[arch-general] How do we handle sudo or kdesu in Archlinux?
Listmates, When I need to run apps a root for configuration purposes like kate, or konqueror "File Management", I either put the command in the Alt+F2 run dialog or create a menu entry and then check [ ] run as different users and put 'root' in the different user text box. Even though I have configured sudo I am inevitably prompte for a password. With suse we "patched" this by using kwriteconfig as your regular user: kwriteconfig --file kdesurc --group super-user-command --key super-user-command sudo This wasn't the "recommended" way, but it was the way most chose to get around a mess with kdesu. When I try and access the apps I want to run as root, not only do I get the initial password prompt, but I get a second prompt after the app is closed. That has left me scratching my head. The other option is just to create the menu entries as "sudo command" which doesn't complain wheen opening whatever I need. What says the braintrust? Is this an arch issue or is it a kdemod issue? Any help would be appreciated, thanks. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
David C. Rankin, J.D.,P.E. wrote:
Listmates,
When I need to run apps a root for configuration purposes like kate, or konqueror "File Management", I either put the command in the Alt+F2 run dialog or create a menu entry and then check [ ] run as different users and put 'root' in the different user text box. Even though I have configured sudo I am inevitably prompte for a password. With suse we "patched" this by using kwriteconfig as your regular user:
kwriteconfig --file kdesurc --group super-user-command --key super-user-command sudo
This wasn't the "recommended" way, but it was the way most chose to get around a mess with kdesu.
When I try and access the apps I want to run as root, not only do I get the initial password prompt, but I get a second prompt after the app is closed. That has left me scratching my head.
The other option is just to create the menu entries as "sudo command" which doesn't complain wheen opening whatever I need.
What says the braintrust? Is this an arch issue or is it a kdemod issue? Any help would be appreciated, thanks.
No idea whose issue this is. But I normally just do Alt-F2, and then say: kdesu <the-app> HTH, DR
David Rosenstrauch wrote:
No idea whose issue this is. But I normally just do Alt-F2, and then say: kdesu <the-app>
BTW, the dialog box that kdesu pops up includes a checkbox to save the password ("Keep password"). So if that works as advertised that would solve your problem. Haven't tried this myself, though. (I'm not cool with automatically bypassing root-level security checks.) HTH, DR
I'm very cool with bypassing root-level security checks when originating from the physical machine. Anyway, another thing you can do is put some scripts in your path that override the application that you want to run and then just sudo run it. I'm not really sure what PATH KDM (and therefore KDE?) uses, but probably has to do something with either your user's .profile or root's .profile or bash_profile or something. Course, isn't there a way to just elevate your user to be a root-like account if you're going to be doing this anyway? Put your user in the root group or something. -AT
On Wednesday 13 May 2009 18:17:18 Andrei Thorp wrote:
I'm very cool with bypassing root-level security checks when originating from the physical machine.
Anyway, another thing you can do is put some scripts in your path that override the application that you want to run and then just sudo run it. I'm not really sure what PATH KDM (and therefore KDE?) uses, but probably has to do something with either your user's .profile or root's .profile or bash_profile or something.
Course, isn't there a way to just elevate your user to be a root-like account if you're going to be doing this anyway? Put your user in the root group or something.
-AT
Some times the old ways are still the best: After looking for other solutions, I just decided to "dance with the one that brung me." kwritconfig works like a champ. To make use of this solution, after setting up regular sudo by: (1) configuring the sudoers file with 'visudo' as root (you cannot just edit /etc/sudoers): # visudo Then uncomment the following line to enable sudo without a password to members of the 'wheel' group: %wheel ALL=(ALL) NOPASSWD: ALL (2) Add yourself to the wheel group in /etc/group. Example, in /etc/group: wheel::10:root,david ** If your user name isn't 'david', change as required (3) Then within KDE *as your regular user* not root, execute the following kwriteconfig command from the command line in konsole or xterm, or from the run dialog (Alt+F2): kwriteconfig --file kdesurc --group super-user-command --key super-user-command sudo (4) Your done! You can then run applications as root without a password simply by either using the run command (Alt+F2) and choosing "options" or using kmenuedit to modify a menu command and select the check box "Run as a different user" and enter 'root'. (either save the menu file or just execute the Alt+F2 run command. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
(2) Add yourself to the wheel group in /etc/group. Example, in /etc/group:
wheel::10:root,david
it's best not to edit the file by hand. You can use the "usermod -G wheel -a david" command for that. -- damjan
On or about Thursday 14 May 2009 at approximately 07:23:37 Damjan Georgievski composed:
(2) Add yourself to the wheel group in /etc/group. Example, in /etc/group:
wheel::10:root,david
it's best not to edit the file by hand. You can use the "usermod -G wheel -a david" command for that.
Hmm Damjan, I may have been doing it wrong for a while now ( about 9 years ). My understanding was the only sudo related file you should not edit by hand was /etc/sudoers and that is why we have visudo. I haven't heard that editing /etc/group by hand would cause problems. In fact, that is the way I keep my GIDs the same between installs. I just have my normal groups and users copied from my original /etc/group that I copy to all new installs. (that about 10 groups with about 12 users sprinkled between the groups) I've never had a problem. What is the concern with editing /etc/group by hand? The group man page doesn't even reference usermod as a way to manipulate group associations. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On Thu, May 14, 2009 at 12:51, David C. Rankin, J.D.,P.E. <drankinatty@suddenlinkmail.com> wrote:
On or about Thursday 14 May 2009 at approximately 07:23:37 Damjan Georgievski composed:
(2) Add yourself to the wheel group in /etc/group. Example, in /etc/group:
wheel::10:root,david
it's best not to edit the file by hand. You can use the "usermod -G wheel -a david" command for that.
