[SOLVED] Package management using sudo

Tonus · 02-22-2021, 05:24 PM

Hi all,

While tinkering with sudoers files, I was wondering what would be the caveats of using sudo to manage packages.

install/upgrade/remove seems to be ok

slackpkg too

sbopkg could fail for packages that need full login as would some SlackBuilds I believe. In these cases, would the -i option do the job ?

I've did some man pages reading but can't get a satisfaying answer...
The goal is to fire some commands that can last long without letting open a root terminal.... Especially usefull when updating a batch of laptops...

Thanks for your inputs !

pghvlaans · 02-22-2021, 10:05 PM

sudo -i uses the root path, which includes /usr/sbin and /sbin, so it would allow for using slackpkg, makepkg, etc. Using the full path to the binary (e.g. sudo /sbin/makepkg ...) is another way to do it.

I suppose it would also be possible to edit a non-root user's path to include /usr/sbin and /sbin; no comment on whether that's a good idea or not.

wpeckham · 02-22-2021, 10:34 PM

Package installation has nothing directly to do with sudo, sudo is for privilage escalation or identity fudging. Using sudo for package installation comes in handy when proper installation requires root or superuser access rights that your user account (you should hope) lacks.

drgibbon · 02-22-2021, 11:57 PM

Never had any problems with sudo for system updates here. My setup is a shell script /usr/local/sbin/update-system (with chmod 750):

Code:

#!/usr/bin/env bash

echo "Checking for updates..."

if ! slackpkg check-updates; then
    slackpkg -batch='on' update
    slackpkg install-new
    slackpkg upgrade-all
    slackpkg clean-system
fi

in a file in /etc/sudoers.d/

Code:

Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Cmnd_Alias SAFE = /usr/local/sbin/update-system
## allow with no password
myuser ALL=(ALL) NOPASSWD: SAFE

and in my user's shell aliases:

Code:

alias up='sudo update-system'

So 'up' triggers the whole thing, no passwords to type, but no system-wide sudo access or anything dodgy like that.

But if I was doing pkgtools stuff (install/upgrade/removepkg etc), I'd not be bothered with "sudo" before every command, and would prefer "su" in that case.

bassmadrigal · 02-23-2021, 09:49 AM

I've been using sudo on my systems for years. I've never had any problems with permissions or login settings, but I also added sbin locations with my user's PATH.

Code:

if [ "`id -u`" = "0" -o "`id -u`" = "1000" ]; then
  echo $PATH | grep /usr/local/sbin 1> /dev/null 2> /dev/null
  if [ ! $? = 0 ]; then
    PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH
  fi
fi

The "full login" is pretty much tied to the PATH of the user running the commands. If your user has access to all the PATH locations, then a full login won't be an issue.

You can also set the PATH in visudo, which will override the local PATH, but this may have problems if you have programs that set additional PATH locations in /etc/profile.d/.

Code:

## Uncomment to use a hard-coded PATH instead of the user's to find commands
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

hitest · 02-23-2021, 10:19 AM

I like and use visudo to set-up sudo for my regular user. I use sudo for my package management and administrative needs.

Tonus · 02-23-2021, 11:06 AM

Thank you all for your inputs.

Never thought using sudo for pkg management but know I will use that with some handy aliases in the .bashrc :-)