Starting OpenMandriva Lx Control Center with a user password

I was testing OpenMandrivaLx 3.02 and although the account I used was not a member of the wheel group I could start the “OpenMandriva Lx Control Center” with the password of the user. The root password wasn’t accepted.
I couldn’t verify this on OpenMandrivaLX 3.0 because I can’t install this version.
Is this wanted behaviour or a bug?

    Regards,
    Albert

Hi,
I tested with the build 775 and didn’t see that behaviour. When a user, not in the wheel group, try to access the mcc, the password window requires to choose one user among the users in the wheel group, before entering the password.
Which build did you test?

Other info: normally, the default behaviour is configured in
/etc/polkit-1/rules.d/50-default.rules
and you should see:

polkit.addAdminRule(function(action, subject) {
    return ["unix-group:wheel"];
});

See man polkit for details.

and if there are none?

Then the password for root is asked.

I tried in live mode(official lx 3.02 build), removed user “live” from wheel group, logout/login and mcc doesn’t ask for root password with user “live”.

Hello,

Sorry for the late reply.

I also use build 775 and /etc/polkit-1/rules.d/50-default.rules contains exactly what you indicated in your reply.

My problem was that the wheel user and the non wheel user were having the same password, which confused me.

After changing the password of the non wheel user, MCC indeed started after entering the password of the wheel user and refused to accept the password of the non wheel user, but it also refused to start with the root password.

In the pop-up window, which asks for a password no user is mentioned and I didn’t find a method to select a user.

Should the root password not always be accepted having a higher priority then the wheel users?

Regards,
Albert

Did you set the root password ?

:blush: no

If there is only one “wheel” user, the window directly ask for his password without noticing the user who launches the mcc and who cannot guess, at first, which password is asked. That’s indeed a bit confusing and should be improved (*).
If there is more than one user in the group wheel, you will be able to select the user and his password. This doesn’t apply to root even if you add it to the group wheel.
To be able to choose the root password:
– there shouldn’t be any “wheel” user
or
– the default rule should be deactivated (or modified)

(*) maybe, only a few lines of code ?

This surely is a bug and needs to be reported.

Edit: tested this with .iso # 794 with separate passwords for user and admin and user password is accepted for OMCC and for for changing sddm login in Systemsettings5. That can’t be correct.

All this may come from an old story about 1st user privileges & the wheel group.

As this seems to be an intended behaviour by KDE uspstream - although personally never fully understood not agreed - my workaround is to untick the box Administrator

Systemsettings > Account Details > User Manager

PS> image reference this post

Apply will ask for password, which needs to be the 1st user’s one :stuck_out_tongue:

Thanks @rugyada, I often forget the kde tools :slight_smile:
The philosophy behind the default setting is that the first user, who installs the system, necessarily has the root access and should be considered as the legitimate administrator.
As a group wheel member, he has a bit less rights than root. His rights are defined in polkit settings.
This is equivalent to the “sudo” practice in ubuntu, I think.
The only thing to improve, imo, is that the user who installs the system should be clearly informed of such a feature, for example, in om-welcome or in the window asking the admin password.

In Linux we do have tendency to over complicate some things. This should be simple.

Here’s jist of what I’m seeing if I set separate passwords for user and admin in a Calamares install.
User password is opening drakconf, system-config-printer, and systemsettings5 sddm config utility. Root password is rejected in all the mentioned instances. That seems bass akwards. Root password does work normally in Konsole, KUser, and KDE Partition Manager. Which is inconsistent.

So far everything I’ve found in systemsettings5 takes user password but as mentioned there are KDE apps that take root password. What are Y’all seeing?

Yes, you are touching the core of the “issue”.
What is consistent is the default settings from the installation with calamares to the pwd asked to the admin user when he want to perform an admin task with the drakxtools.
By default, the passwords of the user and root are the same. Therefore, the admin user doesn’t notice which password (of user or root) is asked.
If one chooses to set different passwords, during or after the installation, one should be warned about the default polkit settings and the way to make the things consistent.
Another option could be to set equivalent rules for kde tools in /var/share/polkit-1/

1 Like

As well as autologin, they are *bunt-ish and windoze-ish inherited “”“features”""
A serious Linux distro, caring of security, is different: user is user and administrator is root.
That’s all :grin:

1 Like

For information, starting from ISO build 785 autologin by default is now disabled ( \o/ ), and Use the same password for administrator account ticked by default has already been disabled some time ago too.

1 Like

Thanks JCL for clarifying the issue.

An additional point is that if one selects to have separate root and user passwords in Calamares installer then in the installed system there is a confusing conflict in that some admin tasks require the admin password while other admin tasks require a different (user) password. I fear the volume of questions if we release something in this state. Not to mention the reviews.

Hmmm… that isn’t working here. I can’t get the administrator box to stay unchecked.

That’s odd, it should work. I’m doing this way since ever.
You could try by launching systemsettings5 as root.