sudo password prompt could be clearer

Bug #8556 reported by Tom von Schwerdtner on 2004-09-27
22
Affects Status Importance Assigned to Milestone
gksu (Debian)
Fix Released
Unknown
gksu (Ubuntu)
Undecided
Unassigned
Nominated for Gutsy by Marco Rodrigues
sudo (Ubuntu)
Wishlist
Martin Pitt
Nominated for Gutsy by Marco Rodrigues

Bug Description

The 'sudo' password prompt might be clearer if it said 'Your Password:' or some
variation (as opposed to just 'Password:'). Some people seem to think that the
password being asked for is the root password which leads to some confusion.
There is also a possability that the command being run via 'sudo' will prompt
for it's own password (for some other reason) which could be confusing. Perhaps
changing the prompt to something ultra explicit like '[sudo] Please enter
$user's password:' would be a good idea.

Just a thought...

Related branches

Matt Zimmerman (mdz) wrote :

(this is essentially a continuation of Bug #7964)

The text in the dialog does clearly say "Please enter your password"; I'm not
sure that changing the "Password:" text would make it any clearer. Mentioning
'sudo' would be more confusing for users who do not know what sudo is.
Deferring to Jeff on whether it is OK as-is.

Jeff Waugh (jdub) wrote :

Mmm, I certainly don't think the word "sudo" will make it any clearer. ;-) I
would love to switch this dialogue to have HIG-compliant, self-documented
labels, but I think that's something we can leave until Hoary. For now it says
"your password" and names the binary it's trying to run, which is a reasonable
start. Leaving this open, but changing the milestone. :-)

Thom May (thombot) wrote :

Um, I think everyone's missed the point here. The original bug was
about sudo on the command line:
15:59 ~/work/packages% sudo echo foo
Password:

^^^^^^^^ That prompt should be clarified.
The incorrect password prompt:

Sorry, try again.
Password:

Could be clearer too.

How does:
16:29 ~/work/packages% sudo echo foo
Please enter your password:
Sorry, your password was incorrect.
Please enter your password:

grab y'all?

Matt Zimmerman (mdz) wrote :

Depends on whether it completely breaks gksudo, which presumably watches for
sudo's interactive prompts

Thom May (thombot) wrote :

(In reply to comment #4)
> Depends on whether it completely breaks gksudo, which presumably watches for
> sudo's interactive prompts

Just tested it, and it doesn't.

Thom May (thombot) wrote :

(In reply to comment #5)
> (In reply to comment #4)
> > Depends on whether it completely breaks gksudo, which presumably watches for
> > sudo's interactive prompts
>
> Just tested it, and it doesn't.

Ah, gksudo is fine in the correct password case, but not in the incorrect
password case.
But then, gksudo just blows up if you give it a bad password anyway (even with
the default sudo prompts).

Trey Earl (lunitik) wrote :

I think a good way to make the gksudo prompt clearer would be to change the
Title bar message to something more clear. "Changing user" is not clear enough,
as it will guide the user away from thinking to type his own Password.

I think something like "Registering permissions" would make the entire prompt
that much more clear. Right now the text in the prompt is clear enough, but
disagrees with the title bar.

I have seen many users simply not think to even type their own password in
#ubuntu, this seems to me the only thing that can perhaps be confusing them?

Thom May (thombot) wrote :

(In reply to comment #7)
> I think a good way to make the gksudo prompt clearer would be to change the
> Title bar message to something more clear. "Changing user" is not clear enough,
> as it will guide the user away from thinking to type his own Password.
>
This bug is about the sudo command line prompt, not the gksudo prompt.
Bug #7964 has been used for gksudo UI concerns.

Joe S (jcs296) wrote :

When using sudo at the command line, the user is asked for a password sometimes
but not every time;
> sudo ....
password:
> sudo root command
> sudo root comand
password:

It leaves the user not knowing when they have root privileges and when they don't.

Furthermore, clicking on the system tray update icon once will ask for a
password; closing the program and clicking on the tray icon again does not ask
for a password; this does not seem safe at all.

Matt Zimmerman (mdz) wrote :

(In reply to comment #9)
> When using sudo at the command line, the user is asked for a password sometimes
> but not every time;
> > sudo ....
> password:
> > sudo root command
> > sudo root comand
> password:
>
> It leaves the user not knowing when they have root privileges and when they don't.
>
> Furthermore, clicking on the system tray update icon once will ask for a
> password; closing the program and clicking on the tray icon again does not ask
> for a password; this does not seem safe at all.

This is all by design, and nothing to worry about.

