Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-03-2014, 05:06 PM
|
#1
|
Member
Registered: May 2012
Distribution: Slackware 64 14.2
Posts: 213
Rep:
|
Messed with sudoers.d, now I am prompted for password at every terminal
Ach, I think I broke something. Whenever my laptop boots up, the screen brightness is always set to the very highest level. So for the past year or so, in order to set my screen brightness to a decent level as soon as I log in (I'm sure there is a way to do it sooner, but I don't know it), I have had the line "echo 1000 > /sys/class/backlight/intel_backlight/brightness" in root's .bashrc. I wanted to have it in my user's .bashrc so I wouldn't have to log in as root every time I boot up, but since that brightness file is owned by root, I wasn't able to do that easily. Therefore, I have just been logging in as root every time I restarted the computer, then exiting and logging in as a normal user when the backlight (and a couple of other things) have been set. But of course this is not an ideal situation.
So I finally resolved to figure out how to work sudo so that I could give my normal user the right to execute the command echo 1000 > /sys/class/backlight/intel_backlight/brightness without a password. I made a file called "set_brightness" in my /etc/sudoers.d/ directory using visudo. In this file, I put the line
Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
I then put
Code:
/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
in my ~/.bashrc. I did it this way because when I tried just putting it in as "miranden darkstar=NOPASSWD: echo 1000 > /sys/class/backlight/intel_backlight/brightness" in /etc/sudoers.d/set_brightness, I got a syntax error. I thought this was because the shell was what was actually performing the redirection, so that wouldn't work. However, the other way didn't work either. Every time I opened a terminal, it would prompt me for a password and then say I did not have permission to execute that command.
I finally got tired of fiddling with this, and I removed the file in /etc/sudoers.d. I must have overstepped my competence here however, because now sudo will not leave me alone. I still get prompted for a password every time I open a terminal, and when I enter it, it says that my user is not in the sudoers file, and the incident will be reported. Then it makes me enter my password again before it lets me have the shell.
What did I do and how big of a mess did I make? How do I get my system back to the way it was before I added that file to the sudoers.d directory?
Any help appreciated!
Last edited by Miranden; 01-03-2014 at 05:15 PM.
Reason: corrected code
|
|
|
01-03-2014, 05:22 PM
|
#2
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,311
|
Quote:
Originally Posted by Miranden
So I finally resolved to figure out how to work sudo so that I could give my normal user the right to execute the command echo 1000 > /sys/class/backlight/intel_backlight/brightness without a password. I made a file called "set_brightness" in my /etc/sudoers.d/ directory using visudo. In this file, I put the line
Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
I then put
Code:
/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
in my ~/.bashrc. I did it this way because when I tried just putting it in as "echo 1000 > /sys/class/backlight/intel_backlight/brightness" in /etc/sudoers.d/set_brightness, I got a syntax error. I thought this was because the shell was what was actually performing the redirection, so that wouldn't work. However, the other way didn't work either. Every time I opened a terminal, it would prompt me for a password and then say I did not have permission to execute that command.
I finally got tired of fiddling with this, and I removed the file in /etc/sudoers.d. I must have overstepped my competence here however, because now sudo will not leave me alone. I still get prompted for a password every time I open a terminal, and when I enter it, it says that my user is not in the sudoers file, and the incident will be reported. Then it makes me enter my password again before it lets me have the shell.
What did I do and how big of a mess did I make? How do I get my system back to the way it was before I added that file to the sudoers.d directory?
Any help appreciated!
|
Just a guess as to why it is still prompting you - I think you left the line in your ~/.bashrc and you are no longer in the sudoers so it prompts then fails...
I think your approach is good as far as using sudo and doing it per user as it will then allow the user to adjust the level if necessary. But I would do this:
Code:
(as root of course)
visudo
Then add your line...
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
Then in your ~/.bashrc...
Code:
sudo /bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
That should work I think. If not, please post back what the results are.
On the other hand, to make it happen at boot time, add it to /etc/rc.d/rc.local...
