[Solved]Password prompts in MX Linux

[m_frank]

:
By konsole, I meant no sudo prompts.
Also removed synaptic.desktop file and edited synaptic-kde.desktop file to issue synaptic-pkexec command.
Both issues are fixed by backing-up and then removing the /etc/sudoers.d/antixers file.
Now everything is back to normal.
But will moving the antixers file cause any trouble in the future?
:

Most of /etc/sudoers.d/antixers is about allowing the specified commands to:

• Run without prompting for password,
• Still require the sudo prefix to the command,
• Still require the user to be a member of the sudo group

You'll see more password prompts on things like halt, poweroff, reboot, etc.
Possibly a minor annoyance, at least when running from cli, but it may be more interesting when these commands are called up in the bowels of some GUI with no provision for password input.

---

Additional these 2 defaults may be of interest:

Code: Select all

Defaults !requiretty
Defaults !tty_tickets

In the case of requiretty:

Code: Select all

$ man sudoers
	:
    requiretty   If set, sudo will only run when the user is logged into a real tty.
                 When this flag is set, sudo can only be run from a login session
                 and not via other means such as cron(8) or cgi-bin scripts.  
                 This flag is OFF by default.
	:

Since the default is OFF, losing Defaults !requiretty (which sets it OFF) should have no impact.

---

In the case of tty_tickets:

Code: Select all

$ man sudoers
	:
  tty_tickets  If set, users must authenticate on a per-tty basis. With this flag enabled,
               sudo will use a separate record in the time stamp file for each tty.  
               If disabled, a single record is used for all login sessions.
               This flag is ON by default.

Since the default is ON, losing Defaults !tty_tickets results in separate time keeping by each terminal.
When using multiple terminals, you could be prompted for a password by sudo, even though you just entered one because that was on a different terminal.

---

To gauge the impact of removing /etc/sudoers.d/antixers you should probably use:

Code: Select all

sudo --list

Both with and without /etc/sudoers.d/antixers, then analyze the differences.

[subluminal]

I'll put that file back where it was and see if the problems reoccur.

[subluminal]

After putting the antixers file back inside /etc/sudoers.d/ all password prompts stopped again. So I edited the file and erased this line as you suggested.

Code: Select all

Defaults !tty_tickets

Now everything is as it should be. Password prompts in synaptic, and on each new terminal. Just as I like it. Thanks for the help.

[m_frank]

:
So I edited the file and erased this line as you suggested.

Code: Select all

Defaults !tty_tickets

I said that?

I thought, that after quoting pertinent bits of the sudoers man page, that I said:

To gauge the impact of removing /etc/sudoers.d/antixers you should probably use:

Code: Select all

sudo --list

Both with and without /etc/sudoers.d/antixers, then analyze the differences.

[subluminal]

Sorry, forgot to mention. I did checkout sudo --list.

After putting antixers file back where it was, I got a whole bunch of commands which could be run w/o password. Same commands as in the file. Reboot, shutdown etc. Which is fine so I quoted John Lennon.

Code: Select all

Let It Be...

[subluminal]

Code: Select all

sudo --list
Matching Defaults entries for sayan on mx:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin, !requiretty

Runas and Command-specific defaults for sayan:
    Defaults!/usr/local/bin/menu_manager.sh env_keep+=HOME

User sayan may run the following commands on mx:
    (ALL : ALL) ALL
    (root) NOPASSWD: /sbin/halt
    (root) NOPASSWD: /sbin/poweroff
    (root) NOPASSWD: /sbin/reboot
    (root) NOPASSWD: /sbin/blkid \"\"
    (root) NOPASSWD: /sbin/fdisk.distrib
    (root) NOPASSWD: /usr/bin/ceni
    (root) NOPASSWD: /usr/local/bin/persist-config
    (root) NOPASSWD: /usr/local/bin/persist-save
    (root) NOPASSWD: /usr/sbin/minstall
    (root) NOPASSWD: /usr/local/bin/antixsources.sh
    (root) NOPASSWD: /usr/local/bin/connectshares.sh
    (root) NOPASSWD: /usr/local/bin/disconnectshares.sh
    (root) NOPASSWD: /bin/chvt
    (root) NOPASSWD: /usr/local/bin/menu_manager.sh
    (root) NOPASSWD: /usr/sbin/pm-hibernate
    (root) NOPASSWD: /usr/sbin/pm-suspend
    (root) NOPASSWD: /usr/local/bin/update-default-desktop
    (root) NOPASSWD: /usr/lib/mx-tweak/backlight-brightness
    (root) NOPASSWD: /usr/bin/lsof

[m_frank]

After installing KDE and removing XFCE,

• synaptic isn't asking for any password.
• Same for konsole. (KDE's terminal emulator)
• MX package installer still asks for password.

:
How do I fix it so that normal behaviour resumes?
:

After putting the antixers file back inside /etc/sudoers.d/ all password prompts stopped again.
So I edited the file and erased this line as you suggested.

Code: Select all

Defaults !tty_tickets

Now everything is as it should be. Password prompts in synaptic, and on each new terminal. Just as I like it.
Thanks for the help.

---

I'm glad that you were able to customize your installation to your liking, desires, and requirements.

---

I am curious about something.

Based on your forum join date of Tue, 15 Oct 2019, and this posting, I assume (shame on me?):

• You've been running MX at least a little bit over the intervening 5-ish months,
• You recently installed KDE,
• For you, "normal behaviour" is each terminal doing separate password prompt time keeping.

Were you bothered by the configured MX-Linux sudo password prompting behavior before installing KDE?

(Note: MX is configured to have a common timer per user applied across all terminals)

Because I don't think that the KDE installation changed this setting, although the environmental change may have made you more sensitive to the MX behavior vs other distros.

[subluminal]

Yes I was bothered by lack of prompt in XFCE before as well. It's kind of funny because I see in the internet many people in countless forums asking how to disable prompts.

My setup is usually 2 distros dual boot. One always arch based (Currently Manajaro KDE) and one always debian based (currently MX). This is the second time I installed MX. The first time I went back to vanilla debian because of 2 reasons. First, I am more familiar with vanilla debian. Second, I am not a big fan of XFCE. Now though, having setup KDE just the way I want in MX, it is running better than even KDE Neon or vanilla Debian KDE. So plan to stick with it.

I'm currently also trying to make a MX KDE respin but a lot of MX tools are deeply intertwined with XFCE which is causing problems. I don't have enough programming skills to rewrite MX Tools in Qt for KDE removing all XFCE related codes.

[m_frank]

Yes I was bothered by lack of prompt in XFCE before as well.
It's kind of funny because I see in the internet many people in countless forums asking how to disable prompts.

Ah, I thought so.

You may want to consider editing the base posting title to clarify the impression that KDE install "caused" disabling of password prompts. Unhappily, I don't have any succinct suggestions.

This was really an issue of the "MX-Linux default sudo password prompting behavior".

[m_frank]

---

My setup is usually 2 distros dual boot. One always arch based (Currently Manajaro KDE) and one always debian based (currently MX). This is the second time I installed MX. The first time I went back to vanilla debian because of 2 reasons. First, I am more familiar with vanilla debian. Second, I am not a big fan of XFCE. Now though, having setup KDE just the way I want in MX, it is running better than even KDE Neon or vanilla Debian KDE. So plan to stick with it.

I've happily used KDE, starting with KDE 3.3.2 (MEPIS 3.3.1), ending with KDE 4.5.1 (Simply-MEPIS 11.0),
before migrating to MX with XFCE.

My first experience with XFCE was when I wanted a desktop for my FreeBSD 4.x system, don't remember which x, it's been a while.