[Intrepid] Upgrading to Intrepid beta, PAM asks confusing question
Bug #278117 reported by
Shaun Crampton
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| pam (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Just upgraded to intrepid beta. During the install, PAM asks which services should be restarted (to get the new libpam?).
This is unacceptable for a non-technical user since a non-technical user
- has no idea what PAM is
- has no idea what a service is
- has no idea which should be restarted, if any.
I'm a technical user and I still don't now what the impact of the question is or why I'm being asked. I can see that I might not want to restart apache immediately if I was running a web server say but I'm not, I'm running a desktop PC.
I think the dialog should be dropped and just restart the services, especially on a dist upgrade when I'd rather leave the PC unattended rather than babysit it for 2 hours.
Revision history for this message
| Steve Langasek (vorlon) wrote | #1 |
Revision history for this message
| Shaun Crampton (fasaxc) wrote | #2 |
Revision history for this message
| Steve Langasek (vorlon) wrote | #3 |
Revision history for this message
| Kees Cook (kees) wrote | #4 |
Revision history for this message
| Steve Langasek (vorlon) wrote | #5 |
To post a comment you must log in.
Thank you for taking the time to file this report and help to improve Ubuntu.
The question in this package has already been tuned, relative to what's asked in Debian, to ensure that it's not asked by default on systems using update-manager. But the question is still asked if you have other services installed, because
- these services need to be restarted in order to be able to continue authenticating users via PAM
- some of them are services that it's inappropriate for PAM to restart without explicit admin approval.
There is consequently no reasonable default here because this package can't sanely get information about which services it's "safe" to restart - it can only hint to the admin which services need to be restarted again in order to use PAM authentication.
In fact, we simultaneously have another bug report, bug #256238, about the fact that with the current handling PAM never prompts at all under update-manager, and as a result a user who lets their screen lock after the upgrade will be unable to get in past the screensaver.
Which services were you asked about restarting on upgrade? Most of the affected services are not at all suitable for running on a desktop; and the ones that are installed by default are supposed to be filtered out already so as to not trigger the prompt. But I see that we do have a bug with handling the cups package name change, and we probably also want to filter out samba since this can be pulled in by the desktop for file sharing. If there are others that are going to be installed on a typical Ubuntu desktop, I would want to know about them too.
As for not knowing why you're being asked, if there are improvements that can be made to the question that communicate this better in cases when the question /is/ asked, I'm certainly in favor of that. For reference, here is the full text of the question:
Services to restart for PAM library upgrade:
Most services that use PAM need to be restarted to use modules built for
this new version of libpam. Please review the following space-separated
list of init.d scripts for services to be restarted now, and correct it
if needed.
.
Some other services such as xscreensaver, gnome-screensaver, and xlockmore
cannot be restarted for you. You will not be able to authenticate to these
services until you restart them manually.