Code:
/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
And be sure it is executable...
chmod +x /etc/rc.d/rc.local
Last edited by astrogeek; 01-03-2014 at 05:25 PM.
|
|
1 members found this post helpful.
|
01-03-2014, 07:51 PM
|
#3
|
Member
Registered: May 2012
Distribution: Slackware 64 14.2
Posts: 213
Original Poster
Rep:
|
Aha, you are right in that I forgot to take the line out of my ~/.bashrc. However, I just realized I made a mistake in the code I quoted above. I did in fact have the line
Code:
sudo /bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
in my ~/.bashrc. (When I wrote it above I left out the "sudo," which you corrected for me.) But it doesn't work. Just to be sure, I redid the file in sudoers.d with
Code:
visudo -f /etc/sudoers.d/set_brightness
and put the
Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
line back in so everything was exactly how it was before. Now, whenever I open a terminal, it says:
Code:
Password: {I enter password}
Sorry, user miranden is not allowed to execute '/bin/sh -c echo 1000 > /sys/class/backlight/intel_backlight/brightness' as root on darkstar.
bash-4.2$
So this is where I was before when I gave up. Your solution of putting it in /etc/rc.d/rc.local is much better, but since I've come this far with sudo it would be nice to understand where I'm going wrong.
Thanks for the help!
Last edited by Miranden; 01-03-2014 at 07:53 PM.
|
|
|
01-03-2014, 11:04 PM
|
#4
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,311
|
Quote:
Originally Posted by Miranden
Aha, you are right in that I forgot to take the line out of my ~/.bashrc. However, I just realized I made a mistake in the code I quoted above. I did in fact have the line
Code:
sudo /bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
in my ~/.bashrc. (When I wrote it above I left out the "sudo," which you corrected for me.) But it doesn't work. Just to be sure, I redid the file in sudoers.d with
|
Aha! I thought so, having gotten frustrated and done similar things myself in times past!
Quote:
Originally Posted by Miranden
So this is where I was before when I gave up. Your solution of putting it in /etc/rc.d/rc.local is much better, but since I've come this far with sudo it would be nice to understand where I'm going wrong.
Thanks for the help!
|
Ok, this has been buzzing around in my sole remaining brain cell all evening. So back to the start...
Quote:
in my ~/.bashrc. I did it this way because when I tried just putting it in as "miranden darkstar=NOPASSWD: echo 1000 > /sys/class/backlight/intel_backlight/brightness" in /etc/sudoers.d/set_brightness, I got a syntax error. I thought this was because the shell was what was actually performing the redirection, so that wouldn't work. However, the other way didn't work either. Every time I opened a terminal, it would prompt me for a password and then say I did not have permission to execute that command.
|
So after a refresher reading of man sudo and trying a few variants, it occurred to me why visudo treats your original shell command as a syntax error... it is because it wants the full path to the given command to prevent evil aliases! So this should actually work (red for the new part) and allow you to pass any value:
Code:
visudo
miranden darkstar=NOPASSWD: /bin/echo * > /sys/class/backlight/intel_backlight/brightness
Then in your ~/.bashrc
sudo /bin/echo 1000 > /sys/class/backlight/intel_backlight/brightness
That combination should make it work via sudo. I have tried a similar command locally and it works fine - let me know!
Last edited by astrogeek; 01-03-2014 at 11:07 PM.
|
|
1 members found this post helpful.
|
01-04-2014, 12:47 AM
|
#5
|
Member
Registered: May 2012
Distribution: Slackware 64 14.2
Posts: 213
Original Poster
Rep:
|
Drat, no luck. :| It looks like you were exactly right about the /bin/echo to prevent the aliases (who knew it was as simple as that!), because visudo did allow that syntax, and when I open a terminal it is attempting to write to the file. However, instead of writing to it, it says
Code:
bash: /sys/class/backlight/intel_backlight/brightness: Permission denied
bash-4.2$
I just don't get it. Permission denied? Truly that doesn't seem very sudo-ey at all. Does this maybe have something to do with the redirect in the command? I think I may have to have another look at man sudo myself (though you seem better able to make sense of it than I), and see if anything jumps out.
Last edited by Miranden; 01-04-2014 at 12:49 AM.
|
|
|
01-04-2014, 01:22 AM
|
#6
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,311
|
Quote:
Originally Posted by Miranden
Drat, no luck. :| It looks like you were exactly right about the /bin/echo to prevent the aliases (who knew it was as simple as that!), because visudo did allow that syntax, and when I open a terminal it is attempting to write to the file. However, instead of writing to it, it says
Code:
bash: /sys/class/backlight/intel_backlight/brightness: Permission denied
bash-4.2$
I just don't get it. Permission denied? Truly that doesn't seem very sudo-ey at all. Does this maybe have something to do with the redirect in the command? I think I may have to have another look at man sudo myself (though you seem better able to make sense of it than I), and see if anything jumps out.
|
That is surprising.
I do not have the same /sys/... obviously, so I added NOPASSWD:/bin/ls /root to my sudoer, then added sudo /bin/ls /root to my ~/.bashrc and it worked.
