14

I just answered another beginners question about "Cannot write.......check permissions".

Of course I know how to use chown/chmod; I'm working with command line anyway. But the average consumer does not.

So what should I tell people without any GNU/Linux-experience?

Work as root? I know for example Nemo has functionality "open as root". But just no! I do not think it is a good idea for an average user. It's far to dangerous. Then the user creates file in root-file-manager and wonders why he cannot delete or modify this file. And so on.

Tell him to learn how to use chown/chmod? And here we are - nerd-only-linux where everything is so complicated. That's the way we do things; but it's no good option for the average consumer.

Why doesn't the file-manager help?

I hate to say this, but look how Windows handles this. Default are user-permission. And if the file-manager needs more - it just asks the user.

This can't be hard to implement. If an operation fails with permission exception - try executing with gksudo.

And yes: I'm really inexperienced with the whole Open-Source-World.

My questions:

  1. Are there any reasons this isn't done this way
  2. Did anyone implement something like that?
  3. Is this something you report as a bug (Ubuntu or e.g. Gnome)?
  4. Is this something I just could try to implement myself?
AnnoSiedler
  • 273
  • 1
  • 5
  • 4
    Why do you want to copy Windows behaviour to a Linux system? They are just two different operating systems and also differ. In Linux you work as normal user and normally do not need `root` privileges, unless you do admin work. In that case, you should work as admin and keep both worlds separated. You can install software in your home directory, make your own environment settings in `.bashrc`, `.profile` etc... – Thomas Mar 21 '17 at 11:06
  • 2
    I must be missing something, but why do you consider *"I know for example Nemo has functionality "open as root". But just no! I do not think it is a good idea for an average user. It's far to dangerous."*, but at the same time, *"look how Windows handles this. Default are user-permission. And if the file-manager needs more - it just asks the user*" -a good idea? Que? – Jacob Vlijm Mar 21 '17 at 11:38
  • @Jacob Vlijm One reason I already explained. If you are root and create a file, the owner is root. If you work with user-permission, you own this file. Another reason: You get a prompt; and probably evil stuff isn't executed immediately. Like I said: It's nothing that hurts you or me. It's more like how to make Linux more user-friendly. – AnnoSiedler Mar 21 '17 at 11:48
  • After the file manager got elevated permissions, the result is the same. – Jacob Vlijm Mar 21 '17 at 11:50
  • 5
    To close voters: seriously? This is an excellent question and already has a very good answer. With probably more to come. If there are any technical reasons for not implementing this obvious improvement then an answer can be given. – Andrea Lazzarotto Mar 21 '17 at 11:50
  • @JacobVlijm the most useful scenario would be a "this config file is owned by root, do you want to open it with elevated permissions? Otherwise you will not be able to edit it" kind of thing. – Andrea Lazzarotto Mar 21 '17 at 11:52
  • 1
    @AndreaLazzarotto I am one of the close voters, since, like point 1 of the answer mentions, any answer to the question is speculation and opinion based, and so is the statement in the question. – Jacob Vlijm Mar 21 '17 at 11:54
  • @JacobVlijm (and to the OP) perhaps the question needs to be reframed as a single factual question (that is not opinion-based) - "how can I chown a root-owned file in nautilus?" (and mention concerns about usability in passing) – lofidevops Mar 21 '17 at 12:35
  • What actual use cases are there for what you're describing? As far as I can see, you don't want a regular user editing files with root permissions, without using some GUI tool like the network-manager one. Wouldn't this be encouraging users to break the very sensibly constructed separation of privileges which allows the system to be secure? – Arronical Mar 21 '17 at 13:06
  • 2
    @Arronic the point is there are no such GUI tools for a lot of cases. Even macOS has more GUI options for tweaking the firewall, the SSH server and so on. So the question of the OP is: why? – Andrea Lazzarotto Mar 21 '17 at 13:15
  • 3
    If Linux on the desktop for non-technical people is going to go anywhere, it needs to completely remove the need to ever work in a file manager as root, ever. I can't think of anything a normal user *should* have to do in a file manager as root (of course, there are plenty of things they currently *do* have to do). Then this problem is solved rather easily. IMHO, if users are creating root-owned files in their own home directories, something is already seriously wrong. – Muzer Mar 21 '17 at 13:40
  • What about a timed launch of your file manager as a new process, under root? Give it say 5 minutes, during which file edits also launch the corresponding editors as root. Then shut the whole thing down after that delay (change the owner of the process if that's possible). Bit like how sudo buys you some time during which you don't have to re-type the password but times out later. – JL Peyret Mar 21 '17 at 20:37
  • @JLPeyret Such approach would likely involve either closing the new file manager window that has root powers ( which will confuse people and they'll be asking "Where did my window go ?" ). On the other hand, letting users open new window as root without prompting for password before it times out will lead to the same issues I see with `sudo` ( "Oh, no, how did I delete that folder ? Oh, crap, I'm running as root ! " ). It could potentially be interesting feature, but not ideal – Sergiy Kolodyazhnyy Mar 21 '17 at 20:42

