Nautilus should have a superuser mode

Bug #12154 reported by hazylazysusan
228
This bug affects 22 people
Affects Status Importance Assigned to Milestone
Nautilus
Fix Released
Wishlist
One Hundred Papercuts
Fix Released
Wishlist
Unassigned
nautilus (Ubuntu)
Fix Released
Wishlist
Ubuntu Desktop Bugs

Bug Description

For the following moves:
1. can't change permissions of a different user or root. WHy not
implement sudo prompt* here, instead of just "Access denied"?

2. can't move files into directories with root control on them, eg.,
moving azureus from ~ (/home/user) to /opt or /usr/share. Again, a
sudo prompt* should occur here. Moving files with the terminal is
annoying.

I think I read Red Hat is working on elminating the terminal recently
as well...

*sudo prompt because it's useful for us who use hte option "nopasswd"
in /etc/sudoers :)

http://bugzilla.gnome.org/show_bug.cgi?id=65058: http://bugzilla.gnome.org/show_bug.cgi?id=65058

Revision history for this message
Sebastien Bacher (seb128) wrote :

I'm not sure than an user need to use nautilus as root (a wrong drag&drop and
you move /etc, or /bin, or /lib ...). Jeff what do you think ? Is that a WONTFIX ?

Revision history for this message
Jeff Waugh (jdub) wrote :

They shouldn't be using nautilus as root, no; but at some stage, nautilus will
need to handle privilege escalation to do some of these tasks. How it does that
is a matter of great controversy though. :-) This is very much a bluesky
wishlist bug for the moment, though.

Revision history for this message
Sebastien Bacher (seb128) wrote :
Revision history for this message
Lionel Dricot (ploum-deactivatedaccount) wrote :

confirmed upstream. Might be closed as WONTFIX here..

Changed in nautilus:
status: Unconfirmed → Confirmed
Revision history for this message
sam tygier (samtygier) wrote :
Revision history for this message
Dennis Kaarsemaker (dennis) wrote : Re: [Bug 12154] Re: Nautilus should have a superuser mode

A simple 'superuser mode' to edit files would be an action in
nautilus-actions that says sudo gnome-open %u (Dunno if %u is correct,
but you get the idea)

Revision history for this message
Joel Bryan Juliano (joelbryan) wrote : Re: [Bug 12154] Re: [Bug 12154] Re: Nautilus should have a superuser mode

Isn't it Ubuntu is aiming for the new linux users, and less for the novice
admins? IMO, a deb package 'admin-suite' must be created, it includes
pessulus, sabayon and all the other admin task. But, I think superuser mode
nautilus must not exists at all.

On 6/11/06, Dennis Kaarsemaker <email address hidden> wrote:
>
> A simple 'superuser mode' to edit files would be an action in
> nautilus-actions that says sudo gnome-open %u (Dunno if %u is correct,
> but you get the idea)
>
> --
> Nautilus should have a superuser mode
> https://launchpad.net/bugs/12154
>

--
gawk; grep; unzip; touch; strip; init, uncompress, gasp; finger; find,
route, whereis, which, mount; fsck; nice, more; yes; gasp; warnquota,
umount; head, halt, renice, restore, touch, whereis, which, route, mount,
more, yes, gasp, umount, expand, ping, bashbug, dump, make clean; sleep

Revision history for this message
Sebastian Heinlein (glatzor) wrote :

@Dennis:

Take a look at the desktop guide:

http://help.ubuntu.com/6.06/ubuntu/desktopguide/C/desktop-tips.html

"Open files with administrative privileges from the file manager"

Revision history for this message
sam tygier (samtygier) wrote :

adding contextual menu item seems like a work around. the item should not show up on all files. if this is done at a deeper level it could be done better. for example you don't need to be super user to open a system config file, so you should only be asked for them when you try to save it.

also this is not just for system admin tasks. a parent might need to look through a childs home folder for example.

Changed in nautilus:
status: Unconfirmed → Confirmed
Revision history for this message
fatsheep (jesse-fatsheep-deactivatedaccount) wrote :

I think this is a great idea. Actually until I was linked here I thought it was my idea. Think about it... If you are editing, deleting, or executing a file that is owned by root and you do not have proper permission for your action then you have two options:

#1: gksudo nautilus (nautilus with root permissions).
#2: Use command the command line.

