Update Manager doesn't work when launched from a secundary account
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| policykit (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| update-manager (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
On my Ubuntu 10.04 test machine I created a secundary account called "test". Then I logged on with this secundary account and started Update Manager. I cliked the Check button and the Update Manager asked for a password. I'm used to entering the password of my primary account, so now I also entered the password of my primary account. Then it said "Reading package information" for a second and that's all. It didn't search for updates.
As I said I accidentally entered the password of my primary account, but it looked like it did something (because of the "Reading package information), but it didn't search for updates.
Then I clicked the Check button again, but this time I entered the password of the secundary account I just created. This time I got a error telling me "Failed to run /usr/sbin/synaptic '--hide-
The underlying authorisation mechanism (sudo) does not allow you to run this program. Contact the system administrator."
In the user settings I see the secundary user doesn't have permission to "Administer the system", so it looks like a secundary user indeed isn't allowed to search for updates updates.
Then I logged out and now logged back on with my primary account. I searched for updates, logged out again and logged back on with the secundary account. Then I started Update Manager and it showed the available updates, although it was impossible to install them.
If a secundary user isn't allowed to install updates, why does it show an error with so many information? Why doesn't it just show an error saying: "You're not allowed to search for updates." and "You're not allowed to install updates."?
Why is it possible to enter the password of my primary account when it asks "Enter YOUR password to perform administrative tasks"? It doesn't state it's possible to enter some elses password. Shouldn't I get an error telling me "You entered an incorrect password." when I enter someone elses password?
So, it's possible to enter the password of someone elses account. Then why doesn't anything happen? I don't get an error, so Update Manager accepts the password of my primary account. Then why doesn't it install the updates using my primary account?
If it's impossible to use Update Manager when logged on with a secundary account, why is Update Manager shown in the list System > Administration? Should objects just be hidden when the currently logged on user isn't able to use them? Why should a user be able to start an application it just can't use?
Or another solution: Why doesn't it say "Enter the user name and password of someone with enough privileges to perform administrative tasks." instead of "Enter your password to perform administrative tasks." The currently logged on user doesn't have enough privileges to install updates, so why does it ask for the password of this user?
| Tralalalala (tralalalala) wrote | #1 |
| Robert Roth (evfool) wrote | #2 |
| affects: | policykit → policykit (Ubuntu) |
| affects: | update-manager → update-manager (Ubuntu) |
Update:
This bug is more like "PolicyKit accepts passwords of other accounts". I just discovered it's also possible to log on as the primary user, start Synaptic and then enter the password of the secundary account. After entering the password of another account nothing happens. Synaptic isn't started, but PolicyKit also doesn't give an error. It looks like PolicyKit found the password you entered (although it doesn't belong to the currently logged on user) and thus doesn't give an error stating an incorrect password has been entered.
Looks like a major bug to me, because when somebody enters a wrong and nothing happens, he knows he entered a valid password of another user. Then he can just log out and try out this password for every account, untill he finds out to which user the password belongs.