LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-18-2013, 03:52 AM   #1
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Rep: Reputation: 3
Question about the sudo command, specifically how to have sudo act as if user is root


What I mean by that is: with root I can run ifconfig and ip commands, under normal user level account I can't which is perfectly fine. What I'd like to achieve is if I'm in my user account insteasd of root and I run "sudo ifconfig" I'd like to be able actually run ifconfig. I know I can run it as "sudo /sbin/ifconfig" but thats 6 more characters than necessary.

Not sure how I would achieve this, can anyone enlighten me?
 
Old 09-18-2013, 04:05 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Here are 2 links that might help:

- HowTO: Sudoers Configuration
- Linux Users and Sudo

A somewhat elaborate example (relevant parts only):
Code:
# -------------------------------------------------------------------------- #
# alias sections
# -------------------------------------------------------------------------- #
# Host alias specification
Host_Alias HA_HOST  = plains, inferno

# User alias specification
User_Alias UA_NETW  = druuna

# Cmnd alias specification
Cmnd_Alias CA_NETW  = /bin/netstat, /etc/init.d/networking, \
                      /sbin/ifconfig, /sbin/iptables, /sbin/route

# -------------------------------------------------------------------------- #
# <user list> <host list> = <operator list> <tag list> <command list>
# -------------------------------------------------------------------------- #
# networking   : allow UA_NETW members from HA_HOST
UA_NETW  HA_HOST=(root)NOPASSWD: CA_NETW
 
1 members found this post helpful.
Old 09-18-2013, 04:09 AM   #3
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
I think the problem here is not sudo configuration, but that /sbin and /usr/sbin are not in the path of your normal user. Add them to your path and you should be fine.
 
Old 09-18-2013, 04:19 AM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Quote:
Originally Posted by TobiSGD View Post
I think the problem here is not sudo configuration, but that /sbin and /usr/sbin are not in the path of your normal user. Add them to your path and you should be fine.
Yep, that's also a way to be able to use ifconfig. But...

When adding /usr/sbin, /sbin and possibly /usr/local/sbin to a normal users PATH environment, that user has access to all the binaries which might lead to errors. Ifconfig can be run as a normal user (and a few others as well), but most commands in the sbin directories should be run as root user.

I personally like to put the sbin commands that I want to run as normal user, which are only a few, under sudo.

@slacker_: If typing sudo ifconfig is still too much typing you can make a user specific alias:
Code:
alias ifconfig='sudo ifconfig'
5 chars less to type
 
1 members found this post helpful.
Old 09-18-2013, 04:28 AM   #5
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by druuna View Post
Here are 2 links that might help:

- HowTO: Sudoers Configuration
- Linux Users and Sudo

A somewhat elaborate example (relevant parts only):
Code:
# -------------------------------------------------------------------------- #
# alias sections
# -------------------------------------------------------------------------- #
# Host alias specification
Host_Alias HA_HOST  = plains, inferno

# User alias specification
User_Alias UA_NETW  = druuna

# Cmnd alias specification
Cmnd_Alias CA_NETW  = /bin/netstat, /etc/init.d/networking, \
                      /sbin/ifconfig, /sbin/iptables, /sbin/route

# -------------------------------------------------------------------------- #
# <user list> <host list> = <operator list> <tag list> <command list>
# -------------------------------------------------------------------------- #
# networking   : allow UA_NETW members from HA_HOST
UA_NETW  HA_HOST=(root)NOPASSWD: CA_NETW
Lot of great information here, thanks a lot! This is quite helpful!

Quote:
Originally Posted by druuna View Post
Yep, that's also a way to be able to use ifconfig. But...

When adding /usr/sbin, /sbin and possibly /usr/local/sbin to a normal users PATH environment, that user has access to all the binaries which might lead to errors. Ifconfig can be run as a normal user (and a few others as well), but most commands in the sbin directories should be run as root user.
This is exactly what I'm concerned about, I only had a few things I wanted to be able to take care of (netstat, ifconfig, etc) under my standard user just for convenience.