Both are far from an ideal situation. With #1 you have the same kind of security risk as logging in as root. With #2 you have to know the command line pretty well, hardly ideal for newbie linux users. Even if you do know the command line, opening up a terminal and typing in commands is a bit tedious and time-consuming.

A prompt like the one described in the original post would make Ubuntu more user-friendly to new linux users and save time regardless of who you are. All you have to do is type in your password and your desired action gets completed. It's simple and straightforward which is exactly what I like. :)

Revision history for this message
fatsheep (jesse-fatsheep-deactivatedaccount) wrote :

Here's the post I made before I knew this bug had been submitted:

http://www.ubuntuforums.org/showthread.php?p=1544222#

Changed in nautilus:
assignee: seb128 → desktop-bugs
Revision history for this message
Siegfried Gevatter (rainct) wrote :

What's about displaying a horizontal bar like that one on the Trash when you navigate to a folder where you don't have permissions to create new files, with a button that would allow you to switch it into "root mode" on that window (introducing the password into a prompt if it wasn't used recently, of course) until you visit a folder owned by you?

Revision history for this message
Wladston Viana (wladston) wrote :

Siefried, that's a nice idea!! I liked it.

Revision history for this message
Wladston Viana (wladston) wrote :

Siegfried, that's a nice idea!! I liked it.

Revision history for this message
Jacob Godserv (fun2program8) wrote :

Agreed, will it be implemented? That is question!

Revision history for this message
Bruce Cowan (bruce89-deactivatedaccount) wrote :

This would be rather obtrusive IMHO to display this in all non-writable folders.

Revision history for this message
Wladston Viana (wladston) wrote :

Another idea is, when the user tries to write to protected folders, it says something like :

"This(these) is(are) system folder(s or files), and it(they) has(have) been protected to ensure that your computer will operate safely. Do you wish to write to this folder anyways ? "

[Cancel]
[Yes (field for administration password)]

Another option would be "do you wish to temporarily disable this protection ? " - so the user can execute several operations on protected folders.

Revision history for this message
Dirk (mdpalow-deactivatedaccount) wrote :

Agreed.

Nautilus should have a supermode that doesn't require you to go to terminal and type in gksudo nautilus. When doing something that requires permission, it should just ask you for password and allow you to continue.

Using Nautilus in superuser mode is used too often - even by newbies - to not do this. How many postings have you seen in the forum where someone doesn't know how to use Nautilus in superuser mode? Too many...

This is a simple change/fix/upgrade and no-brainer...

Not crazy about 'Wladston's' text for the box...

Should be more like:

"Enter Your Password to Perform Administrative Task(s)"

Copied straight from another program that requires password.

Revision history for this message
Wladston Viana (wladston) wrote :

Dirk,

As long as the feature get's implemented, it's alright.

But I think that it's nice to at least say a simple phrase about what is going on and why the hell that password box showed up.... most newbies won't know why they have to type in a password, and might even think it's a virus or something ....

Revision history for this message
Bruce Cowan (bruce89-deactivatedaccount) wrote :

Ideas on a GUI would be nice. A "deleted items" type banner would be ridiculous.

Revision history for this message
Vadim Peretokin (vperetokin) wrote :

This problem floated up again in the Hardy Heron Expectations thread (http://ubuntuforums.org/showthread.php?t=579394&page=45)

-Something- definitely needs to be done, as the current state is just a pain in the behind without the use of third-party nautilus scripts.

Revision history for this message
Sarah Kowalik (hobbsee-deactivatedaccount) wrote :

I don't see why this would need to be done in nautilus, per se. Why not let me open the file as read only, then when it asks me if i want to save (in gedit, vim, etc), say "to save this file, you need root privileges" or something, and give the standard password prompt (with grey screen) that the update manager, etc does? Seems far more sensible to me.

Revision history for this message
Wladston Viana (wladston) wrote :

Sarah,

What about when you are working with file operations on protected files ? Nautilus doesn't ask the password. That is what this bug is about.

