SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it possible to change the behaviour of sudo in 10.1 to run graphical apps?
It says in the release notes this change is for security reasons but since I am on a single user system and not connected to other computers I don't see it as being any less secure than running anything else with sudo.
And whether it is less secure or not I still want to do it.
Also, why does it ask for the root password when running sudo? I thought the whole point of it was that you use your user password so you don't need to know the root password? Maybe I'm wrong.
On my own box, sudo will run graphical apps, although I get plastered with warnings if I try running firefox this way. However, there's also gksudo and kdesu for GNOME and KDE respectively. As for the password, the password it asks for should indeed be your user password, not the root one.
Defaults always_set_home
Defaults env_reset
Defaults targetpw # ask for the password of the target user i.e. root
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
I commented out the targetpw line and the one after it and it now asks for my user password but I am now unable to run anything at all with sudo.
Removing the other 2 lines made no difference either.
I can't find anything in the man page that helps (I don't understand much of it).
I've tried replacing everything in the sudoers file with what was in my 10.0 sudoers file and again it asks for my user password but when I try to run anything as sudo I get
Code:
Sorry, user shane is not allowed to execute '/usr/bin/whatever' as root on suse.
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
It's not very smart to allow all users to execute anything as root without even prompting for the root password, hence the warning. For example, if you want all members of the group "users" to be able to acquire root permissions unless they are logged in from a remote host, the following line should work:
shane is not allowed to run sudo on suse. This incident will be reported
To clarify things a little, here is my /etc/sudoers file from kanotix, which is identical to the one I had in suse 10.0 -
Code:
Defaults timestamp_timeout=0
# User privilege specification
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
shane ALL=NOPASSWD: /sbin/halt
shane ALL=NOPASSWD: /sbin/reboot
shane ALL=NOPASSWD: /usr/local/bin/eciadsl-start
shane ALL=NOPASSWD: /usr/local/bin/eciadsl-stop
#shane ALL=NOPASSWD: /usr/local/bin/eciadsl-doctor
This works perfectly fine in kanotix and did in suse 10.0 also but if I copy those exact entries into the one in suse 10.1 it won't let me run anything as root with sudo.
And this is the sudoers file from suse 10.1, note it states to delete the "ALL ALL=(ALL) ALL" and "Defaults targetpw" lines -
Code:
Defaults always_set_home
Defaults env_reset
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
%users localhost=/sbin/shutdown -h now
shane ALL=NOPASSWD: /sbin/halt
shane ALL=NOPASSWD: /sbin/reboot
shane ALL=NOPASSWD: /usr/local/bin/eciadsl-start
shane ALL=NOPASSWD: /usr/local/bin/eciadsl-stop
shane ALL=NOPASSWD: /usr/bin/eciadsl-start
shane ALL=NOPASSWD: /usr/bin/eciadsl-stop
When I try to run graphical apps as sudo, for example kedit, I get this -
Code:
kedit: cannot connect to X server
I don't want to run anything without a password, except the commands specified, I just want it to work like it does in kanotix and how it did in suse 10.0.
still won't let me run graphical apps.
Something I didn't mention, the shane "NOPASSWD:" entries all work fine and don't ask for a password but none of those are graphical.
Just to clear up what I'm trying to do here. By default, suse 10.1 sudo works and I can run non graphical apps fine but it asks for root password and to run anything graphical as root I have use su.
If I try to run anything graphical with sudo I get a "cannot connect to server" error.
On all other distros I have ever used sudo with, I can run graphical apps fine and it asks for my user password.
I know not being able to run graphical apps with sudo in 10.1 is done on purpose because it mentions it in the release notes but surely there must be some way of changing the sudo behaviour so that it works like it does in other distros?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
