LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 01-03-2014, 05:06 PM   #1
Miranden
Member
 
Registered: May 2012
Distribution: Slackware
Posts: 205

Rep: Reputation: 19
Messed with sudoers.d, now I am prompted for password at every terminal


Ach, I think I broke something. Whenever my laptop boots up, the screen brightness is always set to the very highest level. So for the past year or so, in order to set my screen brightness to a decent level as soon as I log in (I'm sure there is a way to do it sooner, but I don't know it), I have had the line "echo 1000 > /sys/class/backlight/intel_backlight/brightness" in root's .bashrc. I wanted to have it in my user's .bashrc so I wouldn't have to log in as root every time I boot up, but since that brightness file is owned by root, I wasn't able to do that easily. Therefore, I have just been logging in as root every time I restarted the computer, then exiting and logging in as a normal user when the backlight (and a couple of other things) have been set. But of course this is not an ideal situation.

So I finally resolved to figure out how to work sudo so that I could give my normal user the right to execute the command echo 1000 > /sys/class/backlight/intel_backlight/brightness without a password. I made a file called "set_brightness" in my /etc/sudoers.d/ directory using visudo. In this file, I put the line

Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
I then put
Code:
/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
in my ~/.bashrc. I did it this way because when I tried just putting it in as "miranden darkstar=NOPASSWD: echo 1000 > /sys/class/backlight/intel_backlight/brightness" in /etc/sudoers.d/set_brightness, I got a syntax error. I thought this was because the shell was what was actually performing the redirection, so that wouldn't work. However, the other way didn't work either. Every time I opened a terminal, it would prompt me for a password and then say I did not have permission to execute that command.

I finally got tired of fiddling with this, and I removed the file in /etc/sudoers.d. I must have overstepped my competence here however, because now sudo will not leave me alone. I still get prompted for a password every time I open a terminal, and when I enter it, it says that my user is not in the sudoers file, and the incident will be reported. Then it makes me enter my password again before it lets me have the shell.

What did I do and how big of a mess did I make? How do I get my system back to the way it was before I added that file to the sudoers.d directory?

Any help appreciated!

Last edited by Miranden; 01-03-2014 at 05:15 PM. Reason: corrected code
 
Old 01-03-2014, 05:22 PM   #2
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]X{.0|.1|.2|-current} ::X>=12<=14, FreeBSD_10{.0|.1}
Posts: 2,191

Rep: Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862
Quote:
Originally Posted by Miranden View Post
So I finally resolved to figure out how to work sudo so that I could give my normal user the right to execute the command echo 1000 > /sys/class/backlight/intel_backlight/brightness without a password. I made a file called "set_brightness" in my /etc/sudoers.d/ directory using visudo. In this file, I put the line

Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
I then put
Code:
/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
in my ~/.bashrc. I did it this way because when I tried just putting it in as "echo 1000 > /sys/class/backlight/intel_backlight/brightness" in /etc/sudoers.d/set_brightness, I got a syntax error. I thought this was because the shell was what was actually performing the redirection, so that wouldn't work. However, the other way didn't work either. Every time I opened a terminal, it would prompt me for a password and then say I did not have permission to execute that command.

I finally got tired of fiddling with this, and I removed the file in /etc/sudoers.d. I must have overstepped my competence here however, because now sudo will not leave me alone. I still get prompted for a password every time I open a terminal, and when I enter it, it says that my user is not in the sudoers file, and the incident will be reported. Then it makes me enter my password again before it lets me have the shell.

What did I do and how big of a mess did I make? How do I get my system back to the way it was before I added that file to the sudoers.d directory?

Any help appreciated!
Just a guess as to why it is still prompting you - I think you left the line in your ~/.bashrc and you are no longer in the sudoers so it prompts then fails...

I think your approach is good as far as using sudo and doing it per user as it will then allow the user to adjust the level if necessary. But I would do this:

Code:
(as root of course)

visudo

Then add your line...

miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
Then in your ~/.bashrc...

