Difference between revisions of "Talk:Sudo"

From ArchWiki
Jump to: navigation, search
(Run X11 apps using sudo: new section)
(On not requiring password at console: re)
 
(40 intermediate revisions by 16 users not shown)
Line 1: Line 1:
== Errors ==
+
== Unclear intention of the section discussing hostnames ==
 +
Hi, in the section "Example entries" I stumbled over this sentence:
 +
"To allow a user to run all commands as any user but only the machine with hostname HOST_NAME:"
 +
Is this intended to be saying "...on the machine...", like physically, not by ssh for example?
 +
Would be great to clarify this!
 +
[[User:Kay94|Kay94]] ([[User talk:Kay94|talk]]) 15:03, 28 July 2017 (UTC)kay94
  
It might be good to discuss some errors which the user may run across.  I found one that is found in various situations, and it seems to be indicative of a missing parameter:
+
== gksu depreciated? ==
"sudo: no tty present and no askpass program specified"
 
Mine came about as a "mount error" when using Samba and pyneighborhood in Xfce, but it appears to apply to any situation.  It seems to indicate that there is a problem with a tty when using a graphical environment and/or not having an askpass program available.  It would be nice to know what an "askpass" program is, and how it applies to sudo.  I can't even begin to understand the significance of a password needing a tty.  Thanks all. - [[User:KitchM|KitchM]] 17:03, 21 November 2010 (EST)
 
  
== Disable root login ==
+
About this [https://wiki.archlinux.org/index.php?title=Sudo&type=revision&diff=509078&oldid=505621 edit]. Gksu may be indeed depreciated, but the link points to some person comment (nick 'ebassi' says nothing) in bugzilla issue related to sudo on wayland. Nowhere in that ticket is mentioned that gksu is depreciated. I belive, that gksu may be depreciated, but the link must be more pursuading. --[[User:Mxfm|Mxfm]] ([[User talk:Mxfm|talk]]) 08:39, 31 January 2018 (UTC)
  
Does anyone know a solution to network-manager-applet requiring the root password
+
==On not requiring password at console==
 +
I don't want to type my password at the console. Nobody else has access to my console unless they break into my house, and if they do that they can just take my computer. I ''do'' want to type my password if I'm ssh'd in, because if somebody breaks into my account somehow I'd just as soon they not ''also'' have root access. So what exactly is wrong with putting this in pam:
 +
auth sufficient pam_succeed_if.so tty = /dev/tty1
 +
Not that it really matters, for the reasons stated above, but don't forget this won't give sudo access to ''anyone'' logged into the console; you still have to be in sudoers.
  
== Isn't sudo Substitute User DO not Super User DO? ==
+
I put something to this effect in the article, and was reverted. Please let me know what I'm missing. --[[User:Chowbok|Chowbok]] ([[User talk:Chowbok|talk]]) 22:04, 19 February 2018 (UTC)
  
I've heard it is bu i can't confirm it. - [[User:tommis|tommis]] Thu Jan 12 18:35 EET 2012
+
:Of course use it if you want. But I don't see why it should be listed on the wiki without any security implications - for example a warning quite similar to the one in [[sudo#Disable_per-terminal_sudo]] would be appropriate. Also it does not seem very useful to me, since any graphical terminal uses pty rather than tty and you can just as well log in as root to the console to do the administrative things (there is also {{ic|sudo -s}}). -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 23:28, 19 February 2018 (UTC)
: Yes it stands for Substitute User DO, not Super User Do.  That's because its a combination of su and do.  It's in the history of sudo on the sudo.ws site, and I had edited this page to reflect the correct Substitute User Do, but someone replaced it.  It makes more sense to newbies just to call it super user do, even though sudo's strength is allowing one to run as any user.  -- [[User:AskApache|AskApache]] ([[User talk:AskApache|talk]]) 18:46, 1 October 2012 (UTC)
 
 
 
== line wrap in section "Defaults Skeleton" not working. text is cut off ==
 
 
 
The text of the examples is cut at right margin, can not read the full text. Even not when looking at the source.
 
IMHO not very handy to use a vertical scrollbar at the bottom of this very long window.
 
- -
 
heinzoswald Fr 11. Mai 11:50:47 CEST 2012
 
 
 
:It's true, those lines were pasted truncated with [https://wiki.archlinux.org/index.php?title=Sudo&diff=next&oldid=185940 this edit], you may contact the author for more information.
 
:About the horizontal scrollbar we agreed not to use automatic wrapping in code blocks. In theory, lines in scripts, config files and the like should be broken manually at a limited number of characters, especially in comments like in this case. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 13:43, 12 May 2012 (UTC)
 
::This section unnecessarily duplicates [http://www.gratisoft.us/sudo/sudoers.man.html#sudoers_options Sudoers Manual#SUDOERS OPTIONS] upstream. I think it should be replaced with a link to existing documentation. -- [[User:Pointone|pointone]] ([[User talk:Pointone|talk]]) 14:05, 13 May 2012 (UTC)
 
:::Well, I think the original author's intention was to make it available for copy-pasting it in sudoers as it is explained. For now I've added your reference and marked it as poorly written. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 09:33, 14 May 2012 (UTC)
 
 
 
== sudo tips ==
 
 
 
what about adding :
 
 
 
{{Warning|You need to replace "sudo" with "\sudo" in all functions who are called if they are located after "alias sudo = 'sudo'" in your ~/.bashrc. }}
 
 
 
to https://wiki.archlinux.org/index.php/Sudo#Passing_aliases
 
 
 
 
 
this prevent for "source .basrhc" errors
 
 
 
== Run X11 apps using sudo ==
 
 
 
can run X11 apps without adding this the line.
 
Adding the line seems to be outdates! gives the error when you add!
 
follow the https://bbs.archlinux.org/viewtopic.php?pid=1193884
 

Latest revision as of 23:28, 19 February 2018

Unclear intention of the section discussing hostnames

Hi, in the section "Example entries" I stumbled over this sentence: "To allow a user to run all commands as any user but only the machine with hostname HOST_NAME:" Is this intended to be saying "...on the machine...", like physically, not by ssh for example? Would be great to clarify this! Kay94 (talk) 15:03, 28 July 2017 (UTC)kay94

gksu depreciated?

About this edit. Gksu may be indeed depreciated, but the link points to some person comment (nick 'ebassi' says nothing) in bugzilla issue related to sudo on wayland. Nowhere in that ticket is mentioned that gksu is depreciated. I belive, that gksu may be depreciated, but the link must be more pursuading. --Mxfm (talk) 08:39, 31 January 2018 (UTC)

On not requiring password at console

I don't want to type my password at the console. Nobody else has access to my console unless they break into my house, and if they do that they can just take my computer. I do want to type my password if I'm ssh'd in, because if somebody breaks into my account somehow I'd just as soon they not also have root access. So what exactly is wrong with putting this in pam:

auth	sufficient	pam_succeed_if.so	tty = /dev/tty1

Not that it really matters, for the reasons stated above, but don't forget this won't give sudo access to anyone logged into the console; you still have to be in sudoers.

I put something to this effect in the article, and was reverted. Please let me know what I'm missing. --Chowbok (talk) 22:04, 19 February 2018 (UTC)

Of course use it if you want. But I don't see why it should be listed on the wiki without any security implications - for example a warning quite similar to the one in sudo#Disable_per-terminal_sudo would be appropriate. Also it does not seem very useful to me, since any graphical terminal uses pty rather than tty and you can just as well log in as root to the console to do the administrative things (there is also sudo -s). -- Lahwaacz (talk) 23:28, 19 February 2018 (UTC)