Ubuntu
gksu package

gksu doesn't remember password on Natty

Bug #783129 reported by Felix Dreissig
60
This bug affects 12 people
Affects Status Importance Assigned to Milestone
GKSu
New
Undecided
Unassigned
gksu (Ubuntu)
Confirmed
Undecided
Unassigned
libgksu (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: gksu

Since upgrading my Ubuntu Desktop installation to 11.04, gksu doesn't remember an once-entered password for 15 minutes but instead asks for it every time.

Steps to reproduce:
1. Launch an application which is started via gksu, e.g. Synaptic.
2. Launch another application which is started via gksu, e.g. GParted.
OR: Close Synaptic and launch it right again.
3. The password popup will show up again.

This is reproducible on my upgraded system as well as on a clean install.
There are no special sudo timeout settings, "normal" command-line sudo even works fine with a 15-minute timeout before showing the password prompt again.

'gconftool -R /apps/gksu' also reports default settings:
 save-keyring = session
 prompt = false
 disable-grab = false
 force-grab = false
 sudo-mode = true
 display-no-pass-info = false
 save-to-keyring = false

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: gksu 2.0.2-5ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelModules: wl
Architecture: amd64
Date: Sun May 15 19:43:28 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha amd64 (20100831.2)
ProcEnviron:
 LANGUAGE=en_US:en
 LANG=de_DE.utf8
 LC_MESSAGES=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: gksu
UpgradeStatus: Upgraded to natty on 2011-04-28 (16 days ago)

Revision history for this message
Felix Dreissig (f30) wrote :
Revision history for this message
Christophe Van Reusel (christophevr) wrote :

Hello, Same problem on natty as well. Ok I agree that an timestamp on gksu and sudo is an considerable security risk. There fore it's a good thing to set the default on zero . But users must be allowed to change that. On my work enviroment it's not a security bridge to work with a time stamp. Very strong firewall independent from pc self. No other users are here. So a time stamp from 5 to 15 minutes is not a security issue for me. But in other enviroments I would indeed set it on zero as well. But now it's a real pain in the ass. As I do have a very strong and long password. And it's extremely annoying having to always login again.

sudo itself is ok with Defaults env_reset,timestamp_timeout=5 into sudoers file but gksu not.

This behaviour should be changed on natty or at least the user must be allowed to change the default beheviour ofno time stamp on gksu to a time stamp

Launchpad Janitor (janitor)
Changed in gksu (Ubuntu):
status: New → Confirmed
Changed in libgksu (Ubuntu):
status: New → Confirmed
Revision history for this message
Nicolas Krzywinski (nsk7even) wrote :

This is reproducable for mee to:
- repetitive sudo calls does only ask for pwd once
- repetitive gksu calls ask for pwd every time

This is a fresh install of natty with all updates installed.
This means gksu is same version as stated above.

Only the kernel is some steps newer for me now: 2.6.38-11-generic

Revision history for this message
Nicolas Krzywinski (nsk7even) wrote :

Is there progress here?

I found out an additional detail:
- gksu called via command line does respect the grace timeout, matching with sudo!
- only gksu called via GUI (used Gnome 2 on Natty and using Gnome 3 (Classic) on Mint now) asks for the password all the time

I don't have a clue why there is a difference, but if s. o. could possibly help with more details, please ask I will try to answer as best I can because this is an annoying bug...

Revision history for this message
Khurshid Alam (khurshid-alam) wrote :

I can confirm, This bug is still present in ubuntu 12.04. As Nicolas mentioned when using gksu in terminal it does respect the timeout, but when gksudo is called via gui, it doesn't. The only option is to explicitly set "timestamp_timeout" in /etc/sudoers.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.