Code:
sudo /bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
That should work I think. If not, please post back what the results are.

On the other hand, to make it happen at boot time, add it to /etc/rc.d/rc.local...

Code:
/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'

And be sure it is executable...

chmod +x /etc/rc.d/rc.local

Last edited by astrogeek; 01-03-2014 at 05:25 PM.
 
1 members found this post helpful.
Old 01-03-2014, 07:51 PM   #3
Miranden
Member
 
Registered: May 2012
Distribution: Slackware
Posts: 205

Original Poster
Rep: Reputation: 19
Aha, you are right in that I forgot to take the line out of my ~/.bashrc. However, I just realized I made a mistake in the code I quoted above. I did in fact have the line

Code:
sudo /bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
in my ~/.bashrc. (When I wrote it above I left out the "sudo," which you corrected for me.) But it doesn't work. Just to be sure, I redid the file in sudoers.d with

Code:
visudo -f /etc/sudoers.d/set_brightness
and put the

Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
line back in so everything was exactly how it was before. Now, whenever I open a terminal, it says:

Code:
Password: {I enter password}
Sorry, user miranden is not allowed to execute '/bin/sh -c echo 1000 > /sys/class/backlight/intel_backlight/brightness' as root on darkstar.
bash-4.2$
So this is where I was before when I gave up. Your solution of putting it in /etc/rc.d/rc.local is much better, but since I've come this far with sudo it would be nice to understand where I'm going wrong.

Thanks for the help!

Last edited by Miranden; 01-03-2014 at 07:53 PM.
 
Old 01-03-2014, 11:04 PM   #4
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]X{.0|.1|.2|-current} ::X>=12<=14, FreeBSD_10{.0|.1}
Posts: 2,191

Rep: Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862
Quote:
Originally Posted by Miranden View Post
Aha, you are right in that I forgot to take the line out of my ~/.bashrc. However, I just realized I made a mistake in the code I quoted above. I did in fact have the line

Code:
sudo /bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
in my ~/.bashrc. (When I wrote it above I left out the "sudo," which you corrected for me.) But it doesn't work. Just to be sure, I redid the file in sudoers.d with
Aha! I thought so, having gotten frustrated and done similar things myself in times past!

Quote:
Originally Posted by Miranden View Post
So this is where I was before when I gave up. Your solution of putting it in /etc/rc.d/rc.local is much better, but since I've come this far with sudo it would be nice to understand where I'm going wrong.

Thanks for the help!
Ok, this has been buzzing around in my sole remaining brain cell all evening. So back to the start...

Quote:
in my ~/.bashrc. I did it this way because when I tried just putting it in as "miranden darkstar=NOPASSWD: echo 1000 > /sys/class/backlight/intel_backlight/brightness" in /etc/sudoers.d/set_brightness, I got a syntax error. I thought this was because the shell was what was actually performing the redirection, so that wouldn't work. However, the other way didn't work either. Every time I opened a terminal, it would prompt me for a password and then say I did not have permission to execute that command.
So after a refresher reading of man sudo and trying a few variants, it occurred to me why visudo treats your original shell command as a syntax error... it is because it wants the full path to the given command to prevent evil aliases! So this should actually work (red for the new part) and allow you to pass any value:

Code:
visudo

miranden darkstar=NOPASSWD: /bin/echo * > /sys/class/backlight/intel_backlight/brightness

Then in your ~/.bashrc

sudo /bin/echo 1000 > /sys/class/backlight/intel_backlight/brightness
That combination should make it work via sudo. I have tried a similar command locally and it works fine - let me know!

Last edited by astrogeek; 01-03-2014 at 11:07 PM.
 
1 members found this post helpful.
Old 01-04-2014, 12:47 AM   #5
Miranden
Member
 
Registered: May 2012
Distribution: Slackware
Posts: 205

Original Poster
Rep: Reputation: 19
Drat, no luck. :| It looks like you were exactly right about the /bin/echo to prevent the aliases (who knew it was as simple as that!), because visudo did allow that syntax, and when I open a terminal it is attempting to write to the file. However, instead of writing to it, it says

Code:
bash: /sys/class/backlight/intel_backlight/brightness: Permission denied
bash-4.2$
I just don't get it. Permission denied? Truly that doesn't seem very sudo-ey at all. Does this maybe have something to do with the redirect in the command? I think I may have to have another look at man sudo myself (though you seem better able to make sense of it than I), and see if anything jumps out.

Last edited by Miranden; 01-04-2014 at 12:49 AM.
 
Old 01-04-2014, 01:22 AM   #6
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]X{.0|.1|.2|-current} ::X>=12<=14, FreeBSD_10{.0|.1}
Posts: 2,191

Rep: Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862
Quote:
Originally Posted by Miranden View Post
Drat, no luck. :| It looks like you were exactly right about the /bin/echo to prevent the aliases (who knew it was as simple as that!), because visudo did allow that syntax, and when I open a terminal it is attempting to write to the file. However, instead of writing to it, it says

Code:
bash: /sys/class/backlight/intel_backlight/brightness: Permission denied
bash-4.2$
I just don't get it. Permission denied? Truly that doesn't seem very sudo-ey at all. Does this maybe have something to do with the redirect in the command? I think I may have to have another look at man sudo myself (though you seem better able to make sense of it than I), and see if anything jumps out.
That is surprising.

I do not have the same /sys/... obviously, so I added NOPASSWD:/bin/ls /root to my sudoer, then added sudo /bin/ls /root to my ~/.bashrc and it worked.

So just to double check, in the ~/.bashrc you did include "sudo" before the comand?

Also what does ls -l /sys/class/backlight/... say? And if that is a symlink, what are the permissions of the target?
 
Old 01-04-2014, 01:57 AM   #7
Miranden
Member
 
Registered: May 2012
Distribution: Slackware
Posts: 205

Original Poster
Rep: Reputation: 19
Quote:
Originally Posted by astrogeek View Post
That is surprising.

I do not have the same /sys/... obviously, so I added NOPASSWD:/bin/ls /root to my sudoer, then added sudo /bin/ls /root to my ~/.bashrc and it worked.

So just to double check, in the ~/.bashrc you did include "sudo" before the comand?

Also what does ls -l /sys/class/backlight/... say? And if that is a symlink, what are the permissions of the target?
Yes, I did put the sudo in. Here is the line copied directly from my .bashrc

Code:
sudo /bin/echo 1000 > /sys/class/backlight/intel_backlight/brightness
And here are the permissions:

Code:
bash-4.2$ ls -l /sys/class/backlight/intel_backlight/brightness 
-rw-r--r-- 1 root root 4.0K Jan  4 00:19 /sys/class/backlight/intel_backlight/brightness
My backlight keys do not work, so I routinely change the backlight in a terminal by switching to root and entering "echo {value} > /sys/class/backlight/intel_backlight/brightness." It works as expected, so I don't understand why this is different. I thought I must have made a typo somewhere or forgotten something, but I have checked several times and it is exactly as posted.

Here is my file in /etc/sudoers.d/:
Code:
bash-4.2# cat /etc/sudoers.d/set_brightness 
miranden darkstar=NOPASSWD: /bin/echo * > /sys/class/backlight/intel_backlight/brightness
bash-4.2#
I have been awake too long, which is why I have copied and pasted everything directly. If I have missed something silly and obvious, please let me know.

I think I'll turn in and look tomorrow after some sleep.

Thanks again!
 
Old 01-04-2014, 02:16 AM   #8
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]X{.0|.1|.2|-current} ::X>=12<=14, FreeBSD_10{.0|.1}
Posts: 2,191

Rep: Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862
Quote:
Originally Posted by Miranden View Post
I have been awake too long, which is why I have copied and pasted everything directly. If I have missed something silly and obvious, please let me know.

I think I'll turn in and look tomorrow after some sleep.

Thanks again!
I can certainly sympathize with that, unfortunately I have a few more hours to go...

I suspect we are both missing something very simple, here are a few thoughts that come immediately to mind...

Just to be very clear, assuming everything is as it appears but it fails from the ~/.bashrc, does it also fail if you type it in after login (i.e., from the terminal)?

Next, are we sure there is nothing else at play here, such as LDAP or SELinux?

And finally, I have not used the /etc/sudoers.d/... setup before, although it looks to be the same and simple. But just to be on familiar territory, can you remove the /etc/sudoers.d/ file that you made and do it the old fashioned way with visudo (and /etc/sudoers)?

The permissions make it writeable by root, so that should not be a problem - I think we are still missing something with sudo.

I'll check in later tomorrow myself. Thanks!
 
1 members found this post helpful.
Old 01-04-2014, 03:42 AM   #9
saivinoba
Member
 
Registered: Oct 2007
Distribution: Gentoo, Gentoo ~amd64, Linux Mint 17
Posts: 48

Rep: Reputation: 9
Can you check the following:
1. You have /bin/echo * in the sudoers file. Is it handling wildcard properly? May be we need to quote the command or put the exact value?
2. Is your hostname 'darkstar'?
3. astrogeek has valid point in that have you tried to manually enter the command (with sudo, ofcourse) when it failed to execute automatically with .bashrc?
4. Instead of being very specific about what you are allowed to echo, can you try to get permission to just use echo? Like,
Code:
miranden ALL = NOPASSWD: /bin/echo
(try generic host instead of specific hostname such as 'darkstar' first) and then put actual command in .bashrc like
Code:
sudo /bin/echo 1000 > /sys/class/backlight/intel_backlight/brightness
 
1 members found this post helpful.
Old 01-04-2014, 06:39 AM   #10
saivinoba
Member
 
Registered: Oct 2007
Distribution: Gentoo, Gentoo ~amd64, Linux Mint 17
Posts: 48

Rep: Reputation: 9
Hi,

Googled online for sudo and echo combination and found that it is not possible to use sudo echo. It seems '>' and '>>' are handled by the shell and not by sudoers. For that probably we should also have sudo permission to sh (or bash).

With 'tee' however we can achieve the same result. Change your /etc/sudoers.d/set_brightness as follows:
Code:
miranden ALL = NOPASSWD: /usr/bin/tee
Then in .bashrc put the following:
Code:
echo '1000' | sudo tee /sys/class/backlight/intel_backlight/brightness > /dev/null
I checked on my computer and it worked fine. Note: In the above line, sudo is for 'tee' only not for 'echo'. If you do not put '> /dev/null' at the end, each time you open terminal it will show '1000' before the prompt.

Once it works, you may change the hostname to 'darkstar' (if it is indeed your hostname) and confirm if it works.

P.S.: Is the brightness value really 1000 and not 100? On my computer it is 100.

Last edited by saivinoba; 01-04-2014 at 06:49 AM. Reason: was 100 -> is 100
 
2 members found this post helpful.
Old 01-04-2014, 01:45 PM   #11
Miranden
Member
 
Registered: May 2012
Distribution: Slackware
Posts: 205

Original Poster
Rep: Reputation: 19
Quote:
Originally Posted by astrogeek View Post
I can certainly sympathize with that, unfortunately I have a few more hours to go...

I suspect we are both missing something very simple, here are a few thoughts that come immediately to mind...

Just to be very clear, assuming everything is as it appears but it fails from the ~/.bashrc, does it also fail if you type it in after login (i.e., from the terminal)?
Should have tried that myself earlier. Yes it does.

