Management of restricted cleanup options


The interface allows selecting any options, but does not identify these requiring privilege elevation.
For example in Linux the following are restricted and require root access, and no elevation prompt appears when they are selected, these causes errors displayed in the window when they are run:

* APT: all options;
* System: available free space, memory

I suggest you add a check and include a "shield" icon or some indicator, or split the groups of actions in two parts: those that can run with the current user, and those requiring an elevation (or sudo in Linux).
And if possible run the prompt elevation (requiring adminsitrator/root password input) when running them in a non suitable current user.

The remark applies also to Windows (even for Adminsitrator accounts, that will need an elevation of privilege), where it is standard to display a protection shield icon for these actions; note that on Windows, if we are conencted with an Administrator account).

Note also that we can also lanch Bleachbit directly with the privilege elevation at start, and we should also be able to restrict the use of BleachBit without such elevation (on Linux and Windows, possibly as well on Mac OSX), by configuring an administrative setting (that the user cannot change itself without asking the adminsitrator to launch Bleachbit with its adminsitrator password), so that only the Admisnitrator/root can run it and run any cleanup option.

An Adminsitrator could also setup restrictions on specific cleaning options, leaving others unrestricted (e.g. privacy options in the user's cache/password/formdata of their webbrowser stored in their user account and not in the system). This could avoid nightmares of users bleaching everything they need for daily work in corporate environment.

BleachBit version: 
Your operating system: 
Ubuntu 18.04; Windows 10 Pro

I agree about the clarification and the "elevate privileges when needed" feature.

Which is an example of an option that you would restrict in a corporate environment?

Andrew, lead developer

Note that full restriction for launching Bleachbit is less urgent: it can be handle at OS level to restrict the use of any other application, or restrict the non-elevated user to install a software for his private use (even if this is for cleanup of its "own" data in the user account (in corporate environment, a user account does not completely belong to him, except the legal restrictions that protects his privacy).

Here I think that Bleachbit does not allow discriminating options: it should be possible for the admin to install Bleachbit "for all users" while at the same time blocking these users to install any other "private" copy. Then the admin installation would allow configuring the options that the users are allowed to perform.

But even without these restrictions, some options do not make any sense as they necessarily require admin privilege (and process elevation in windows), such as
- the APT options in Linux (even just the "apt autoclean" or "autoremove" whioch are generally harmless compared to "apt clean" which deletes all caches that are still valid, including the current downloaded software analysis and analysis, which may be quite long on some systems with slow internet connections, where a cache is desirable and could be shared across users); anyway NONE of tha APT options are allowed to run in Lunux without admin elevation, they just return errors in the displayed log.

- and the cleanup of all free space in memory or on disk (this could harm the system by exhausting its resources, these two options are not reliable at all and in my opinion should not even attempt to clear ALL the free memory or free disk space by allocating unlimited space and locking it to flush its content), it should keep a small but sufficient reserve that will not exhaust completely the allowed user quota.): flushing free space on disk shoul be restricted if there's no user quota installed as it would harm other concurrent users. Flushing the free memory could cause the system and all background services to fail. so It also requires an elevation in Linux.

Some other cleanup options are also undesirable, such as flushing a software installation source, which may be still necessary on demand and this source is not necesarily available from the net but from a DVD or from server with access restrictions. Or some options may concern files shared and needed by other users.

Configurint the allowed options should be done by protecting the Bleachbit "Parameters" panel, jsut like the options that exist in various antivirus softwares. But this could be implemented by an aditional "admin edit button" on the same screen as the list of proposed options: clicking on this button would requests the elevation, the admin would enter his password, and in that mode the options in the list could be configured: hidden, or restricted by an elevation request each time before they can be enabled.