[Bug 1225932] New: Authentication failure for non-privileged user in "Software updates"
https://bugzilla.suse.com/show_bug.cgi?id=1225932 Bug ID: 1225932 Summary: Authentication failure for non-privileged user in "Software updates" Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Cockpit Assignee: Cockpit-bugs@suse.de Reporter: robert.simai@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 875298 --> https://bugzilla.suse.com/attachment.cgi?id=875298&action=edit Cockpit message Logged into Cockpit (309) on Tumbleweed as non-privileged user "robert", clicked the "Software updates" and got the attached message on screen and the following in the journal: sudo[5258]: robert : 3 incorrect password attempts ; PWD=/ ; USER=root ; COMMAND=/usr/bin/cockpit-bridge --privileged Something similar happens when I click the "Check for updates" from the Software updates module, the journal message then is sudo[5856]: pam_unix(sudo:auth): authentication failure; logname=robert uid=1000 euid=0 tty= ruser=robert rhost= user=root sudo[5856]: robert : 3 incorrect password attempts ; PWD=/ ; USER=root ; COMMAND=/usr/bin/cockpit-bridge --privileged I'm not sure why refreshing the updates requires sudo as a regular user could successfully run "zypper lu" as well. But if it does, we could at least come up with a clearer message "switch to administrative access first" or such. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225932 https://bugzilla.suse.com/show_bug.cgi?id=1225932#c1 Thorsten Kukuk <kukuk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kukuk@suse.com --- Comment #1 from Thorsten Kukuk <kukuk@suse.com> --- (In reply to Robert Simai from comment #0)
I'm not sure why refreshing the updates requires sudo as a regular user could successfully run "zypper lu" as well. But if it does, we could at least come up with a clearer message "switch to administrative access first" or such.
"zypper lu" uses the cache, so will show the results from the time when the last refresh did run. "zypper ref" needs write access to the cache, which only root has. Else it cannot store the refreshed data, and maybe even not read necessary passwords to access repositories. So if "zypper lu" should give you current results and not from the cache, it needs to run as root, too. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225932 https://bugzilla.suse.com/show_bug.cgi?id=1225932#c2 --- Comment #2 from Robert Simai <robert.simai@suse.com> --- I see, thanks for clarification. Then we should probably have a more understandable message for the user. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225932 https://bugzilla.suse.com/show_bug.cgi?id=1225932#c3 Robert Simai <robert.simai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from Robert Simai <robert.simai@suse.com> --- Closing the bug as resolved as there's meanwhile (verified with cockpit-tukit 0.1.2~git0.647b3e3) the message "Administrative access is required to access updates and snapshots." which makes it clear. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com