Don't want to see articles from a certain category? When logged in, go to your User Settings and adjust your feed in the Content Preferences section where you can block tags!
We do often include affiliate links to earn us some pennies. See more here.

As part of the ongoing work to reduce authentication fatigue, the elementary OS team are going over everything with a fine-tooth comb to ensure asking for admin / root permission makes sense.

One idea they came up with, which appears to be integrated into elementary OS 5.1.5 'Hera', is the removal of needing to enter the admin password when you're doing updates with the AppCenter. The question is why? As they explained, you already gave your full permission to install the applications originally and that they "provide clear expectations around curated versus non-curated apps" so they felt it didn't make sense to authenticate again just to do updates.

I like the idea and hope it doesn't somehow backfire. Authentication fatigue can be a very real thing. It's the same as the cookie banners a lot of websites have because of all their external stuff loading in, I imagine clicking them away without even looking is now what the majority do because it's constantly there.

Another really nice change is how images are copied in their file manager. Copying an image in Files and then pasting into a program like an image editor, will now actually paste the image in (if possible) and not a file path. That's quite a handy accessibility update and one I love the sound of. On top of that their file manager will also now show a file info overlay while in the list view which is a nice tweak.

elementary OS has the kind of attention to the finer details that I wished every Linux distribution had.

If you're interested in what else the crew have been up to, check out their latest update post. For more info on elementary OS check the official site. They go for a pay what you want method for downloading their ISO, you can support them with as much or as little as you like (even zero), it's certainly a different way to support a Linux distribution but it appears to work well for them.

Article taken from GamingOnLinux.com.
12 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
12 comments

ssj17vegeta Jun 5, 2020
The best thing they can do is the same thing Ubuntu or Linux Mint does : ask the user once when the system is installed, and give the possibility of changing the behaviour in the administration panel.
Liam Dawe Jun 5, 2020
Authentication fatigue is not the only reason. When you require a password too many times, it stops being something to pay attention to.
That's part of what authentication fatigue actually is ;)


Last edited by Liam Dawe on 5 June 2020 at 10:39 am UTC
WorMzy Jun 5, 2020
Personally I swing the other way. I should be prompted for admin credentials every time I do something outside the scope of a regular user.

I have timestamp_timeout=0 set in my sudoers defaults for this very reason. I also have targetpw set, because it shouldn't be my user password that unlocks admin mode.
scaine Jun 5, 2020
View PC info
  • Contributing Editor
  • Mega Supporter
I paste this into /etc/sudoers on every single install I do.

# Allows certain command to run without a password
scaine ALL=(root) NOPASSWD: /usr/bin/apt update
scaine ALL=(root) NOPASSWD: /usr/bin/apt dist-upgrade
scaine ALL=(root) NOPASSWD: /usr/bin/apt auto-remove
scaine ALL=(root) NOPASSWD: /usr/bin/purge-old-kernels

Although since I've moved to Mint, I find the GUI for updates is pretty good, so I don't do my command-line maintenance anywhere near as much.
dvd Jun 5, 2020
Well i think on most distros you can enable automatic upgrades, that's what i usually do on the stable variants, as they tend not to break (ever) with upgrades.
CatKiller Jun 5, 2020
View PC info
  • Supporter Plus
One idea they came up with, which appears to be integrated into elementary OS 5.1.5 'Hera', is the removal of needing to enter the admin password when you're doing updates with the AppCenter.
Ubuntu already did this, somewhere around the 12.04 cycle.
Creak Jun 5, 2020
I actually like the Flatpak system for that: because of its architecture, it can't break your system, so it is useless to ask for the admin password, both for upgrading and installing.

But Flatpaks are made for non-system applications (i.e. GUI), so the Elementary OS rational is also very relevant IMO.
randyl Jun 5, 2020
Well i think on most distros you can enable automatic upgrades, that's what i usually do on the stable variants, as they tend not to break (ever) with upgrades.
It's good to hear this. Fedora has an auto-upgrade option or plug-in through dnf. Flatpak already automatically updates which is a recent change I like. I still manually upgrade dnf repos through the terminal because I like seeing seeing what is being updated and changed. It's good to see other distros adopting auto-update behavior too.