Revision history for this message
Bruce Cowan (bruce89-deactivatedaccount) wrote :

Something along the lines of nautilus's gio branch would be interesting. The work on this branch means you can open a file from a GVFS recognised place in any program and save the file even though that program doesn't use GVFS.

Revision history for this message
sam tygier (samtygier) wrote :
Revision history for this message
j8a (javierochoa88) wrote :

Open a terminal window
cd /home/user/.Trash
sudo rm -r *.*
The super user passwd is required
The end!
Bye

Revision history for this message
retrow (vonrishi) wrote :

Isn't there a package which installs advanced nautilus scripts (I did it through Automatix). Once installed, you can right click within the nautilus window and there is an option "Scripts > root-nautilus-here". Then you can do some of the tasks which require you to be a sudo or a root user. I have used it to create folders in /usr/local folder for some programs installations.

Changed in nautilus:
status: Confirmed → Triaged
Changed in nautilus:
status: Confirmed → Invalid
Changed in nautilus:
status: Unknown → Confirmed
Revision history for this message
Jessie Lawrence (nightwolf177-deactivatedaccount) wrote :

"gksu nautilus"

but, i still agree that, if you try to mess with a file that u dont have priveleges 4, it should say something like, "This action requires root athority" or something like that, and then maybe a "details" thingy that says what kind of file operation it is (i.e. move /blah/thingy.foo to /usr/blah)

Revision history for this message
robin0800 (robin-linux-hotmail) wrote :

Slightly off topic
KDE has a hidden root konqueror (file manager) and a root terminal also hidden

Revision history for this message
Alexander Gabriel (einalex) wrote :

Another use case:
- you bought a new harddrive/usbstick
- you created partitions and formated them with ext*
- you fire up nautlius to start using them and sure enough, they appear in the places bar.
- you click to mount them

- now you try to copy files to them

BUT

they are owned by root and you have to go to the shell to change permissions.

a newbie and userfriendly way would be to show a sudo dialog when changing permissions on files/folders you don't own.

Revision history for this message
Fabio Bossi (fabio-bossi-deactivatedaccount) wrote :

I have personally heard people complain about this. Running nautilus in super user mode is bad, but whenever a user wants to perform a forbidden operation he should have the option of typing the root password (after seeing a proper warning).

Revision history for this message
Stefan Hammer (j-4-deactivatedaccount) wrote :

Same thing is discussed here: #389422
Is it a duplicate?

Revision history for this message
Stefan Hammer (j-4-deactivatedaccount) wrote :

... to get the link working: bug #389422

Revision history for this message
psylem (subnetjet) wrote :

Dudes, open synaptic and search for nautilus gksu. The first package on the list named, low and behold, "nautilus-gksu" gives you a context menu entry "Open as administrator" on any folder you may desire root access to.

Revision history for this message
Alexander Gabriel (einalex) wrote :

psylem: that may be so. BUT This bug was filed because it's an usability issue. That doesn't go away with nautilus-gksu. You can't expect the user to know of the package. It's not installed by default. Let's say you'd have to install a package to copy a file. Not a good workflow.

Now if it were installed by default...That'd be much better, but still not optimal to me.

Revision history for this message
Fabio Bossi (fabio-bossi-deactivatedaccount) wrote :

There's a brainstorm idea about this:

http://brainstorm.ubuntu.com/idea/21666/

PLEASE fix this issue: I think it's a big annoyance for new users.

Revision history for this message
robin0800 (robin-linux-hotmail) wrote :

You can add "sudo aptitude install nautilus-gksu" in a terminal and you get an open as administrator on a right click on any folder or file in nautilus now.

Revision history for this message
njh (njh-njhurst) wrote : Re: [Bug 12154] Re: Nautilus should have a superuser mode

That's very nice, but it's not something my aunt will be able to do.

On Tue, 8 Dec 2009, robin0800 wrote:

> You can add "sudo aptitude install nautilus-gksu" in a terminal and you
> get an open as administrator on a right click on any folder or file in
> nautilus now.
>
> --
> Nautilus should have a superuser mode
> https://bugs.launchpad.net/bugs/12154
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Revision history for this message
Claudio Moretti (flyingstar16) wrote :

Even if Canonical integrates it in Ubuntu default apps?

