On 2013-05-29 09:08, dd wrote:
> On 05/29/2013 05:56 AM, dhananjaya amarakoon wrote:
>>
>> is there any possibility of getting this done.
>
> no, not easily and you really don’t wanna do that anyway. because the
> user wanting to do root tasks needs to know the root password!
No, that is what sudo is about really
Mr. Root sets it up so that it asks for the user password, of certain
users, in order to run certain tasks - and only those tasks. That’s the
whole point! If I know root’s password, I do not need sudo, I get “su”
and done.
The idea is that some users are empowered to do some tasks that need
root’s powers without having the key to the whole house
Notice this paragraph in the sudoers file:
> ## In the default (unconfigured) configuration, sudo asks for the root password.
> ## This allows use of an ordinary user account for administration of a freshly
> ## installed system. When configuring sudo, delete the two
> ## following lines:
> Defaults targetpw # ask for the password of the target user i.e. root
> ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
The tricks normally done here using sudo work because sudo is NOT
configured!
A properly configured sudoers would have:
# Defaults targetpw # ask for the password of the target user i.e. root
# ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults
targetpw'!
.... and then:
cer Telcontar= (root) /usr/bin/baobab
And then you do:
> cer@Telcontar:~> sudo /usr/bin/baobab
> cer's password:
>
> ** (baobab:5087): CRITICAL **: Unable to parse option: Cannot open display:
> cer@Telcontar:~>
which is dhananjaya_amarakoon problem precisely.
A text program works:
cer@Telcontar:~> sudo /usr/bin/zypper ref
Repository 'OBS: Games' is up to date.
Repository 'OBS: KDE:KDE3' is up to date.
Repository 'OBS KDE:Distro:Stable' is up to date.
Retrieving repository 'OBS: KDE: Extra' metadata /]
The password is not asked for because I have used the same terminal, and
my credentials are valid for some minutes.
dhananjaya_amarakoon is doing it correctly, and this worked previously.
It worked for me, I did it the same way years ago - that’s why I have
the baobab entry in there, and a few more.
The problem is that the graphical alternatives to sudo use “su” as
backend instead of sudo. Maybe wolfi323 trick for kdesu works.
And maybe again, there is a setting in the sudoers file that would make
it work. What variable do we need to keep?
Reading the man page, it hints at using “sudo -i”. Let’s try:
> cer@Telcontar:~> sudo -i /usr/bin/baobab
> cer's password:
> Sorry, user cer is not allowed to execute '/bin/bash -c /usr/bin/baobab' as root on Telcontar.
> cer@Telcontar:~>
Ok, not yet. Modifying sudoers… no, that’s not enough.
> cer@Telcontar:~> sudo -i /usr/bin/baobab
> cer's password:
>
> ** (baobab:6873): CRITICAL **: Unable to parse option: Cannot open display:
> cer@Telcontar:~>
Maybe there is something else we need to do to use sudo with graphical
tools.
Reading again the man page, the “-i” is incorrect. It says:
# Run X applications through sudo; HOME is used to find the
# .Xauthority file. Note that other programs use HOME to find
# configuration files and this may lead to privilege escalation!
Defaults env_keep += "DISPLAY HOME"
But it does not work:
> cer@Telcontar:~> sudo /usr/bin/baobab
> No protocol specified
>
> ** (baobab:7053): CRITICAL **: Unable to parse option: Cannot open display:
> cer@Telcontar:~>
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)