1 Answers1

14
  1. Are there any reasons this isn't done this way

There aren't any specifically. I can name a few supposed reasons, but they'd be mostly speculation.

  1. Did anyone implement something like that?

Not quite. There is nautilus-admin extension which will allow you to open a directory in a new window with root-level privileges, and then you can change file/directory permissions as you wish from the right-click menu-> Properties->Permissions.

  1. Is this something you report as a bug (Ubuntu or e.g. Gnome)?

Bug report ? No. Feature request ? Potentially, yes. You can submit this as feature request to Nautilus ( the filemanager ) team on Launchpad, but I suspect with 90 % certainty they'll point you in the nautilus-admin extension I mentioned above.

Install it with sudo apt-get install nautilus-admin.

  1. Is this something I just could try to implement myself?

Yes, if your file manager allows adding scripts to it. The default file manager for Ubuntu (Nautilus) does allow adding scripts to it, so you could do something like this:

#!/bin/bash
# adds read permissions for file for all users
zenity --password | sudo -S -p ""  chmod +r  "$NAUTILUS_SCRIPT_SELECTED_FILE_PATHS" || zenity --error --text "Command failed"

Place that into ~/.local/share/nautilus/scripts, make executable with chmod, and then it will be accessible via right clicking on file. Of course that's a minimal example just to show the point. If you want a full blown app that allows more complex features like selecting which permissions to alter, well, that might require extra commands and probably a language like Python with more powerful GUI toolkits.

But just no! I do not think it is a good idea for an average user. It's far to dangerous. Then the user creates file in root-file-manager and wonders why he cannot delete or modify this file. And so on.

Well...It's not a computer problem - it's user problem. We can't fix the user not willing to learn how to properly operate their computer and not taking responsibility for their actions.

Users have to realize that the separation of ownership in files exists for a reason. You can't have both power to change permissions on file and not expect security implications with that

Sergiy Kolodyazhnyy
  • 103,293
  • 19
  • 273
  • 492
  • 4
    Excellent answer, however the problem remains: the GUI on most distros by default doesn't allow a user to "sudo graphically" when needed. Either the user must manually unlock the root account (bad) or they must resort to the command line. For instance I am a developer, I like the CLI... But I also think about my family and friends who are not. Sometimes when they use Linux they ask me for help and 80% of the time is about doing something as a privileged user. :/ – Andrea Lazzarotto Mar 21 '17 at 11:49
  • thanks; especially the script is quite useful. A feature request is reported like a bug (with note that this is a feature request), isn't it? – AnnoSiedler Mar 21 '17 at 12:05
  • @AnnoSiedler broadly speaking yes; it's better if you put "[enhancement]" or "[feature]" in the title and start with a good [user story](https://www.mountaingoatsoftware.com/agile/user-stories), and do not present your issue as a flaw (e.g "steps to reproduce the bug") – lofidevops Mar 21 '17 at 12:29
  • 16
    “Well...It's not a computer problem - it's user problem. We can't fix the user not willing to learn how to properly operate their computer and not taking responsibility for their actions.” Uh, no. People throwing hands up and blaming the users is exactly why things get convoluted or counterintuitive. UX design is a real, important thing that program designers need to care about, think about, work on—in other words, take ownership of and responsibility for. It’s not users’ fault—it’s a technical limitation, or a security concern, or maybe, it’s bad UX that needs fixing. – KRyan Mar 21 '17 at 12:40