Quote:
Originally Posted by druuna View Post
I personally like to put the sbin commands that I want to run as normal user, which are only a few, under sudo.
Gotcha, so I'm guessing I'd just go about this using the method you mentioned above? Nothing extra nothing less?

Quote:
Originally Posted by druuna View Post
@slacker_: If typing sudo ifconfig is still too much typing you can make a user specific alias:
Code:
alias ifconfig='sudo ifconfig'
5 chars less to type
Well that would make things easier, but I try to keep my system alias free, that was I don't forget about it later if I have to run on a different system or if I need to reinstall or something. That's for the idea though!
 
Old 09-18-2013, 04:29 AM   #6
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian Jessie / sid
Posts: 1,471

Rep: Reputation: 444Reputation: 444Reputation: 444Reputation: 444Reputation: 444
you could create 'wrapper' shell scripts

for example

Code:
#!/bin/bash
# /home/<user>/bin/ifconfig
# wrapper for /sbin/ifconfig
sudo /sbin/ifconfig
Code:
chmod 700 ~/bin/ifconfig
ifconfig
assumes $HOME/bin is in $PATH

personally, I wouldn't find it all that useful.. it is little effort for me to type
Code:
sudo ifco<tab>
that is total of 10 keystrokes


Assuming you derive your LQ name from your chosen distribution, slackware, you need to setup some basics.

you will need to add secure_path to /etc/sudoers ( use visudo )

example
Code:
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
you will also need bash-completion, to get <tab> working with sudo, etc.

Code:
slackpkg install bash-completion
 
Old 09-18-2013, 04:30 AM   #7
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Quote:
Originally Posted by druuna View Post
When adding /usr/sbin, /sbin and possibly /usr/local/sbin to a normal users PATH environment, that user has access to all the binaries which might lead to errors.
I am curious, which errors might that be? All I get when I forget to switch to root is the obvious "Permission denied".
 
Old 09-18-2013, 04:35 AM   #8
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by Firerat View Post
you could create 'wrapper' shell scripts

for example

Code:
#!/bin/bash
# /home/<user>/bin/ifconfig
# wrapper for /sbin/ifconfig
sudo /sbin/ifconfig
Code:
chmod 700 ~/bin/ifconfig
ifconfig
assumes $HOME/bin is in $PATH

personally, I wouldn't find it all that useful.. it is little effort for me to type
Code:
sudo ifco<tab>
that is total of 10 keystrokes


Assuming you derive your LQ name from your chosen distribution, slackware, you need to setup some basics.

you will need to add secure_path to /etc/sudoers ( use visudo )

example
Code:
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
you will also need bash-completion, to get <tab> working with sudo, etc.

Code:
slackpkg install bash-completion
That wrapper bit is brilliant! Never heard about doing that before, I'll have to look into it more thanks!

As far as the basics to set up, I have bash completion I believe (doesn't it come by default?) by I'm not seeing the Defaults secure_path in my sudo file, do I need to add it myself and if so where?
 
Old 09-18-2013, 04:36 AM   #9
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by TobiSGD View Post
I am curious, which errors might that be? All I get when I forget to switch to root is the obvious "Permission denied".
I think he means, not necessarily errors when running a command, but errors with certain scripts running under standard user (certain scripts need to call other scripts outside of /sbin for example, which may require root permissions as well).
 
Old 09-18-2013, 04:42 AM   #10
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Quote:
Originally Posted by TobiSGD View Post
I am curious, which errors might that be? All I get when I forget to switch to root is the obvious "Permission denied".
I should have said error and unexpected behaviour.

You already mentioned the permission denied error. The unexpected behaviour I'm talking about is the partial instead of full output generated by some commands when executing them as normal user.

Example: Try running /usr/sbin/hwinfo as root and as normal user. On my box it generates 15489 lines of output when run as root and only 14095 lines when run as normal user. No errors/warnings are shown when running this as normal user......