So just to double check, in the ~/.bashrc you did include "sudo" before the comand?
Also what does ls -l /sys/class/backlight/... say? And if that is a symlink, what are the permissions of the target?
|
|
|
01-04-2014, 01:57 AM
|
#7
|
Member
Registered: May 2012
Distribution: Slackware 64 14.2
Posts: 213
Original Poster
Rep:
|
Quote:
Originally Posted by astrogeek
That is surprising.
I do not have the same /sys/... obviously, so I added NOPASSWD:/bin/ls /root to my sudoer, then added sudo /bin/ls /root to my ~/.bashrc and it worked.
So just to double check, in the ~/.bashrc you did include "sudo" before the comand?
Also what does ls -l /sys/class/backlight/... say? And if that is a symlink, what are the permissions of the target?
|
Yes, I did put the sudo in. Here is the line copied directly from my .bashrc
Code:
sudo /bin/echo 1000 > /sys/class/backlight/intel_backlight/brightness
And here are the permissions:
Code:
bash-4.2$ ls -l /sys/class/backlight/intel_backlight/brightness
-rw-r--r-- 1 root root 4.0K Jan 4 00:19 /sys/class/backlight/intel_backlight/brightness
My backlight keys do not work, so I routinely change the backlight in a terminal by switching to root and entering "echo {value} > /sys/class/backlight/intel_backlight/brightness." It works as expected, so I don't understand why this is different. I thought I must have made a typo somewhere or forgotten something, but I have checked several times and it is exactly as posted.
Here is my file in /etc/sudoers.d/:
Code:
bash-4.2# cat /etc/sudoers.d/set_brightness
miranden darkstar=NOPASSWD: /bin/echo * > /sys/class/backlight/intel_backlight/brightness
bash-4.2#
I have been awake too long, which is why I have copied and pasted everything directly. If I have missed something silly and obvious, please let me know.
I think I'll turn in and look tomorrow after some sleep.
Thanks again!
|
|
|
01-04-2014, 02:16 AM
|
#8
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,311
|
Quote:
Originally Posted by Miranden
I have been awake too long, which is why I have copied and pasted everything directly. If I have missed something silly and obvious, please let me know.
I think I'll turn in and look tomorrow after some sleep.
Thanks again!
|
I can certainly sympathize with that, unfortunately I have a few more hours to go...
I suspect we are both missing something very simple, here are a few thoughts that come immediately to mind...
Just to be very clear, assuming everything is as it appears but it fails from the ~/.bashrc, does it also fail if you type it in after login (i.e., from the terminal)?
Next, are we sure there is nothing else at play here, such as LDAP or SELinux?
And finally, I have not used the /etc/sudoers.d/... setup before, although it looks to be the same and simple. But just to be on familiar territory, can you remove the /etc/sudoers.d/ file that you made and do it the old fashioned way with visudo (and /etc/sudoers)?
The permissions make it writeable by root, so that should not be a problem - I think we are still missing something with sudo.
I'll check in later tomorrow myself. Thanks!
|
|
1 members found this post helpful.
|
01-04-2014, 03:42 AM
|
#9
|
Member
Registered: Oct 2007
Distribution: FreeBSD, Slackware
Posts: 48
Rep:
|
Can you check the following:
1. You have /bin/echo * in the sudoers file. Is it handling wildcard properly? May be we need to quote the command or put the exact value?
2. Is your hostname 'darkstar'?
3. astrogeek has valid point in that have you tried to manually enter the command (with sudo, ofcourse) when it failed to execute automatically with .bashrc?
4. Instead of being very specific about what you are allowed to echo, can you try to get permission to just use echo? Like,
Code:
miranden ALL = NOPASSWD: /bin/echo
(try generic host instead of specific hostname such as 'darkstar' first) and then put actual command in .bashrc like
Code:
sudo /bin/echo 1000 > /sys/class/backlight/intel_backlight/brightness
|
|
1 members found this post helpful.
|
01-04-2014, 06:39 AM
|
#10
|
Member
Registered: Oct 2007
Distribution: FreeBSD, Slackware
Posts: 48
Rep:
|
Hi,
Googled online for sudo and echo combination and found that it is not possible to use sudo echo. It seems '>' and '>>' are handled by the shell and not by sudoers. For that probably we should also have sudo permission to sh (or bash).
With 'tee' however we can achieve the same result. Change your /etc/sudoers.d/set_brightness as follows:
Code:
miranden ALL = NOPASSWD: /usr/bin/tee
Then in .bashrc put the following:
Code:
echo '1000' | sudo tee /sys/class/backlight/intel_backlight/brightness > /dev/null
I checked on my computer and it worked fine. Note: In the above line, sudo is for 'tee' only not for 'echo'. If you do not put '> /dev/null' at the end, each time you open terminal it will show '1000' before the prompt.
