Unexpectedly asks for authentication halfway through file restore process
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
deja-dup (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
While restoring files, after the (very long) "Preparing" step, Deja Dup seems to execute "pkexec /bin/sh …" in order to run some script as root. This is problematic for a few reasons:
1. It happens in the middle of the restore process. At best, the prompt for authentication will appear while the user is doing something else, causing confusion. At worst, the prompt will appear while the user is away from the computer expecting Deja Dup to be restoring his files.
2. When restoring a number of files (deja-dup --restore-missing) the prompt for authentication happens for each file that has been selected. Combined with #1, this means the user must babysit Deja Dup.
3. Deja Dup is running some code with full root permissions, without telling the user what that code does. This shouldn't be necessary.
This authentication should be somehow replaced with a gentler, less privileged PolicyKit request, and Deja Dup should ask for authentication either as soon as possible or as late as possible so the need does not arise (repeatedly) while the application is restoring files in the background.
description: | updated |
tags: | added: xenial |
Changed in deja-dup (Ubuntu): | |
importance: | Undecided → Medium |
importance: | Medium → Low |
information type: | Public → Public Security |
This is still a problem in ubuntu 16.04 Xenial.
In my situation, I have a number of missing files to restore, let's say six.
I run "restore missing files" from the Files right-click option,
then for every missing file, I have to type in my user password for authentication.
This means that I have to do this six times during the restore process.
The message is -
"Authentication is needed to run ‘/bin/sh’ as the super user
An application is attempting to perform an action that requires privileges. Authentication is required to perform this action."
Perhaps there might be a way to allow "/bin/sh" to run without needing authentication?
(I configured Backups to restore without a password)
The best workaround I can come up with so far is to run deja-dup with sudo at the command line -
$ sudo deja-dup --restore-missing file:///<path to folder>
This way I only have to enter my user password once, and right at the beginning.
No authentication was needed to run the backup - it's confusing to need it for the restore.