Messed with sudoers.d, now I am prompted for password at every terminal
Ach, I think I broke something. Whenever my laptop boots up, the screen brightness is always set to the very highest level. So for the past year or so, in order to set my screen brightness to a decent level as soon as I log in (I'm sure there is a way to do it sooner, but I don't know it), I have had the line "echo 1000 > /sys/class/backlight/intel_backlight/brightness" in root's .bashrc. I wanted to have it in my user's .bashrc so I wouldn't have to log in as root every time I boot up, but since that brightness file is owned by root, I wasn't able to do that easily. Therefore, I have just been logging in as root every time I restarted the computer, then exiting and logging in as a normal user when the backlight (and a couple of other things) have been set. But of course this is not an ideal situation.
So I finally resolved to figure out how to work sudo so that I could give my normal user the right to execute the command echo 1000 > /sys/class/backlight/intel_backlight/brightness without a password. I made a file called "set_brightness" in my /etc/sudoers.d/ directory using visudo. In this file, I put the line Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' Code:
/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' I finally got tired of fiddling with this, and I removed the file in /etc/sudoers.d. I must have overstepped my competence here however, because now sudo will not leave me alone. I still get prompted for a password every time I open a terminal, and when I enter it, it says that my user is not in the sudoers file, and the incident will be reported. Then it makes me enter my password again before it lets me have the shell. What did I do and how big of a mess did I make? How do I get my system back to the way it was before I added that file to the sudoers.d directory? Any help appreciated! |
Quote:
I think your approach is good as far as using sudo and doing it per user as it will then allow the user to adjust the level if necessary. But I would do this: Code:
(as root of course) Code:
sudo /bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' On the other hand, to make it happen at boot time, add it to /etc/rc.d/rc.local... Code:
/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' |
Aha, you are right in that I forgot to take the line out of my ~/.bashrc. However, I just realized I made a mistake in the code I quoted above. I did in fact have the line
Code:
sudo /bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' Code:
visudo -f /etc/sudoers.d/set_brightness Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' Code:
Password: {I enter password} Thanks for the help! |
Quote:
Quote:
Quote:
Code:
visudo |
Drat, no luck. :| It looks like you were exactly right about the /bin/echo to prevent the aliases (who knew it was as simple as that!), because visudo did allow that syntax, and when I open a terminal it is attempting to write to the file. However, instead of writing to it, it says
Code:
bash: /sys/class/backlight/intel_backlight/brightness: Permission denied |
Quote:
I do not have the same /sys/... obviously, so I added NOPASSWD:/bin/ls /root to my sudoer, then added sudo /bin/ls /root to my ~/.bashrc and it worked. So just to double check, in the ~/.bashrc you did include "sudo" before the comand? Also what does ls -l /sys/class/backlight/... say? And if that is a symlink, what are the permissions of the target? |
Quote:
Code:
sudo /bin/echo 1000 > /sys/class/backlight/intel_backlight/brightness Code:
bash-4.2$ ls -l /sys/class/backlight/intel_backlight/brightness Here is my file in /etc/sudoers.d/: Code:
bash-4.2# cat /etc/sudoers.d/set_brightness I think I'll turn in and look tomorrow after some sleep. Thanks again! |
Quote:
I suspect we are both missing something very simple, here are a few thoughts that come immediately to mind... Just to be very clear, assuming everything is as it appears but it fails from the ~/.bashrc, does it also fail if you type it in after login (i.e., from the terminal)? Next, are we sure there is nothing else at play here, such as LDAP or SELinux? And finally, I have not used the /etc/sudoers.d/... setup before, although it looks to be the same and simple. But just to be on familiar territory, can you remove the /etc/sudoers.d/ file that you made and do it the old fashioned way with visudo (and /etc/sudoers)? The permissions make it writeable by root, so that should not be a problem - I think we are still missing something with sudo. I'll check in later tomorrow myself. Thanks! |
Can you check the following:
1. You have /bin/echo * in the sudoers file. Is it handling wildcard properly? May be we need to quote the command or put the exact value? 2. Is your hostname 'darkstar'? 3. astrogeek has valid point in that have you tried to manually enter the command (with sudo, ofcourse) when it failed to execute automatically with .bashrc? 4. Instead of being very specific about what you are allowed to echo, can you try to get permission to just use echo? Like, Code:
miranden ALL = NOPASSWD: /bin/echo Code:
sudo /bin/echo 1000 > /sys/class/backlight/intel_backlight/brightness |
Hi,
Googled online for sudo and echo combination and found that it is not possible to use sudo echo. It seems '>' and '>>' are handled by the shell and not by sudoers. For that probably we should also have sudo permission to sh (or bash). With 'tee' however we can achieve the same result. Change your /etc/sudoers.d/set_brightness as follows: Code:
miranden ALL = NOPASSWD: /usr/bin/tee Code:
echo '1000' | sudo tee /sys/class/backlight/intel_backlight/brightness > /dev/null Once it works, you may change the hostname to 'darkstar' (if it is indeed your hostname) and confirm if it works. P.S.: Is the brightness value really 1000 and not 100? On my computer it is 100. |
Quote:
Code:
sudo /bin/echo 500 > /sys/class/backlight/intel_backlight/brightness Quote:
Quote:
|
Quote:
and it works. It looks like it is the redirect (">") that is the problem. Quote:
Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' Quote:
Quote:
|
Well that was educational for all of us!
I'll add an appropriate note to my knowledge base! Thanks to saivinoba for joining in with the key info! |
Yes it was! I will definitely be adding appropriate notes as well.
Thanks for all the help. Whew! |
All times are GMT -5. The time now is 03:42 PM. |