No Password required for synaptic

[lilcuda]

Hello , I have just installed Debian 4.0 and during my initial setup I opened synaptic and a message popped up telling me that the password had not been asked for yet the privilege had been granted ( may not be exact wording ) .

I am wondering if this is a fault or has the system kept my password when I used it for an earlier application ( not synaptic ) , do I need to change anything for security of the system ? ,any help appreciated .

[objuan]

When running synaptic you need to run it as root, not as a normal user.
here is an easy run command so you can execute it from a GUI.
alt-f2 will give you a run box type kdesu -u root -c synaptic
click run and it will ask you for the password . There is a option to save the password. If your the only person who is using the computer then its okay to save the password.

[lilcuda]

Hi ,thanks for the reply . I am aware of running synaptic as root user and not normal user and this is the problem I am having as I was not prompted for the password yet synaptic ran with full privileges without it.

I dont know if this is a fault with my fresh install or a save password feature is enabled by default with Etch and if this exposes the system when I am online to anyone having administrator access to my pc ala windows .

I am not interested in having my password saved as I dont mind using it whenever prompted to do so ,I would much prefer a secure system even though I am the only user who accesses it for desktop use.

When I did run synaptic I had a warning that it ran without asking for password and wanted to know if anyone else had seen this before , thanks.

[objuan]

I have never seen this problem before. the only way I can see the password not being entered is that you saved it or your using a password manager.
But if you did not save it or use the password manager then etch must have a bug. sorry I was not able to help.

[TheBigPhish]

This problem just popped up in the etch release of 4.0. I have 5 servers, and i have been systematically upgrading them, and found out this cause on the most recent.

What the issue is, is the new keyring handler that is built into Gnome. I had just done an upgrade to a system, and attempted to launch synaptic, and up popped a window asking me to set up a password for a keyring manager. I declined. and this apparently grants root access to Synaptic w/o a password challenge, which consequently makes synaptic paranoid and throws up the message window about root level access w/o a password. I will look more into this on the server i just upgraded. I do not know if this is a byproduct of me saying don't bother me, or if this is a flaw based on the fact that i opted to NOT set up the keyring manager, but i will look into this tomorrow. I don't like access to root level services w/o a password.