Ubuntu
deja-dup package

Unexpectedly asks for authentication halfway through file restore process

Bug #1079552 reported by Dylan McCall
270
This bug affects 4 people
Affects Status Importance Assigned to Milestone
deja-dup (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

While restoring files, after the (very long) "Preparing" step, Deja Dup seems to execute "pkexec /bin/sh …" in order to run some script as root. This is problematic for a few reasons:

1. It happens in the middle of the restore process. At best, the prompt for authentication will appear while the user is doing something else, causing confusion. At worst, the prompt will appear while the user is away from the computer expecting Deja Dup to be restoring his files.

2. When restoring a number of files (deja-dup --restore-missing) the prompt for authentication happens for each file that has been selected. Combined with #1, this means the user must babysit Deja Dup.

3. Deja Dup is running some code with full root permissions, without telling the user what that code does. This shouldn't be necessary.

This authentication should be somehow replaced with a gentler, less privileged PolicyKit request, and Deja Dup should ask for authentication either as soon as possible or as late as possible so the need does not arise (repeatedly) while the application is restoring files in the background.

See original description
Tags: xenial
Dylan McCall (dylanmccall)
description: updated
Revision history for this message
GB Mel (gbmelbob) wrote :

This is still a problem in ubuntu 16.04 Xenial.
In my situation, I have a number of missing files to restore, let's say six.
I run "restore missing files" from the Files right-click option,
then for every missing file, I have to type in my user password for authentication.
This means that I have to do this six times during the restore process.
The message is -
"Authentication is needed to run ‘/bin/sh’ as the super user
An application is attempting to perform an action that requires privileges. Authentication is required to perform this action."

Perhaps there might be a way to allow "/bin/sh" to run without needing authentication?
(I configured Backups to restore without a password)

The best workaround I can come up with so far is to run deja-dup with sudo at the command line -
$ sudo deja-dup --restore-missing file:///<path to folder>
This way I only have to enter my user password once, and right at the beginning.

No authentication was needed to run the backup - it's confusing to need it for the restore.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in deja-dup (Ubuntu):
status: New → Confirmed
Revision history for this message
Naël (nathanael-naeri) wrote :

I have recently encountered that message during the verification step of a backup. This was extremely disconcerting, as the data being backed up was user data with adequate permissions.

Déjà Dup should not ask for elevated privileges without explaining why it needs them, and it probably should not ask for elevated privileges at all.

Vej (vej)
tags: added: xenial
Alberto Salvia Novella (es20490446e)
Changed in deja-dup (Ubuntu):
importance: Undecided → Medium
importance: Medium → Low
information type: Public → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.