Code:
sudo /bin/echo 500 > /sys/class/backlight/intel_backlight/brightness 
bash: /sys/class/backlight/intel_backlight/brightness: Permission denied
Quote:
Next, are we sure there is nothing else at play here, such as LDAP or SELinux?
Nope, nothing like that.

Quote:
And finally, I have not used the /etc/sudoers.d/... setup before, although it looks to be the same and simple. But just to be on familiar territory, can you remove the /etc/sudoers.d/ file that you made and do it the old fashioned way with visudo (and /etc/sudoers)?
I would, but I'm not where to put the line in /etc/sudoers . . . will the very bottom work?
 
Old 01-04-2014, 02:20 PM   #12
Miranden
Member
 
Registered: May 2012
Distribution: Slackware
Posts: 205

Original Poster
Rep: Reputation: 19
Quote:
Originally Posted by saivinoba View Post
Hi,

Googled online for sudo and echo combination and found that it is not possible to use sudo echo.
You can use sudo echo. I put "miranden darkstar = NOPASSWD: /usr/bin/echo" in /etc/sudoers
and it works. It looks like it is the redirect (">") that is the problem.

Quote:
It seems '>' and '>>' are handled by the shell and not by sudoers. For that probably we should also have sudo permission to sh (or bash).
Funny, that's what I thought from the very beginning. As I mentioned in my initial post, the first thing I tried to get around that was to use

Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
I got errors with that. (I wonder why?) But ever since then, I've been wondering if it had something to do with the shell handling redirect (> or >>). I guess I should have learned how to use tee! Somehow I've never gotten around to that command . . .

Quote:
Change your /etc/sudoers.d/set_brightness as follows:
Code:
miranden ALL = NOPASSWD: /usr/bin/tee
Then in .bashrc put the following:
Code:
echo '1000' | sudo tee /sys/class/backlight/intel_backlight/brightness > /dev/null
I checked on my computer and it worked fine. Note: In the above line, sudo is for 'tee' only not for 'echo'. If you do not put '> /dev/null' at the end, each time you open terminal it will show '1000' before the prompt.
It works! Thanks a lot! Of course astrogeek's solution of putting the line in /etc/rc.d/rc.local is the best way to go, but I am very glad to know how to work sudo as well.

Quote:
Once it works, you may change the hostname to 'darkstar' (if it is indeed your hostname) and confirm if it works.

P.S.: Is the brightness value really 1000 and not 100? On my computer it is 100.
My hostname is darkstar. I used the command "hostname" before I started this to be sure. And as far as the brightness, every card is different. On my computer it goes up to over 4000. Thank you for your help! This was literally keeping me up at night . . .

Last edited by Miranden; 01-04-2014 at 03:02 PM. Reason: typo: rc.local not rc/local
 
Old 01-04-2014, 02:51 PM   #13
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]X{.0|.1|.2|-current} ::X>=12<=14, FreeBSD_10{.0|.1}
Posts: 2,191

Rep: Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862Reputation: 862
Well that was educational for all of us!

I'll add an appropriate note to my knowledge base!

Thanks to saivinoba for joining in with the key info!
 
Old 01-04-2014, 02:58 PM   #14
Miranden
Member
 
Registered: May 2012
Distribution: Slackware
Posts: 205

Original Poster
Rep: Reputation: 19
Yes it was! I will definitely be adding appropriate notes as well.

Thanks for all the help. Whew!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I cannot do a shutdown without being prompted for root's password. hscast Linux - Desktop 6 01-23-2013 05:27 AM
during applications terminal when prompted for password will not respond claudiorollandin Linux - Newbie 2 10-29-2008 08:02 PM
Squid - client not prompted for user/password z-man5 Linux - Software 1 11-13-2007 10:57 AM
Not getting prompted for Root password Doug Vitale Fedora 8 02-20-2007 12:59 PM
Prompted for Password When Configuring Printer Kamex Suse/Novell 3 08-14-2005 11:05 PM


All times are GMT -5. The time now is 06:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration