sudo password prompt could be clearer

(this is essentially a continuation of Bug #7964)

The text in the dialog does clearly say "Please enter your password"; I'm not
sure that changing the "Password:" text would make it any clearer. Mentioning
'sudo' would be more confusing for users who do not know what sudo is.
Deferring to Jeff on whether it is OK as-is.

Mmm, I certainly don't think the word "sudo" will make it any clearer. ;-) I
would love to switch this dialogue to have HIG-compliant, self-documented
labels, but I think that's something we can leave until Hoary. For now it says
"your password" and names the binary it's trying to run, which is a reasonable
start. Leaving this open, but changing the milestone. :-)

Um, I think everyone's missed the point here. The original bug was
about sudo on the command line:
15:59 ~/work/packages% sudo echo foo
Password:

^^^^^^^^ That prompt should be clarified.
The incorrect password prompt:

Sorry, try again.
Password:

Could be clearer too.

How does:
16:29 ~/work/packages% sudo echo foo
Please enter your password:
Sorry, your password was incorrect.
Please enter your password:

grab y'all?

Depends on whether it completely breaks gksudo, which presumably watches for
sudo's interactive prompts

(In reply to comment #4)
> Depends on whether it completely breaks gksudo, which presumably watches for
> sudo's interactive prompts

Just tested it, and it doesn't.

(In reply to comment #5)
> (In reply to comment #4)
> > Depends on whether it completely breaks gksudo, which presumably watches for
> > sudo's interactive prompts
>
> Just tested it, and it doesn't.

Ah, gksudo is fine in the correct password case, but not in the incorrect
password case.
But then, gksudo just blows up if you give it a bad password anyway (even with
the default sudo prompts).

I think a good way to make the gksudo prompt clearer would be to change the
Title bar message to something more clear. "Changing user" is not clear enough,
as it will guide the user away from thinking to type his own Password.

I think something like "Registering permissions" would make the entire prompt
that much more clear. Right now the text in the prompt is clear enough, but
disagrees with the title bar.

I have seen many users simply not think to even type their own password in
#ubuntu, this seems to me the only thing that can perhaps be confusing them?

(In reply to comment #7)
> I think a good way to make the gksudo prompt clearer would be to change the
> Title bar message to something more clear. "Changing user" is not clear enough,
> as it will guide the user away from thinking to type his own Password.
>
This bug is about the sudo command line prompt, not the gksudo prompt.
Bug #7964 has been used for gksudo UI concerns.

When using sudo at the command line, the user is asked for a password sometimes
but not every time;
> sudo ....
password:
> sudo root command
> sudo root comand
password:

It leaves the user not knowing when they have root privileges and when they don't.

Furthermore, clicking on the system tray update icon once will ask for a
password; closing the program and clicking on the tray icon again does not ask
for a password; this does not seem safe at all.

(In reply to comment #9)
> When using sudo at the command line, the user is asked for a password sometimes
> but not every time;
> > sudo ....
> password:
> > sudo root command
> > sudo root comand
> password:
>
> It leaves the user not knowing when they have root privileges and when they don't.
>
> Furthermore, clicking on the system tray update icon once will ask for a
> password; closing the program and clicking on the tray icon again does not ask
> for a password; this does not seem safe at all.

This is all by design, and nothing to worry about.

How about something along the lines of these?
alias sudo='sudo -p "Please enter password for %u : "'
alias dosu='sudo -p "Please enter your own personal password here : "'

Might also be a good idea to replace the first-use sudo 'lecture' with some
informative text about how sudo asks for your normal user login password. That
way the user would see it the first time and know from then on what to do.

Of course, this doesn't cover gksudo, but i don't think that this bug was meant to.

I think this is addressed fairly well by the sudo changes in dapper, which display a helpful message to new users when they start a command line session, and refer to detailed documentation available in a man page

The most troublesome manifestation of this problem is when you say something like
sudo mount -t smbfs -o username //some/samba/share /mnt/point
and you get two identical password prompts, looking for two different passwords.

Clearing milestone; this clearly didn't make it for hoary. :-)

I ended up here searching. Launchpad works good.
I hope this wish gets fulfilled soon :)

Hi Pitti!

Please apply it! it's more easy for newbie users to understand it!

It's a patch agains the file "configure.in"

The correct one.

Done it with diff -uN =)

Hmm, not sure whether 'Your password' is significantly better than 'Password'.

I think it's better because he tell the user that's their current account password and not the root one. When I come to Ubuntu I never used "sudo" and I don't know if the password asked was the root one.

"Your Password" is context sensitive, and there is still nothing indicating that the context is "sudo".

