Question about the sudo command, specifically how to have sudo act as if user is root
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Question about the sudo command, specifically how to have sudo act as if user is root
What I mean by that is: with root I can run ifconfig and ip commands, under normal user level account I can't which is perfectly fine. What I'd like to achieve is if I'm in my user account insteasd of root and I run "sudo ifconfig" I'd like to be able actually run ifconfig. I know I can run it as "sudo /sbin/ifconfig" but thats 6 more characters than necessary.
Not sure how I would achieve this, can anyone enlighten me?
I think the problem here is not sudo configuration, but that /sbin and /usr/sbin are not in the path of your normal user. Add them to your path and you should be fine.
I think the problem here is not sudo configuration, but that /sbin and /usr/sbin are not in the path of your normal user. Add them to your path and you should be fine.
Yep, that's also a way to be able to use ifconfig. But...
When adding /usr/sbin, /sbin and possibly /usr/local/sbin to a normal users PATH environment, that user has access to all the binaries which might lead to errors. Ifconfig can be run as a normal user (and a few others as well), but most commands in the sbin directories should be run as root user.
I personally like to put the sbin commands that I want to run as normal user, which are only a few, under sudo.
@slacker_: If typing sudo ifconfig is still too much typing you can make a user specific alias:
A somewhat elaborate example (relevant parts only):
Code:
# -------------------------------------------------------------------------- #
# alias sections
# -------------------------------------------------------------------------- #
# Host alias specification
Host_Alias HA_HOST = plains, inferno
# User alias specification
User_Alias UA_NETW = druuna
# Cmnd alias specification
Cmnd_Alias CA_NETW = /bin/netstat, /etc/init.d/networking, \
/sbin/ifconfig, /sbin/iptables, /sbin/route
# -------------------------------------------------------------------------- #
# <user list> <host list> = <operator list> <tag list> <command list>
# -------------------------------------------------------------------------- #
# networking : allow UA_NETW members from HA_HOST
UA_NETW HA_HOST=(root)NOPASSWD: CA_NETW
Lot of great information here, thanks a lot! This is quite helpful!
Quote:
Originally Posted by druuna
Yep, that's also a way to be able to use ifconfig. But...
When adding /usr/sbin, /sbin and possibly /usr/local/sbin to a normal users PATH environment, that user has access to all the binaries which might lead to errors. Ifconfig can be run as a normal user (and a few others as well), but most commands in the sbin directories should be run as root user.
This is exactly what I'm concerned about, I only had a few things I wanted to be able to take care of (netstat, ifconfig, etc) under my standard user just for convenience.
Quote:
Originally Posted by druuna
I personally like to put the sbin commands that I want to run as normal user, which are only a few, under sudo.
Gotcha, so I'm guessing I'd just go about this using the method you mentioned above? Nothing extra nothing less?
Quote:
Originally Posted by druuna
@slacker_: If typing sudo ifconfig is still too much typing you can make a user specific alias:
Code:
alias ifconfig='sudo ifconfig'
5 chars less to type
Well that would make things easier, but I try to keep my system alias free, that was I don't forget about it later if I have to run on a different system or if I need to reinstall or something. That's for the idea though!
When adding /usr/sbin, /sbin and possibly /usr/local/sbin to a normal users PATH environment, that user has access to all the binaries which might lead to errors.
I am curious, which errors might that be? All I get when I forget to switch to root is the obvious "Permission denied".
you will also need bash-completion, to get <tab> working with sudo, etc.
Code:
slackpkg install bash-completion
That wrapper bit is brilliant! Never heard about doing that before, I'll have to look into it more thanks!
As far as the basics to set up, I have bash completion I believe (doesn't it come by default?) by I'm not seeing the Defaults secure_path in my sudo file, do I need to add it myself and if so where?
I am curious, which errors might that be? All I get when I forget to switch to root is the obvious "Permission denied".
I think he means, not necessarily errors when running a command, but errors with certain scripts running under standard user (certain scripts need to call other scripts outside of /sbin for example, which may require root permissions as well).
I am curious, which errors might that be? All I get when I forget to switch to root is the obvious "Permission denied".
I should have said error and unexpected behaviour.
You already mentioned the permission denied error. The unexpected behaviour I'm talking about is the partial instead of full output generated by some commands when executing them as normal user.
Example: Try running /usr/sbin/hwinfo as root and as normal user. On my box it generates 15489 lines of output when run as root and only 14095 lines when run as normal user. No errors/warnings are shown when running this as normal user......
Last edited by druuna; 09-18-2013 at 04:02 AM.
Reason: Fixed weirtd sentence
That wrapper bit is brilliant! Never heard about doing that before, I'll have to look into it more thanks!
personally, I would use that for more 'complicated' things
Quote:
Originally Posted by slacker_
As far as the basics to set up, I have bash completion I believe (doesn't it come by default?)
you have basic tab completion from bash, but not the extra tab completion based on rules
for example try
tar <tab>
you will get a file list of current dir
install bash-completion
re-login
and try again
you will be presented with args for tar
Code:
A c d r t u x
Not without drawbacks,
it can slow things down a little ( not that you should notice )
if you have set -vx in bash shell, you can 'crash' the shell if you spam the tab
Quote:
Originally Posted by slacker_
by I'm not seeing the Defaults secure_path in my sudo file, do I need to add it myself and if so where?
add it to the section
Code:
##
## Defaults specification
##
use visudo ( as root )
that will check that you don't break the sudoers file
not so important with Slackware, as you have a real root account to fix things
But with Distros like Ubuntu/Mint where typically no root login, you can lose root if you break /etc/sudoers
personally, I would use that for more 'complicated' things
you have basic tab completion from bash, but not the extra tab completion based on rules
for example try
tar <tab>
you will get a file list of current dir
install bash-completion
re-login
and try again
you will be presented with args for tar
Code:
A c d r t u x
Not without drawbacks,
it can slow things down a little ( not that you should notice )
if you have set -vx in bash shell, you can 'crash' the shell if you spam the tab
So, will I still have the ability to tab complete file/command names as well, or will this override that functionality?
Quote:
Originally Posted by Firerat
add it to the section
Code:
##
## Defaults specification
##
That's what I was expecting, but wanted to be sure. Thank you!
however, I believe it is dependent on the maintenance of the rules in /usr/share/bash-completion/
not certain how well maintained they are in Slackware
I'm still learning how to use linux, but one thing that I like to do is keep others from having access to potential problems. I have a house hold that uses my pc. So what I do is pretty simple I just log in when I open the terminal. sudo su password now it's all root and I don't have to keep entering my password.
This may not be the answer your looking for, but if you want to stop others without your password it may be.
Jonnynitro138
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.