Abdullah Ramazanoglu (ar018) wrote :

How about something along the lines of these?
alias sudo='sudo -p "Please enter password for %u : "'
alias dosu='sudo -p "Please enter your own personal password here : "'

desrt (desrt) wrote :

Might also be a good idea to replace the first-use sudo 'lecture' with some
informative text about how sudo asks for your normal user login password. That
way the user would see it the first time and know from then on what to do.

Of course, this doesn't cover gksudo, but i don't think that this bug was meant to.

Package: sudo
Version: 1.6.8p9-3
Severity: wishlist

[moise@mole /etc/openvpn]$ sudo scp '<email address hidden>:/etc/openvpn/*' .
Password:
Password:

  Surely you can see the problem; without keeping careful track of
time, it's impossible for me to know whether the prompt I'm
presented with is a sudo prompt or an scp prompt. IMHO sudo's prompt
should say something akin to "sudo: Password:" or "Password for root
access:" to avoid ambiguity.
  I am aware that this would probably break some scripts.
  I am also filing a similar bug against ssh, since it's also guilty of
an ambiguous password prompt.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages sudo depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
ii libpam-modules 0.79-3 Pluggable Authentication Modules f
ii libpam0g 0.79-3 Pluggable Authentication Modules l

sudo recommends no packages.

-- no debconf information

Matt Zimmerman (mdz) wrote :

I think this is addressed fairly well by the sudo changes in dapper, which display a helpful message to new users when they start a command line session, and refer to detailed documentation available in a man page

Changed in sudo:
assignee: jdub → pitti
Martin Pitt (pitti) on 2006-03-28
Changed in sudo:
status: Unconfirmed → Confirmed
Rocco Stanzione (trappist) wrote :

The most troublesome manifestation of this problem is when you say something like
sudo mount -t smbfs -o username //some/samba/share /mnt/point
and you get two identical password prompts, looking for two different passwords.

Tollef Fog Heen (tfheen) wrote :

Clearing milestone; this clearly didn't make it for hoary. :-)

# Automatically generated email from bts, devscripts version 2.9.27
# Too many things depend on this prompt
tags 343268 + wontfix

Carthik Sharma (carthik) wrote :

I ended up here searching. Launchpad works good.
I hope this wish gets fulfilled soon :)

Marco Rodrigues (gothicx) wrote :

Hi Pitti!

Please apply it! it's more easy for newbie users to understand it!

It's a patch agains the file "configure.in"

Changed in sudo:
status: Confirmed → In Progress
Marco Rodrigues (gothicx) wrote :

The correct one.

Done it with diff -uN =)

Martin Pitt (pitti) wrote :

Hmm, not sure whether 'Your password' is significantly better than 'Password'.

Marco Rodrigues (gothicx) wrote :

I think it's better because he tell the user that's their current account password and not the root one. When I come to Ubuntu I never used "sudo" and I don't know if the password asked was the root one.

Tom von Schwerdtner (tvon) wrote :

"Your Password" is context sensitive, and there is still nothing indicating that the context is "sudo".

Some suggestions:

  $ sudo mount -t smbfs -o username //some/samba/share /mnt/point
  [sudo] Password:

  $ sudo mount -t smbfs -o username //some/samba/share /mnt/point
  Password for sudo:

Explicit, but perhaps problematic for long commands written by shell ninjas and people that actually use vi keybindings in bash... also a more complex patch (and "-p" alternative won't work):

    $ sudo mount -t smbfs -o username //some/samba/share /mnt/point
    Password to execute "mount -t smbfs -o username //some/samba/share /mnt/point":

My personal favorite:

   $ sudo mount -t smbfs -o username //some/samba/share /mnt/point
    Password to execute "mount -t smbfs -o username //some/samba/share /mnt/point" as user "root":

or with "-u" for a better example:

   $ sudo -u www-data mount -t smbfs -o username //some/samba/share /mnt/point
   Password to execute "mount -t smbfs -o username //some/samba/share /mnt/point" as user "www-data":

Also, as Abdullah Ramazanoglu mentioned, you could just alias it in a system-wide bashrc or something (instead of using a patch).

Marco Rodrigues (gothicx) wrote :

When someone runs "sudo something", that's obvious that we're running sudo.. so "Password for sudo:" don't explain that you need to enter your account password.

Tom von Schwerdtner (tvon) wrote :

The point is that the password is for "sudo" and not (in the above examples) for "mount". Neither "your password" nor "account password" tell me if it's the password that sudo wants (for the user running "sudo") or for "username" on the system with the samba share. Both are account passwords, and it's quite possible that both accounts are mine.