Once it works, you may change the hostname to 'darkstar' (if it is indeed your hostname) and confirm if it works.
P.S.: Is the brightness value really 1000 and not 100? On my computer it is 100.
Last edited by saivinoba; 01-04-2014 at 06:49 AM.
Reason: was 100 -> is 100
|
|
2 members found this post helpful.
|
01-04-2014, 01:45 PM
|
#11
|
Member
Registered: May 2012
Distribution: Slackware 64 14.2
Posts: 213
Original Poster
Rep:
|
Quote:
Originally Posted by astrogeek
I can certainly sympathize with that, unfortunately I have a few more hours to go...
I suspect we are both missing something very simple, here are a few thoughts that come immediately to mind...
Just to be very clear, assuming everything is as it appears but it fails from the ~/.bashrc, does it also fail if you type it in after login (i.e., from the terminal)?
|
Should have tried that myself earlier. Yes it does.
Code:
sudo /bin/echo 500 > /sys/class/backlight/intel_backlight/brightness
bash: /sys/class/backlight/intel_backlight/brightness: Permission denied
Quote:
Next, are we sure there is nothing else at play here, such as LDAP or SELinux?
|
Nope, nothing like that.
Quote:
And finally, I have not used the /etc/sudoers.d/... setup before, although it looks to be the same and simple. But just to be on familiar territory, can you remove the /etc/sudoers.d/ file that you made and do it the old fashioned way with visudo (and /etc/sudoers)?
|
I would, but I'm not where to put the line in /etc/sudoers . . . will the very bottom work?
|
|
|
01-04-2014, 02:20 PM
|
#12
|
Member
Registered: May 2012
Distribution: Slackware 64 14.2
Posts: 213
Original Poster
Rep:
|
Quote:
Originally Posted by saivinoba
Hi,
Googled online for sudo and echo combination and found that it is not possible to use sudo echo.
|
You can use sudo echo. I put "miranden darkstar = NOPASSWD: /usr/bin/echo" in /etc/sudoers
and it works. It looks like it is the redirect (">") that is the problem.
Quote:
It seems '>' and '>>' are handled by the shell and not by sudoers. For that probably we should also have sudo permission to sh (or bash).
|
Funny, that's what I thought from the very beginning. As I mentioned in my initial post, the first thing I tried to get around that was to use
Code:
miranden darkstar=NOPASSWD:/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness'
I got errors with that. (I wonder why?) But ever since then, I've been wondering if it had something to do with the shell handling redirect (> or >>). I guess I should have learned how to use tee! Somehow I've never gotten around to that command . . .
Quote:
Change your /etc/sudoers.d/set_brightness as follows:
Code:
miranden ALL = NOPASSWD: /usr/bin/tee
Then in .bashrc put the following:
Code:
echo '1000' | sudo tee /sys/class/backlight/intel_backlight/brightness > /dev/null
I checked on my computer and it worked fine. Note: In the above line, sudo is for 'tee' only not for 'echo'. If you do not put '> /dev/null' at the end, each time you open terminal it will show '1000' before the prompt.
|
It works! Thanks a lot! Of course astrogeek's solution of putting the line in /etc/rc.d/rc.local is the best way to go, but I am very glad to know how to work sudo as well.
Quote:
Once it works, you may change the hostname to 'darkstar' (if it is indeed your hostname) and confirm if it works.
P.S.: Is the brightness value really 1000 and not 100? On my computer it is 100.
|
My hostname is darkstar. I used the command "hostname" before I started this to be sure. And as far as the brightness, every card is different. On my computer it goes up to over 4000. Thank you for your help! This was literally keeping me up at night . . .
Last edited by Miranden; 01-04-2014 at 03:02 PM.
Reason: typo: rc.local not rc/local
|
|
|
01-04-2014, 02:51 PM
|
#13
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,311
|
Well that was educational for all of us!
I'll add an appropriate note to my knowledge base!
Thanks to saivinoba for joining in with the key info!
|
|
|
01-04-2014, 02:58 PM
|
#14
|
Member
Registered: May 2012
Distribution: Slackware 64 14.2
Posts: 213
Original Poster
Rep:
|
Yes it was! I will definitely be adding appropriate notes as well.
Thanks for all the help. Whew!
|
|
|
All times are GMT -5. The time now is 09:27 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|