Last edited by druuna; 09-18-2013 at 05:02 AM. Reason: Fixed weirtd sentence
 
Old 09-18-2013, 05:07 AM   #11
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian Jessie / sid
Posts: 1,471

Rep: Reputation: 444Reputation: 444Reputation: 444Reputation: 444Reputation: 444
Quote:
Originally Posted by slacker_ View Post
That wrapper bit is brilliant! Never heard about doing that before, I'll have to look into it more thanks!
personally, I would use that for more 'complicated' things

Quote:
Originally Posted by slacker_ View Post
As far as the basics to set up, I have bash completion I believe (doesn't it come by default?)
you have basic tab completion from bash, but not the extra tab completion based on rules
for example try

tar <tab>

you will get a file list of current dir

install bash-completion
re-login
and try again
you will be presented with args for tar
Code:
A  c  d  r  t  u  x
Not without drawbacks,
it can slow things down a little ( not that you should notice )
if you have set -vx in bash shell, you can 'crash' the shell if you spam the tab

Quote:
Originally Posted by slacker_ View Post
by I'm not seeing the Defaults secure_path in my sudo file, do I need to add it myself and if so where?
add it to the section
Code:
##
## Defaults specification
##
use visudo ( as root )
that will check that you don't break the sudoers file
not so important with Slackware, as you have a real root account to fix things
But with Distros like Ubuntu/Mint where typically no root login, you can lose root if you break /etc/sudoers

Last edited by Firerat; 09-18-2013 at 05:10 AM.
 
Old 09-18-2013, 05:10 AM   #12
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by Firerat View Post
personally, I would use that for more 'complicated' things


you have basic tab completion from bash, but not the extra tab completion based on rules
for example try

tar <tab>

you will get a file list of current dir

install bash-completion
re-login
and try again
you will be presented with args for tar
Code:
A  c  d  r  t  u  x
Not without drawbacks,
it can slow things down a little ( not that you should notice )
if you have set -vx in bash shell, you can 'crash' the shell if you spam the tab
So, will I still have the ability to tab complete file/command names as well, or will this override that functionality?

Quote:
Originally Posted by Firerat View Post
add it to the section
Code:
##
## Defaults specification
##
That's what I was expecting, but wanted to be sure. Thank you!
 
Old 09-18-2013, 05:18 AM   #13
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian Jessie / sid
Posts: 1,471

Rep: Reputation: 444Reputation: 444Reputation: 444Reputation: 444Reputation: 444
Quote:
Originally Posted by slacker_ View Post
So, will I still have the ability to tab complete file/command names as well, or will this override that functionality?
you will still have the 'normal' tab completion, but it will be 'enhanced'

another example

cat --<tab>

without the extra bash-completion, you get nothing
with it you get
Code:
--help              --number-nonblank   --show-ends         --show-tabs         --version
--number            --show-all          --show-nonprinting  --squeeze-blank
however, I believe it is dependent on the maintenance of the rules in /usr/share/bash-completion/
not certain how well maintained they are in Slackware
 
1 members found this post helpful.
Old 09-18-2013, 05:21 AM   #14
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Original Poster
Rep: Reputation: 3
Brilliant, well thank you once more! I'll be looking into that later today.
 
Old 09-22-2013, 12:10 PM   #15
jonnynitro138
Member
 
Registered: Jul 2011
Location: tallahasee
Posts: 253

Rep: Reputation: Disabled
sudo

I'm still learning how to use linux, but one thing that I like to do is keep others from having access to potential problems. I have a house hold that uses my pc. So what I do is pretty simple I just log in when I open the terminal. sudo su password now it's all root and I don't have to keep entering my password.
This may not be the answer your looking for, but if you want to stop others without your password it may be.
Jonnynitro138
 
  


Reply

Tags
sudo, sudoers, user actions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo: effective uid is not 0, is sudo installed setuid root? awladnas Linux - Newbie 10 08-30-2014 07:03 PM
sudo cd /root gives 'sudo: cd: command not found'. stf92 Linux - Newbie 4 03-03-2012 10:05 AM
Can't use sudo, only account that's not root is not a sudo'ers [Ubuntu 9.10] randyriver10 Linux - Desktop 1 01-09-2010 08:56 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM
SUDO as *non-root* user spratty Linux - Newbie 3 05-19-2004 04:35 AM


All times are GMT -5. The time now is 08:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration