Bug 24038

Summary: allow Isodumper to request user password rather than admin / root password
Product: Mageia Reporter: Ben McMonagle <westel>
Component: RPM PackagesAssignee: papoteur <yvesbrungard>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: Normal CC: fri, jim, mageiatools, marja11, ouaurelien
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: isodumper CVE:
Status comment:

Description Ben McMonagle 2018-12-20 01:20:05 CET 
Description of problem: Whenever you need to use Isodumper to work with a USB, it currently needs to be run under the root user. As it is not affecting any system files (that I am aware of) is it possible to run Isodumper by requesting the user password, like the Mageia Updater. This will make it more user friendly. 
Do you really need to be root to format a USB stick?
What if the Administrator (person) is un-available to the user (due to distance or communication) when the user requires to format a USB.
Do you really need to be root to burn an .iso to the USB?


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 Marja Van Waes 2018-12-22 12:45:01 CET 
Well, Isodumper doesn't only show USB sticks, but also any large USB disks that are attached. It does show my 2TB external disk as possible device to work on. 

Anyway, assigning to papoteur :-)

CC: (none) => mageiatools, marja11
Source RPM: (none) => isodumper
Assignee: bugsquad => yves.brungard_mageia

Comment 2 James Kerr 2018-12-22 14:11:20 CET 
(In reply to Marja Van Waes from comment #1)
> Well, Isodumper doesn't only show USB sticks, but also any large USB disks
> that are attached. It does show my 2TB external disk as possible device to
> work on. 
> 

That's why I think only the root user should be able to use isodumper.

In an ideal world, authentication level would be configurable as it is for other Mageia tools:
http://doc.mageia.org/mcc/6/en/content/draksec.html

CC: (none) => jim

Comment 3 papoteur 2018-12-22 21:24:12 CET 
Hello,
This not very difficult for to adapt the authentication level. What I can't do is to adapt draksec to include isodumper and manage the authentication level.
Comment 4 Morgan Leijström 2018-12-23 14:53:22 CET 
Maybe enable user auth, and add some user guidance, like if target drive is larger than 70 GB ask user to think again if that really is the correct target.

( Also, dont alow writing to mounted drives., drives in fstab, etc - i dont know how it do the selection today but maybe it can be extended )

CC: (none) => fri

Comment 5 papoteur 2020-06-10 18:54:34 CEST 
Advice from Luigi
you'd probably have to use polkit to allow "user password"

it should probably be configurable in draksec which password it asks for, so sysadmins can lock it down more if they want to
Comment 6 papoteur 2020-07-15 11:07:32 CEST 
The bug https://bugs.mageia.org/show_bug.cgi?id=15124 is something which retains from moving to draksec.
The authentication dialog from KDE doesn't say which password is asked for.
Comment 7 Morgan Leijström 2020-10-04 04:06:38 CEST 
Somehow user authentication for mga-update got solved there :)
Comment 8 Ben McMonagle 2021-01-29 08:22:16 CET 
fixed

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 9 papoteur 2021-01-29 12:06:06 CET 
Hello Ben,
No, this is not yet implemented. The password asked is always the root one.
Reopening.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 10 Aurelien Oudelet 2021-01-29 13:30:43 CET 
(In reply to papoteur from comment #9)
> Hello Ben,
> No, this is not yet implemented. The password asked is always the root one.
> Reopening.

It is also user's password if that user is member of wheel group, as sudo user.

CC: (none) => ouaurelien

Comment 11 Morgan Leijström 2023-01-27 19:16:48 CET 
Ah yes being wheel (which I forgot I was in comment 7) is good solution to o lot of things.

https://wiki.mageia.org/en/Configuring_sudo#Step_3:_Add_users_to_the_wheel_group_to_allow_them_to_have_root_privilege


Should we decide to let it be and close as wontfix?
Comment 12 Morgan Leijström 2023-06-20 18:57:42 CEST 
This seem to work in isodumper 1.48, Mageia 9

I logged in as another user which is not wheel nor configured for sudo.
When isodumper asked i could select that current user and give his password, and it worked.  There was a dropdown in which i could also select another user (my other self, which is wheel.  root was not selctable, and is not needed.

Resolution: (none) => FIXED
Status: REOPENED => RESOLVED