LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Can I avoid giving password when su-ing to root? (https://www.linuxquestions.org/questions/linux-general-1/can-i-avoid-giving-password-when-su-ing-to-root-562114/)

bspus 06-15-2007 04:42 PM
Can I avoid giving password when su-ing to root?
 
Hi

As the title says, I would like to su without giving the password
I'm using fedora 7 with gnome

I have already setup sudo without a password for my normal user but I would still like a normal root terminal while avoiding the password

the info on su does not provide any information about passing the password as a parameter. I suppose that is out of the question

I tried making a file /etc/default/su and writing the line
PROMPT=No (or no, I tried both) which according to many websites was supposed to do it, but it doesnt

So does anybody know? I dont care about security at this point. The box is just for experimental toying around, I dont care about being compromised.

this is a script to open a root terminal in the current directory (right-click on a directory)

Code:
#!/bin/sh

base="`echo $NAUTILUS_SCRIPT_CURRENT_URI | cut -d'/' -f3- | sed 's/%20/ /g'`"
if [ -z "$NAUTILUS_SCRIPT_SELECTED_FILE_PATHS" ]; then
    dir="$base"
else
    while [ ! -z "$1" -a ! -d "$base/$1" ]; do shift; done
    dir="$base/$1"
fi

gnome-terminal --working-directory="$dir" --command su
It is placed in ~/.gnome2/nautilus-scripts and it works ok, prompting for a password of course
What I'm really looking for is to remove the password requirement

Trying
sudo gnome-terminal --working-directory="$dir"

instead of
gnome-terminal --working-directory="$dir" --command su

does not work at all on the script, although it does work on an open terminal

Trying
gnome-terminal --working-directory="$dir" --command "sudo gnome-terminal --working-directory="$dir""

works but it opens 2 terminals, the original which is unusable and a second one which is usable. But this is rather ugly

Tinkster 06-15-2007 05:07 PM
visudo
%admin ALL=NOPASSWD: /bin/su -
or
user your_user=NOPASSWD: /bin/su -

And for the menu
rxvt -title "RootShell" -sl 8000 -e sudo su -


But I wouldn't recommend that practice....



Cheers,
Tink

Emerson 06-15-2007 05:59 PM
sudo -i
sudo -s

man sudo

pixellany 06-15-2007 06:41 PM
Very bad idea to disable passwords---bad bad bad.

If you insist, edit the appropriate entries in /etc/passwd to remove the "x" between the first 2 colons, resulting in something like this:

root::0:0:root:/root:/bin/bash

Did I already say: "BAD IDEA"?

Emerson 06-15-2007 06:48 PM
What Tink and pixellany said.

Very bad idea. Even if you do not care what happens with your box it may present danger others when hijacked.
Actually, every serious UNIX user should feel discomfort when running/messing with root, similar feel like driving a car on left lane. You go there if situation calls for it and it's safe but you do not want to stay there.

bspus 06-16-2007 01:31 AM
Thanks for the replies

I checked out man sudo and tried the -i switch, as emerson suggested

Unfortunately, sudo -i gnome-terminal says it cannot execute binary file.

editing the /etc/passwd to remove the x worked. It is indeed too radical a solution. Now it never asks for a password. I only wanted it to not ask for the script

As for why I want to do this, its because this is my guinea pig box. I only ever test stuff on it, which means I have to become root all the time. The only reason I dont get a root desktop on it is because I want to keep a perspective from the users point of view as well. But getting rid of the password would be extremely convenient. It goes without saying I would never try this in any other case

Tinkster 06-16-2007 03:55 AM
Did you try my sudoers suggestion?


Cheers,
Tink

coolb 06-16-2007 07:09 AM
this will make one uber insecure system :)

bspus 06-16-2007 10:37 AM
Quote:
Originally Posted by Tinkster
Did you try my sudoers suggestion?


Cheers,
Tink

I couldnt make it work

For user nick I added in visudo the line

user nick=NOPASSWD: /bin/su

as the last line. It still asked for a password

Then I removed it and added the following

%admin ALL=NOPASSWD: /bin/su

On its own it does nothing again., so I also tried in the shell
gpasswd -a nick admin

(judging from the walkthrough I have seen with sudo and the wheel group, that should be OK)

but it says it knows nothing about group admin
I suppose I could have done a %users ALL=NOPASSWD: /bin/su but I suppose its not better that removing the x in /etc/passwd as has been suggested


As for
rxvt -title "RootShell" -sl 8000 -e sudo su

I dont even know where to put it!

Emerson 06-16-2007 10:53 AM
/usr/bin/xterm -e sudo -i

This open a root terminal for me ...

bspus 06-17-2007 02:09 AM
Quote:
Originally Posted by Emerson
/usr/bin/xterm -e sudo -i

This open a root terminal for me ...

Indeed it does
But xterm is not as nice as gnome-terminal

The equivalent gnome-terminal command would be
gnome-terminal --command "sudo -i"

Which is what finally did it for me. Thanks for the help guys. No longer do I need to visudo or mess with /etc/passwd

Emerson 06-17-2007 07:08 AM
Put this into your .Xdefaults and the xterm looks much better. ;)
Code:
~ $ cat .Xdefaults
xterm*foreground: white
xterm*background: black
xterm*font: 9x15
xterm*geometry: 80x35

dawkcid 06-17-2007 12:50 PM
You can bypass the password entry for su too, or allow specific users to use their own password. man suauth.

Naturally, I reiterate all the warnings given previously. :)


All times are GMT -5. The time now is 08:38 AM.