LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   sudo changes the owner and the group of some my files and now I can't enter in X (http://www.linuxquestions.org/questions/linux-software-2/sudo-changes-the-owner-and-the-group-of-some-my-files-and-now-i-cant-enter-in-x-264490/)

Ali79 12-09-2004 11:05 AM

sudo changes the owner and the group of some my files and now I can't enter in X
 
I want to use k3b with my user totoro as root with sudo.
So I changed the file /etc/sudoers n this way:

# Host alias specification

Host_Alias SLACK = slack

# User alias specification

User_Alias TOTORO = totoro

# Cmnd alias specification

Cmnd_Alias MASTERIZZARE = /usr/bin/cdrecord, /opt/kde/bin/k3b

# Defaults specification
# User privilege specification

root ALL=(ALL) ALL
TOTORO SLACK= MASTERIZZARE

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now

if I type sudo /opt/kde/bin/k3b
and the I type my password

k3b works.

but then the folders: .kde .qt and the file .ICEauthority change goup and owner. From totoro.users to root.root
so now I can't enter in X anymore.

I don't understand why. is there something wrog in my sudoers configuration?

Tuttle 12-09-2004 11:51 AM

Don't run it as root.
You probably need to add the "setuid" bit in the permissions of cdrecord. Do a search if that is your problem. - ie. if you can't burn cds as a normal user

Ali79 12-09-2004 12:15 PM

what is it setuid?

Tuttle 12-09-2004 12:42 PM

Open a terminal and type "man setuid"!!
Basically, if you have the "setuid" bit set to 1 in the permissions of any executable file and allow all to run it, no matter who runs that file the process is always owned by the owner of the file.
So if root owns cdrecord and the setuid bit is on then it will always run as root.
to set the setuid bit:
su
[root password]
chmod u+s /usr/bin/cdrecord

see also man chmod

Ali79 12-09-2004 01:51 PM

I readed yes this man, but I dind't understan it. with chmod u+s /usr/bin/cdrecord and /usr/bin/cdrdao k3b works. so thansk!

But setuid allows everybody to use k3b, and I would like only my user can use it.

Tuttle 12-10-2004 01:01 PM

Quote:

Originally posted by Ali79
But setuid allows everybody to use k3b, and I would like only my user can use it.
To overcome this you could add a new group then only allow root and people in the group to run it:

groupadd -g 110 burning
chgrp burning /usr/bin/cdrecord
chmod 754 /usr/bin/cdrecord

Then edit /etc/group and add your username:

burning::110:[username]

I think there's a command for that but I can't remember.
note: you don't NEED to use the -g option - see man groupadd

Alternatively use the sudo command - see man sudo

As you can tell, it really helps YOU to read the man pages.

*edited for incorrect groupadd command*

edit 2: you still need the setuid bit after doing this


All times are GMT -5. The time now is 11:53 PM.