type of guy, and there is such a wide spread of software from such a wide spread of “sanctioned” installation sources on Linux, that he never really knows how to update … Anything.
Here’s a random list of “ways to update a program” we have encountered in the last few weeks off the top of my head:
If anyone thinks of other ways to add to this list, feel free to post them, would give me a laugh for sure.
We are both definitely not going anywhere, but we have constant conversations about how it would be nearly impossible to daily drive Linux if you are not very technically inclined, and how these things make Linux very much “not ready for prime time”, because people are simply used to “X needs update! Do you want to update now? [Yes] [No] [Later]”, and the Update just … WORKING.
Couldn’t you just replace the old appimage but have the same file name?
Also: If I (or my aforementioned dad) install an AppImage, that is named “Nextcloud-DesktopClient-4.0.4.AppImage” that sets up its own startup shortcut and so on, and then I download an update (because the program literally asked me to download the new AppImage), and the new file is named “Nextcloud-DesktopClient-4.0.5.AppImage”, am I supposed to rename it to 4.0.4 manually? Rubs me the wrong way somehow. Or am I supposed to know to rename it to a version-agnostic filename before first opening it, so I don’t break things when it updates weeks down the line? My dad wouldn’t think of either of these options by the way.
You totally could, but like in my example in the parentheses, if stuff breaks, you have just killed your working version of a program, so I don’t have the balls to do that.
I run KDE Plasma on Debian. Discover (KDE’s GUI for package updates) has never demanded the root password.
I wonder why yours would do that. Maybe the difference is because my root account has password access disabled? If you’re already a sudoer, you might try that.