Hmm Damjan,
I may have been doing it wrong for a while now ( about 9 years ). My understanding was the only sudo related file you should not edit by hand was /etc/sudoers and that is why we have visudo. I haven't heard that editing /etc/group by hand would cause problems. In fact, that is the way I keep my GIDs the same between installs. I just have my normal groups and users copied from my original /etc/group that I copy to all new installs. (that about 10 groups with about 12 users sprinkled between the groups) I've never had a problem.
What is the concern with editing /etc/group by hand? The group man page doesn't even reference usermod as a way to manipulate group associations.
-- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
You can use vigr for this, and similarly vipw
On or about Thursday 14 May 2009 at approximately 13:13:53 Daenyth Blank composed:
You can use vigr for this, and similarly vipw
Thanks Daenyth! Old dog -- new trick. See, it can be done ;-) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On Donnerstag, 14. Mai 2009 18:51 David C. Rankin, J.D.,P.E. wrote:
What is the concern with editing /etc/group by hand? The group man page doesn't even reference usermod as a way to manipulate group associations.
I prefer to use gpasswd because for me the big advantage is that you don't have to log out than. But i don't know too what speak against editing /etc/group by hand if you can live with it that you have to log out. See you, Attila
You still need to log-out/log-in for gpasswd group add, right? 2009/5/14 Attila <attila@invalid.invalid>
On Donnerstag, 14. Mai 2009 18:51 David C. Rankin, J.D.,P.E. wrote:
What is the concern with editing /etc/group by hand? The group man page doesn't even reference usermod as a way to manipulate group associations.
I prefer to use gpasswd because for me the big advantage is that you don't have to log out than. But i don't know too what speak against editing /etc/group by hand if you can live with it that you have to log out.
See you, Attila
On Thu, May 14, 2009 at 17:46, Nicolas Bigaouette <nbigaouette@gmail.com> wrote:
You still need to log-out/log-in for gpasswd group add, right?
Correct
On Freitag, 15. Mai 2009 01:49 Daenyth Blank wrote:
On Thu, May 14, 2009 at 17:46, Nicolas Bigaouette <nbigaouette@gmail.com> wrote:
You still need to log-out/log-in for gpasswd group add, right?
Correct
Why is this correct? After using at example "gpasswd -a USER kvm" i have excellent performance in my vm in the same Terminal under X. Or do you mean what is valid if i be logged in a console under runlevel 3? See you, Attila
Le Jeudi 14 à 23:03, Attila a écrit :
I prefer to use gpasswd because for me the big advantage is that you don't have to log out than. But i don't know too what speak against editing /etc/group by hand if you can live with it that you have to log out.
You don't have to log out / log back in for a new group to take effect. There is the adequately named newgrp(1) that spawns a new shell with a different real and effective GID. -- Fred
On Freitag, 15. Mai 2009 04:46 Frédéric Perrin wrote:
You don't have to log out / log back in for a new group to take effect. There is the adequately named newgrp(1) that spawns a new shell with a different real and effective GID.
Thanks for this background informations but i speak from adding a user to a existing group. Sorry for my english if this was the reason. See you, Attila
On or about Thursday 14 May 2009 at approximately 21:46:02 Frédéric Perrin composed:
Le Jeudi 14 à 23:03, Attila a écrit :
I prefer to use gpasswd because for me the big advantage is that you don't have to log out than. But i don't know too what speak against editing /etc/group by hand if you can live with it that you have to log out.
You don't have to log out / log back in for a new group to take effect. There is the adequately named newgrp(1) that spawns a new shell with a different real and effective GID.
You don't even have to logout/login if you are just adding someone to a group by hand. The changes are picked up the next time you try and access something requiring the uid/gid combination. I guess if you created a new group by hand then you would. I always use groupadd for creating groups unless I'm copying the initial group configuration over. I just hand edit for adding or removing members from the groups. I haven't yet run into any problems doing it like this, that's why I was surprised by the suggestion. However, I like the usermod approach, it will save a few keystrokes. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
What is the concern with editing /etc/group by hand? The group man page doesn't even reference usermod as a way to manipulate group associations.
The simple one that you could make a mistake while editing, maybe much more easily than when using usermod :) -- damjan
On or about Thursday 14 May 2009 at approximately 18:57:51 Damjan Georgievski composed:
What is the concern with editing /etc/group by hand? The group man page doesn't even reference usermod as a way to manipulate group associations.
The simple one that you could make a mistake while editing, maybe much more easily than when using usermod :)
usermod and vi are both subject to the same loose nut behind the keyboard ;-) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
participants (8)
-
Andrei Thorp
-
Attila
-
Daenyth Blank
-
Damjan Georgievski
-
David C. Rankin, J.D.,P.E.
-
David Rosenstrauch
-
Frédéric Perrin
-
Nicolas Bigaouette