Idea #22408: "Restrict uninstall of last kernel image"

Ubuntu QA:

Blog

Brainstorm

Package status

The Ubuntu community has contributed 17459 ideas, 107690 comments, 2263278 votes

All more
Projects more
Global categories more
- Accessibility
- Documentation
- Education
- Gaming
- Graphics
- Hardware support
- Installation
- Internet & Networking
- Look and Feel
- Marketing
- Multimedia
- Office
- Programming
- Quality
- Security
- Server
- System
- Usability
- Others

Idea sandbox

Popular ideas

Ideas in development

Implemented ideas

Idea #22408: Restrict uninstall of last kernel image

Written by abscondment the 12 Nov 09 at 00:50. Related project: Synaptic package manager. Status: New

Rationale

I recently helped another user through the process of repairing a very broken system. In attempting to free up some space on /boot, he accidentally removed the packages for *all* of his kernel images. He intended to remove all but the most recent, I assume. (reference: http://ubuntuforums.org/showthread.php?t=1313854)

I'm proposing this idea because it's incredibly easy to accidentally render a system unbootable, and it's disproportionately difficult to fix it once it's in that state. I don't really think this is a *bug* per se, since the package manager was obeying the user input.

Tags: aptitude kernel

34
votes

Solution #1: Restrict uninstall of last kernel image

Written by abscondment the 12 Nov 09 at 00:50.

I think it would make more sense to steer the user *away* from totally breaking his or her system.

On attempting to remove an essential package (like the last provider of linux-image) aptitude/dpkg/syntaptic should halt with a nasty message that requires you to type "I want my computer to break" before the command would be accepted.

The user should still be able to run the command, since s/he may have built and installed a custom kernel and want to skip package management for that piece of the system.

9
votes

Solution #2: Remove old kernel image once the new one is verified

Written by l0b0 the 26 Nov 09 at 11:04.

As a last step in the kernel image upgrade, create a file that indicates that the newest kernel has not been verified yet (e.g., `touch "~/.verify-kernel-$kernel"`). After a restart and login with the same user, if the current kernel is the same as in the file name, the user will be presented with a popup which asks whether the last startup happened without issue. If the answer is "Yes", ask the user whether she wants to remove old kernels. Users won't have to remove kernels manually, and we make sure that they don't delete any of them before checking that they work.

Propose your solution

Attachments

Ubuntuforums.org thread #1313854

Duplicates

[Report a duplicate and merge its votes to this idea]

Comments

andruk (Idea reviewer) wrote on the 12 Nov 09 at 05:59

Yeah, allowing the user to *inadvertently* render their system unbootable is not a good thing.

Darwin Survivor wrote on the 12 Nov 09 at 06:33

Last I checked, you needed to be root (or use sudo) to do that.

If we are going to restrict this, we may as well restrict users from manually running "sudo rm -rf /boot/*" which I find to be a bad solution.

Instead we should be INFORMING users that certain actions are not safe to run. For packages that need to be there (kernel, etc), as note or warning next to the package such as "warning, this package is required for the proper running of your computer" should be enough. If users are going to read that, then there's not much else you can do.

Ssdg wrote on the 12 Nov 09 at 08:44

To me it's already done. just change your password to "I want my computer to break" and it's done.

"sudo" powers require great responsibility. And typing the password should be enough a warning.

fizyk wrote on the 12 Nov 09 at 13:08

To avoid such problems, ubuntu should automatically clear old kernels, and leave only one or two recent kernels.
If kernels won't be taking space on root partition, then users wouldn't try to do it manually with sometimes bad outcome.

fizyk wrote on the 12 Nov 09 at 22:46

usually, we know if kernel fails right after reboot, after updating it.

Jon Monreal wrote on the 14 Nov 09 at 15:17

@Ssdg: ""sudo" powers require great responsibility. And typing the password should be enough a warning."

That could be a problem, considering how often sudo is required to do tasks. Ubuntu users get as used to sudo and giving permissions as users of newer Microsoft operating systems have gotten used to clicking through UAC boxes.

There is a good point here in having a "second layer" that is more serious than the first.

jploz wrote on the 19 Nov 09 at 14:51

I disagree. Additional warnings and popups do not improve security in my opinion. Example: all of the unexperienced users i know (including my girl friend) do not read warning messages/error messages etc. They just click it away and then ask: why doesn't it work? And thats the way most of end users work.

Common (daily) work should be possible without any root permissions and the term of 'administrating' a computer by typing the 'administrator password' needs to be emphasized in turn.

Post your comment

Submit your idea