[SOLVED] Root terminal: 'Granted permissions without asking for password'

Higgsboson · 01-10-2015, 12:38 PM

I am using debian 7.7 stable and when I open the root terminal it asks for the password.

But if I open it again, I get the message: 'Granted permissions without asking for password. The /usr/bin/x-terminal-emulator program was started with the privileges of the root user without the need to ask for a password, due to your system's authentication mechanism setup'.

Oh, really? Because I don't remember setting up any 'authentication mechanism setup'.
How can I change this so the root terminal always asks for the password?
Do I have a trojan already? Because I installed the OS just a few days ago.

Thanks very much.

veerain · 01-10-2015, 12:43 PM

If it is a terminal run these commands to find who is logged on.

Code:

id
who
whoami

273 · 01-10-2015, 12:51 PM

When it asks for the password you should get an option to save password for current session or not and some other option? Sorry I can't be more accurate but I run XFCE and it works a bit differently to the bigger desktop managers.

astrogeek · 01-10-2015, 12:52 PM

See the threads here and here. Apparently you get this message when trying to run a Gnome program as root, due to gnome-keyring or cached root password.

I am not a Debian or Gnome user so cannot test it.

TB0ne · 01-10-2015, 01:08 PM

Quote:

Originally Posted by Higgsboson

I am using debian 7.7 stable and when I open the root terminal it asks for the password.

But if I open it again, I get the message: 'Granted permissions without asking for password. The /usr/bin/x-terminal-emulator program was started with the privileges of the root user without the need to ask for a password, due to your system's authentication mechanism setup'.

Oh, really? Because I don't remember setting up any 'authentication mechanism setup'. How can I change this so the root terminal always asks for the password? Do I have a trojan already? Because I installed the OS just a few days ago.

I don't THINK you have a trojan, and what you're describing may be part of your desktop GUI environment. For example, I use openSUSE and KDE. When I run YAST the first time, it'll pop up and ask me for the root password. The SECOND time I run it, it won't. While I've never looked into the 'why' or how to make it ask every time, the behavior you're describing sounds normal. Either it's saving something in your X session (a 'cookie', for lack of a better term), which says "this x session has already been granted SUDO rights", or it could be saving it as part of gksu somewhere.

You can test this by going to a normal terminal window, and typing in "gksu /usr/bin/x-terminal-emulator". That SHOULD bring up xterm with root privileges, except attached to that bash shell. Exit that shell, and try it again...it should prompt a second time. Note that this is UNTESTED!

If things go back to normal when you reboot, then you're probably fine (but if you DO suspect a trojan, please scan and check!!!)

EDIT: both 273 and astrogeek beat me to the same conclusions.

Quote:

Originally Posted by veerain

If it is a terminal run these commands to find who is logged on.

Code:

id
who
whoami

And how do ANY of those commands tell the OP if they have a trojan??? Or address their question, which is "how to get it to prompt every time, and/or is this normal?"

bigrigdriver · 01-10-2015, 01:59 PM

I also use Debian 7.7. When I tried the root terminal just now, under the text box for password entry, there is a small box defaulted to check mark, and the legend Remember Password.

Uncheck the box.

Higgsboson · 01-10-2015, 02:03 PM

Quote:

Originally Posted by veerain

If it is a terminal run these commands to find who is logged on.
id
who
whoami

These are interesting commands. I didn't know them.

The commands must be useful if there are lots of people using the same computer. Thanks dude!

Higgsboson · 01-10-2015, 02:05 PM

Quote:

Originally Posted by 273

When it asks for the password you should get an option to save password for current session or not and some other option?

Yes, but that's the weird thing. I never asked to save the password for the current session.

273 · 01-10-2015, 02:07 PM

Quote:

Originally Posted by Higgsboson

Yes, but that's the weird thing. I never asked to save the password for the current session.

Sounds like you could have "added it to the keyring" or whatever the option is called. astrogeek gives some links above which may be useful to you in that regard.

Higgsboson · 01-10-2015, 02:38 PM

Quote:

Originally Posted by astrogeek

See the threads here and here. Apparently you get this message when trying to run a Gnome program as root, due to gnome-keyring or cached root password.

I am not a Debian or Gnome user so cannot test it.

Ok, so this answers my question.
I am using the gnome shell on debian.
From the link, one of the members say 'this simply happens when you try to run GUI apps from a root terminal. It is standard because ideally no GUI apps should be run as root. The proper way to run them as root is to use the gksudo command instead'.

I had previously run the gparted GUI as root. This must've then put the root password into a cache.
To prevent this, if I want to open a GUI application from the root terminal, I should always prefix it with 'gksudo'.

Well, that's good to know.
But I don't understand why the gnome desktop would want to cache the root password to make things easier for me. Gnome should leave the root password alone IMO.
Thanks for your reply.

Higgsboson · 01-10-2015, 02:46 PM

Quote:

Originally Posted by TB0ne

I don't THINK you have a trojan, and what you're describing may be part of your desktop GUI environment. For example, I use openSUSE and KDE. When I run YAST the first time, it'll pop up and ask me for the root password. The SECOND time I run it, it won't. While I've never looked into the 'why' or how to make it ask every time, the behavior you're describing sounds normal. Either it's saving something in your X session (a 'cookie', for lack of a better term), which says "this x session has already been granted SUDO rights", or it could be saving it as part of gksu somewhere.

Yes, you're right. If I run a GUI from the root terminal, the root password gets cached, like you say.
So I need to write 'gksudo <application name>' when opening GUI apps to prevent this.
Thanks dude.

veerain · 01-11-2015, 11:15 AM

Quote:

Originally Posted by TB0ne

And how do ANY of those commands tell the OP if they have a trojan??? Or address their question, which is "how to get it to prompt every time, and/or is this normal?"

Regarding the commands how does the OP knows he has logined as root. And new post by OP says, he doesn't knew these commands. And you say whats happening is peculiarity of his system.

And these commands are useful in a single system where one person uses multiple user, group ids.

TB0ne · 01-11-2015, 12:32 PM

Quote:

Originally Posted by veerain

Regarding the commands how does the OP knows he has logined as root.

He DIDN'T log in as root, and said so. Did you not read the OP's post?

Quote:

And new post by OP says, he doesn't knew these commands.

Which doesn't matter, since they in NO WAY had anything to do with helping the OP answer their questions.

Quote:

And you say whats happening is peculiarity of his system.

No, I didn't. I very specifically said that it is NORMAL, and answered one of the OP's questions, and gave them ideas on what else to do to verify things, to make sure they didn't have a trojan. There is nothing 'peculiar' about their system. Please try to read and understand the question and the answers before posting.

Quote:

And these commands are useful in a single system where one person uses multiple user, group ids.

Their use is VERY limited, and for the purposes of THIS thread, USELESS.