|
Bugzilla – Full Text Bug Listing |
| Summary: | Authentication failure for non-privileged user in "Software updates" | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Robert Simai <robert.simai> |
| Component: | Cockpit | Assignee: | Cockpit Bugs <Cockpit-bugs> |
| Status: | NEW --- | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | kukuk |
| Version: | Current | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | Cockpit message | ||
(In reply to Robert Simai from comment #0) > I'm not sure why refreshing the updates requires sudo as a regular user > could successfully run "zypper lu" as well. But if it does, we could at > least come up with a clearer message "switch to administrative access first" > or such. "zypper lu" uses the cache, so will show the results from the time when the last refresh did run. "zypper ref" needs write access to the cache, which only root has. Else it cannot store the refreshed data, and maybe even not read necessary passwords to access repositories. So if "zypper lu" should give you current results and not from the cache, it needs to run as root, too. I see, thanks for clarification. Then we should probably have a more understandable message for the user. |
Created attachment 875298 [details] Cockpit message Logged into Cockpit (309) on Tumbleweed as non-privileged user "robert", clicked the "Software updates" and got the attached message on screen and the following in the journal: sudo[5258]: robert : 3 incorrect password attempts ; PWD=/ ; USER=root ; COMMAND=/usr/bin/cockpit-bridge --privileged Something similar happens when I click the "Check for updates" from the Software updates module, the journal message then is sudo[5856]: pam_unix(sudo:auth): authentication failure; logname=robert uid=1000 euid=0 tty= ruser=robert rhost= user=root sudo[5856]: robert : 3 incorrect password attempts ; PWD=/ ; USER=root ; COMMAND=/usr/bin/cockpit-bridge --privileged I'm not sure why refreshing the updates requires sudo as a regular user could successfully run "zypper lu" as well. But if it does, we could at least come up with a clearer message "switch to administrative access first" or such.