The future, at least for mainstream OS's, will be immutable system images in a containerized app environment, like Fedora Silverblue, CoreOS, and others. That's a short ways down the road though.


Last edited by randyl on 5 June 2020 at 5:46 pm UTC
Purple Library Guy Jun 6, 2020
The future, at least for mainstream OS's, will be immutable system images in a containerized app environment, like Fedora Silverblue, CoreOS, and others.
(Little kid voice) Why?
randyl Jun 6, 2020
The future, at least for mainstream OS's, will be immutable system images in a containerized app environment, like Fedora Silverblue, CoreOS, and others.
(Little kid voice) Why?
Haha, I got a good chuckle out of 'little kid voice'. I can relate.

It's just a hunch and opinion based on the goals immutable images are supposed to accomplish. I believe the idea is to improve core OS stability, reliability, and upgrade management while keeping customization to container based environments in userland. It should offer more consistent and focused OS development and maintenance. I don't think the traditional approach will go away, but rather mainstream distros will move to something like this. The idea behind this tech makes a lot of sense to me, but I also think it has a long way to go before it's mature and ready for mass consumption.
I paste this into /etc/sudoers on every single install I do.

# Allows certain command to run without a password
scaine ALL=(root) NOPASSWD: /usr/bin/apt update
scaine ALL=(root) NOPASSWD: /usr/bin/apt dist-upgrade
scaine ALL=(root) NOPASSWD: /usr/bin/apt auto-remove
scaine ALL=(root) NOPASSWD: /usr/bin/purge-old-kernels

Although since I've moved to Mint, I find the GUI for updates is pretty good, so I don't do my command-line maintenance anywhere near as much.

I do the same. It's also possible to group the listed binaries under command aliases, which — IMHO — makes the sudoers file a little tidier; e.g.

Cmnd_Alias SOFTWARE = /usr/bin/dnf upgrade, /usr/bin/rpm
Cmnd_Alias SOMETHINGELSE = /usr/bin/somethingelse


& then, for the actual permissions:

%wheel ALL=(ALL) NOPASSWD: SOFTWARE, SOMETHINGELSE
Creak Jun 6, 2020
It's just a hunch and opinion based on the goals immutable images are supposed to accomplish. I believe the idea is to improve core OS stability, reliability, and upgrade management while keeping customization to container based environments in userland. It should offer more consistent and focused OS development and maintenance. I don't think the traditional approach will go away, but rather mainstream distros will move to something like this. The idea behind this tech makes a lot of sense to me, but I also think it has a long way to go before it's mature and ready for mass consumption.
I agree with you again @randyl ;)

The new ideas behind Silverblue, and more specifically behind the ostree and flatpak techs, are really interesting. At its core, it comes from git's tech: one sha = one specific commit, and you can transparently switch between commits any time you want.

The result, with ostree, is that it is very difficult to break your system (like a standard repo upgrade could do.. nvidia drivers anyone? ). You upgrade your system in the background, reboot, if it works, you're good, if it doesn't work, you simply get back to your previous "commit" with just one command line, and you fixed your problem. Just need to wait for a fix upstream. Think of these "commits" as snapshots.

As for Flatpak, the interesting part is that Flatpak packages still shares packages together. And if one is depending on a package at version 1.1, and the other is depending on version 1.2, the packages are simply pointing to different "commits". So, compared to a more regular upgrade system, you can't have the upgrade of one package breaking the upgrade of a second package because the new version of one of the dependencies is actually incompatible with the second package for whatever reason.

And, also, Flatpak packages are jailed, which procures a bit more security overall.

As @randyl said, all these techs are still quite young compared to traditional package systems, but they are really interesting. I don't use Silverblue, but I do use Flatpak a lot ;)


Last edited by Creak on 6 June 2020 at 5:37 pm UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.