Marco Rodrigues (gothicx) wrote :

And Thom May suggestion:

Please enter your password:
Sorry, your password was incorrect.
Please enter your password:

What do you think pitti ?!

Changed in sudo:
status: In Progress → Confirmed
Martin Pitt (pitti) wrote :

My personal favourite so far is

  [sudo] Your password:

It is concise, it points out that it wants the user's password (as opposed to root's), and it makes it clear that it is the sudo password, not the one 'mount' asks.

Changed in sudo:
status: Confirmed → In Progress
Marco Rodrigues (gothicx) wrote :

So you can apply the patch and put it in the archive ? it will be released as update for feisty or just for gutsy ?

I would add for sudo (without -u option):
Acquiring 'root' privileges as 'user'...
Enter USER password:

Kurt Lloyd (ontoinfinity) wrote :

I'm not sure if what you (eolo999) meant is what I'm thinking as I read this thread. What I'm thinking is that the prompt should explicity indicate which password is being asked for. So if the username is "foobar" then the prompt should be something like:

$ sudo /bin/ksh
'foobar' password:

This idea is also in one of Marco Rodrigues' suggestions in his first post.

Kurt Lloyd (ontoinfinity) wrote :

(Correction, this idea is instead in the "Bug description".)

Soul-Sing (soulzing) wrote :

i have a really crazy idea to use a biometric fingerprint (allready on many laptops!) for root privileges. it is so easy to use and safe! ( if it is possible....:) )

Nicolas Valcarcel (nvalcarcel) wrote :

I have patch it to show:

nxvl@LePew:~$ sudo echo foo
[sudo] Please enter the password for nxvl:
Sorry, the password for %u was incorrect, please try again.
[sudo] Please enter the password for nxvl:
foo
nxvl@LePew:~$

Nicolas Valcarcel (nvalcarcel) wrote :

Sorry i had an error on the previus patch, here is the new one.

nxvl@LePew:~$ sudo echo foo
[sudo] Please enter the password for nxvl:
Sorry, the password was incorrect, please try again.
[sudo] Please enter the password for nxvl:
foo
nxvl@LePew:~$

HG (mike-we11er) wrote :

My vote is for:

 [sudo] Your password:

Short, snappy, tells you the request is from sudo.

I think the "Please enter the password for xxx:" is too long and doesn't read well.

Dave Walker (davewalker) wrote :

Enter User Password:

or

$USER's password:

Nicolas Valcarcel (nvalcarcel) wrote :

i think "$USER's password:" is the way

i'm attaching the new patch

Soul-Sing (soulzing) wrote :

Enter User Password:

Changed in sudo:
status: In Progress → Confirmed
Martin Pitt (pitti) wrote :

I like the latest patch, thanks! Let's get this in ASAP for widespread testing.

Changed in sudo:
status: Confirmed → In Progress
Martin Pitt (pitti) wrote :

Unfortunately we first need to fix gksu to not rely on the password prompt to detect a failed password (relying on the 'Sorry, try again' one should be more than enough).

Martin Pitt (pitti) wrote :

For the record, kdesu gets along well with a changed password prompt.

Soul-Sing (soulzing) wrote :

what is diference between: gksudo and gksu?
gksudo= sudo -H (more or less)

Martin Pitt (pitti) wrote :

sudo itself works, blocked on fixing gksu.

Changed in sudo:
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Hm, weird, it suddenly works now. Who knows what I saw before, maybe some crash due to the g_thread_init() bug.

Changed in gksu:
status: Unconfirmed → Rejected
Martin Pitt (pitti) wrote :

sudo (1.6.8p12-5ubuntu2) gutsy; urgency=low

  * debian/rules: Configure less confusing default password prompt to (a)
    point out that it wants to know the user's password (instead of root's or
    whichever) and (b) that it is sudo which asks the question (since those
    prompts become really unintelligible if the command asks its own password,
    such as 'ssh', 'passwd', or 'mount -t cifs'). Do not modify
    --with-badpass-message though, since that breaks gksu. Thanks to Marco
    Rodrigues, leoquant, and nxvl for the discussion and proposals.
    (LP: #8556)

 -- Martin Pitt <email address hidden> Fri, 15 Jun 2007 09:22:55 +0200

Changed in sudo:
status: Fix Committed → Fix Released
Daniel Nylander (yeager) wrote :

It would be nice if this string could be localized too..

user <email address hidden>
usertag 343268 + hardy ubuntu-patch
tag 343268 patch
thanks

Ubuntu also got this request in https://launchpad.net/bugs/8556.
In fact we found that gksu and kdesudo work just fine when changing
the password prompt. However, they DO break when modifying the 'bad
password' ("Sorry, try again") message, which is why we left them
alone.

