this post was submitted on 31 May 2024
-31 points (29.9% liked)

Linux

47933 readers
1192 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Isn't it enough to just enter your password once to login, then receive a warning whenever you're about to do something potentially dangerous?

If it's such a big security risk, how come the most popular and widely used operating systems in the world and their users seem to be unaffected by it?

I guarantee, most new users coming to Linux from Windows/macOS are going to laugh and look at you funny if you try to justify entering your password again and again and again.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 5 months ago

Mac uses TouchID for the most part in the GUI, but CLI sudo still asks for your login password, although it can be configured to ask for TouchID as well. The GUI does fallback to having you enter your password if somehow you have a Mac without TouchID.

Windows uses the UAC thing which currently we don't have a great way to do on Linux but should be possible with Wayland (on Xorg you'd just need to script clicking yes and bypass user approval because there's no security). On Windows when the UAC popup pops up and you click yes, you've done the equivalent of entering your password. In enterprise settings, it's not common for it to be configured to actually ask your password, or ask the password of an admin account. So no it's not "good enough" even on Windows under some situations.

On Linux you can configure sudo to use the fingerprint reader or a security key if you want. PAM stands for Pluggable Authentication Module, you can do whatever you want. You can also make it no password at all and sudo just automatically gives you root no questions asked.

The security use case is to prevent software running as your user to have an easy path to getting to root without some form of user approval. That also means if you walk off your desk to refill your coffee nobody can sneak behind you and plop a USB with malware, click yes and leave.

It's doable on Linux with some PAM and Polkit tweaks, just not how it's shipped by default because it's better users voluntarily reduce their security settings than defaulting to minimal security like Windows used to (in particular the XP days before UAC, and UAC did annoy a lot of people when it came in with Vista and 7).