On Wed, Dec 9, 2009 at 02:33, njh <email address hidden> wrote:

> That's very nice, but it's not something my aunt will be able to do.
>
> On Tue, 8 Dec 2009, robin0800 wrote:
>
> > You can add "sudo aptitude install nautilus-gksu" in a terminal and you
> > get an open as administrator on a right click on any folder or file in
> > nautilus now.
> >
> > --
> > Nautilus should have a superuser mode
> > https://bugs.launchpad.net/bugs/12154
> > You received this bug notification because you are a direct subscriber
> > of a duplicate bug.
> >
>
> --
> Nautilus should have a superuser mode
> https://bugs.launchpad.net/bugs/12154
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Nautilus: Confirmed
> Status in “nautilus” package in Ubuntu: Triaged
>
> Bug description:
> For the following moves:
> 1. can't change permissions of a different user or root. WHy not
> implement sudo prompt* here, instead of just "Access denied"?
>
> 2. can't move files into directories with root control on them, eg.,
> moving azureus from ~ (/home/user) to /opt or /usr/share. Again, a
> sudo prompt* should occur here. Moving files with the terminal is
> annoying.
>
> I think I read Red Hat is working on elminating the terminal recently
> as well...
>
> *sudo prompt because it's useful for us who use hte option "nopasswd"
> in /etc/sudoers :)
>
> http://bugzilla.gnome.org/show_bug.cgi?id=65058:
> http://bugzilla.gnome.org/show_bug.cgi?id=65058
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/nautilus/+bug/12154/+subscribe
>

Revision history for this message
PomCompot (pomme-compote-launchpad) wrote :

What do you think of an ‘Unlock button’ like the one of the time-admin app ?

The user open the permissions dialog. There is already a message “You are not the owner, so you cannot change these permissions.”. An ‘Unlock’ button give him the ability to bypass its user privileges to perform permissions change as root.

I have made a mockup of what I think.

Revision history for this message
njh (njh-njhurst) wrote :

I personally prefer the popup menu, but I see no reason not to have both
methods. The button is certainly sensible for single file cases.

Revision history for this message
Dan Dart (dandart) wrote :

Gosh, it's been five years and still hasn'[t been fixed. I suggest the same way Finder has done it: prompt for password when trying to do something requiring root.

Revision history for this message
Nick (soapduk) wrote :

I can't believe this hasn't been implemented yet. Are we trying to keep Linux as an Operating System for 'geeks' only?!

Changing permissions isn't exactly the most basic of Linux commands; and going to the command prompt might be the first idea that comes to many Linux users minds, but how about those new to Linux who don't know all these commands.

PomCompot I very much dig your mockup there, and it's pretty much as I had imagined the solution prior to seeing this lanchpad entry. It is also in keeping with current design of root user access for GUI applications.

Revision history for this message
Jacob Godserv (fun2program8) wrote :

Hey guys,

This bug is linked to other "upstream" bug reports, which means Ubuntu has (rightly) passed this onto the developers of Nautilus. Once it's implemented upstream, Ubuntu will include it in a new release, and other distributions will get this new feature in their new releases as well.

It's taking so long because (I'm guessing based on comments in the upstream bug report) this feature request is a bit bigger than you guys might immediately realize, and it's also not a very important fire to put out. Nevertheless, there's been very little to say against the feature, which is a good sign, so I would expect to see this in GNOME some time in the future, even if not immediately.

I suggest you CC yourselves to the upstream bug reports if you want to get more updates.

Revision history for this message
Nick (soapduk) wrote :

Thanks for the update Jacob, sounds like something might happen at some point. ;-)

Changed in nautilus:
importance: Unknown → Wishlist
Revision history for this message
Dario Ruellan (druellan) wrote :

The issue seems complex, but I'm going to promote this to the One Hundred Papercuts project to try refocus the problem, since its a valid usability issue, and a very old one.