Some suggestions:

  $ sudo mount -t smbfs -o username //some/samba/share /mnt/point
  [sudo] Password:

  $ sudo mount -t smbfs -o username //some/samba/share /mnt/point
  Password for sudo:

Explicit, but perhaps problematic for long commands written by shell ninjas and people that actually use vi keybindings in bash... also a more complex patch (and "-p" alternative won't work):

    $ sudo mount -t smbfs -o username //some/samba/share /mnt/point
    Password to execute "mount -t smbfs -o username //some/samba/share /mnt/point":

My personal favorite:

   $ sudo mount -t smbfs -o username //some/samba/share /mnt/point
    Password to execute "mount -t smbfs -o username //some/samba/share /mnt/point" as user "root":

or with "-u" for a better example:

   $ sudo -u www-data mount -t smbfs -o username //some/samba/share /mnt/point
   Password to execute "mount -t smbfs -o username //some/samba/share /mnt/point" as user "www-data":

Also, as Abdullah Ramazanoglu mentioned, you could just alias it in a system-wide bashrc or something (instead of using a patch).

When someone runs "sudo something", that's obvious that we're running sudo.. so "Password for sudo:" don't explain that you need to enter your account password.

The point is that the password is for "sudo" and not (in the above examples) for "mount". Neither "your password" nor "account password" tell me if it's the password that sudo wants (for the user running "sudo") or for "username" on the system with the samba share. Both are account passwords, and it's quite possible that both accounts are mine.

And Thom May suggestion:

Please enter your password:
Sorry, your password was incorrect.
Please enter your password:

What do you think pitti ?!

My personal favourite so far is

  [sudo] Your password:

It is concise, it points out that it wants the user's password (as opposed to root's), and it makes it clear that it is the sudo password, not the one 'mount' asks.

So you can apply the patch and put it in the archive ? it will be released as update for feisty or just for gutsy ?

I would add for sudo (without -u option):
Acquiring 'root' privileges as 'user'...
Enter USER password:

I'm not sure if what you (eolo999) meant is what I'm thinking as I read this thread. What I'm thinking is that the prompt should explicity indicate which password is being asked for. So if the username is "foobar" then the prompt should be something like:

$ sudo /bin/ksh
'foobar' password:

This idea is also in one of Marco Rodrigues' suggestions in his first post.

(Correction, this idea is instead in the "Bug description".)

i have a really crazy idea to use a biometric fingerprint (allready on many laptops!) for root privileges. it is so easy to use and safe! ( if it is possible....:) )

I have patch it to show:

nxvl@LePew:~$ sudo echo foo
[sudo] Please enter the password for nxvl:
Sorry, the password for %u was incorrect, please try again.
[sudo] Please enter the password for nxvl:
foo
nxvl@LePew:~$

Sorry i had an error on the previus patch, here is the new one.

nxvl@LePew:~$ sudo echo foo
[sudo] Please enter the password for nxvl:
Sorry, the password was incorrect, please try again.
[sudo] Please enter the password for nxvl:
foo
nxvl@LePew:~$

My vote is for:

 [sudo] Your password:

Short, snappy, tells you the request is from sudo.

I think the "Please enter the password for xxx:" is too long and doesn't read well.

Enter User Password:

or

$USER's password:

i think "$USER's password:" is the way

i'm attaching the new patch

Enter User Password:

I like the latest patch, thanks! Let's get this in ASAP for widespread testing.

Unfortunately we first need to fix gksu to not rely on the password prompt to detect a failed password (relying on the 'Sorry, try again' one should be more than enough).

For the record, kdesu gets along well with a changed password prompt.

what is diference between: gksudo and gksu?
gksudo= sudo -H (more or less)

sudo itself works, blocked on fixing gksu.

Hm, weird, it suddenly works now. Who knows what I saw before, maybe some crash due to the g_thread_init() bug.

sudo (1.6.8p12-5ubuntu2) gutsy; urgency=low

  * debian/rules: Configure less confusing default password prompt to (a)
    point out that it wants to know the user's password (instead of root's or
    whichever) and (b) that it is sudo which asks the question (since those
    prompts become really unintelligible if the command asks its own password,
    such as 'ssh', 'passwd', or 'mount -t cifs'). Do not modify
    --with-badpass-message though, since that breaks gksu. Thanks to Marco
    Rodrigues, leoquant, and nxvl for the discussion and proposals.
    (LP: #8556)

 -- Martin Pitt <email address hidden> Fri, 15 Jun 2007 09:22:55 +0200

It would be nice if this string could be localized too..