Ubuntu enabled

  --with-passprompt="[sudo] password for %u:"

in debian/rules 5 months ago and did not receive any problem report
about it. Our corresponding changelog:

  * debian/rules: Configure less confusing default password prompt to (a)
    point out that it wants to know the user's password (instead of root's or
    whichever) and (b) that it is sudo which asks the question (since those
    prompts become really unintelligible if the command asks its own password,
    such as 'ssh', 'passwd', or 'mount -t cifs'). Do not modify
    --with-badpass-message though, since that breaks gksu. Thanks to Marco
    Rodrigues, leoquant, and nxvl for the discussion and proposals.

Thank you for considering,

Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org

Changed in gksu:
status: Unknown → Won't Fix

Hello,

This is something that has irked me for some time, but I
only noticed that ubuntu fixed it by witnessing a co-worker
using sudo.

I'm not sure what relationship Josh has with the package,
but in light of Martin's comments / Ubuntu's experiences,
could Josh / Bdale reconsider the wontfix tag?

--
Jon Dowland

tags 343268 -wontfix
tags 343268 +pending
thanks

Makes sense to me. In my CVS for the next upload.

Bdale

Source: sudo
Source-Version: 1.6.9p9-1

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.6.9p9-1_i386.deb
  to pool/main/s/sudo/sudo-ldap_1.6.9p9-1_i386.deb
sudo_1.6.9p9-1.diff.gz
  to pool/main/s/sudo/sudo_1.6.9p9-1.diff.gz
sudo_1.6.9p9-1.dsc
  to pool/main/s/sudo/sudo_1.6.9p9-1.dsc
sudo_1.6.9p9-1_i386.deb
  to pool/main/s/sudo/sudo_1.6.9p9-1_i386.deb
sudo_1.6.9p9.orig.tar.gz
  to pool/main/s/sudo/sudo_1.6.9p9.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <email address hidden> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 03 Dec 2007 10:26:51 -0700
Source: sudo
Binary: sudo-ldap sudo
Architecture: source i386
Version: 1.6.9p9-1
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <email address hidden>
Changed-By: Bdale Garbee <email address hidden>
Description:
 sudo - Provide limited super user privileges to specific users
 sudo-ldap - Provide limited super user privileges to specific users
Closes: 343268 388659 448628 451324
Changes:
 sudo (1.6.9p9-1) unstable; urgency=low
 .
   * new upstream version
   * debian/rules: configure a more informative default password prompt to
     reduce confusion when using sudo to invoke commands which also ask for
     passwords, closes: #343268
   * auth/pam.c: don't use the PAM prompt if the user explicitly requested
     a custom prompt, closes: #448628.
   * fix configure's ability to discover that libc has dirfd, closes: #451324
   * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
     the command 'visudo' invokes a vi variant by default as documented,
     closes: #388659
Files:
 8a775e93ddc75f55bfee1b35a9e69ae1 614 admin optional sudo_1.6.9p9-1.dsc
 2bff66757a3864a7d509343587513755 578259 admin optional sudo_1.6.9p9.orig.tar.gz
 0e8aaf64503f68ad34fde202b5b39ca0 21231 admin optional sudo_1.6.9p9-1.diff.gz
 3a671c4af43993433cf8f98aa22658e2 170924 admin optional sudo_1.6.9p9-1_i386.deb
 a30fcb2a6e417c1a83cf7aeea33e6d4e 182514 admin optional sudo-ldap_1.6.9p9-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHVEGtZKfAp/LPAagRApvBAJ9LPss1fhF+x5qvSt/ogRFBrExgJwCeKLZV
85lVf5sO8tNf6tKNruCZ3t4=
=GluW
-----END PGP SIGNATURE-----

Changed in gksu:
status: Won't Fix → Fix Released

FYI: breaks Emacs' M-x shell <http://bugs.debian.org/454554>

On Wed, Nov 14, 2007 at 01:00:34PM +0100, Martin Pitt wrote:
> Ubuntu enabled
> --with-passprompt="[sudo] password for %u:"
> in debian/rules 5 months ago and did not receive any problem report
> about it.

PPS: this issue has affected Ubuntu Gutsy for some time. Because
Ubuntu makes it difficult for tty users to report bugs, I do not
report bugs to them, instead waiting until they can be reproduced on
Debian.

# A New Hope
# A log time ago, in a galaxy far, far away
# something happened.
#
# Magically this resulted in the following
# action being taken, but this fake control
# message doesn't tell you why it happened
#
# The action:
# Bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.