Revision history for this message
Tralalalala (tralalalala) wrote :

To those Linux developers every issue seems complex and Ubuntu (and Linux in general) is full of usability issues which exist for as long as Linux exists.

I just stopped using this crap. Everyone should do that. Stop using Linux on the desktop and stop the development, because Linux on the desktop sucks.

Revision history for this message
Chris Wilson (notgary-deactivatedaccount) wrote :

there are many possible ways to fix this, some obviously easier than others. I'm going to target this for a paper cut milestone for the time being so we can keep track of it, and forward it to the upstream Nautilus devs later and see what they think.

I think a simple solution would be to add an option to the context menu that says "<Action to perform> as administrator", or some variation on a theme. This would perform the action in the relevant application with root privileges without having to elevate those of Nautilus.

Changed in hundredpapercuts:
milestone: none → raring-round-2
importance: Undecided → Wishlist
Changed in hundredpapercuts:
status: New → Confirmed
Changed in hundredpapercuts:
milestone: none → papercuts-nautilus
milestone: papercuts-nautilus → none
status: Confirmed → Invalid
status: Invalid → Confirmed
milestone: none → papercuts-nautilus
Changed in hundredpapercuts:
milestone: papercuts-nautilus → papercuts-s-nautilus
Changed in nautilus (Ubuntu):
status: Triaged → Confirmed
Revision history for this message
JohnWashington (ubuntu-johnwash) wrote :

This one has always irritated the heck out of me, because I often don't know in advance of starting Nautilus that I'm going to want to change something in a root-owned file. But I've been resigned to it because I imagined there was some insuperable difficulty in implementing it. And when my students hit this problem I get a little defensive and tell them it's not the developers' fault, it's due to the restrictions in Linux that prevent processes gaining root, which would create a security risk.

I've recently switched to Crunchbang. Imagine my surprise when I found the file manager there can do what I want! The file manager is Thunar. So I googled for 'thunar privilege escalation' and found an interesting article: http://www.psychocats.net/ubuntucat/file-browser-privilege-escalation-done-right/

More than 9 years since this serious usability bug was filed. Almost 7 years since that psychocats article.

The wonderful thing about open source development is the speed of progress, the way that problems are fixed quickly and systems are updated. Really?

Revision history for this message
Jacob Godserv (fun2program8) wrote :

This is a very difficult issue because it amounts to a fairly major feature change underneath. Every access has to be wrapped by a permissions check, followed by an authentication. Someone tried to patch this into the file manager a while back, but the patch never got approved.

The real bug is the GNOME bug. That's where most of the work happens, and that's where this bug has been prioritized out of scope for years.

Revision history for this message
Jacob Godserv (fun2program8) wrote :

In other words, yes, it's kind of sad this feature isn't in yet, but this isn't the right place to comment. See the GNOME link at the top. Just keep in mind these forums are made up of volunteers.

Revision history for this message
Bruno Nova (brunonova) wrote :

This feature would be very nice.
But Ubuntu should at least offer an option in the file manager(s) to "open as root" like some other distros (plus a warning somewhere in the window that it's dangerous, like Thunar and Mousepad do when running as root).

Right now, accessing/editing system files requires using sudo in terminal (gksudo was removed so it's not an option) or adding custom actions/scripts to the file manager (and nautilus-gksu was also removed), which is not very user friendly.

Revision history for this message
Bruno Nova (brunonova) wrote :

For those interested, I created a simple Nautilus extension that adds "Open as Administrator" and "Edit as Administrator" entries to the context menu.

It's in the official Ubuntu and Debian repositories.
Just enable the "backports" repository and install the "nautilus-admin" package.

Of course, this doesn't fix this bug! Nautilus really should ask for the admin password when necessary, but I don't think this will ever be implemented.

Changed in nautilus:
status: Confirmed → Fix Released
Revision history for this message
Khalid Abu Shawarib (khalid-shawarib) wrote :

As described by Bruno Nova, this is already possible with the nautilus-admin package, and by prepending the file path with `admin://`. I think this issue should be closed.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Indeed it was fixed by the admin backend that landed some cycles ago

Changed in nautilus (Ubuntu):
status: Confirmed → Fix Released
Changed in hundredpapercuts:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.