SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
While tinkering with sudoers files, I was wondering what would be the caveats of using sudo to manage packages.
install/upgrade/remove seems to be ok
slackpkg too
sbopkg could fail for packages that need full login as would some SlackBuilds I believe. In these cases, would the -i option do the job ?
I've did some man pages reading but can't get a satisfaying answer...
The goal is to fire some commands that can last long without letting open a root terminal.... Especially usefull when updating a batch of laptops...
Distribution: Slackware64 {15.0,-current}, FreeBSD, stuff on QEMU
Posts: 459
Rep:
sudo -i uses the root path, which includes /usr/sbin and /sbin, so it would allow for using slackpkg, makepkg, etc. Using the full path to the binary (e.g. sudo /sbin/makepkg ...) is another way to do it.
I suppose it would also be possible to edit a non-root user's path to include /usr/sbin and /sbin; no comment on whether that's a good idea or not.
Package installation has nothing directly to do with sudo, sudo is for privilage escalation or identity fudging. Using sudo for package installation comes in handy when proper installation requires root or superuser access rights that your user account (you should hope) lacks.
Never had any problems with sudo for system updates here. My setup is a shell script /usr/local/sbin/update-system (with chmod 750):
Code:
#!/usr/bin/env bash
echo "Checking for updates..."
if ! slackpkg check-updates; then
slackpkg -batch='on' update
slackpkg install-new
slackpkg upgrade-all
slackpkg clean-system
fi
in a file in /etc/sudoers.d/
Code:
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Cmnd_Alias SAFE = /usr/local/sbin/update-system
## allow with no password
myuser ALL=(ALL) NOPASSWD: SAFE
and in my user's shell aliases:
Code:
alias up='sudo update-system'
So 'up' triggers the whole thing, no passwords to type, but no system-wide sudo access or anything dodgy like that.
But if I was doing pkgtools stuff (install/upgrade/removepkg etc), I'd not be bothered with "sudo" before every command, and would prefer "su" in that case.
I've been using sudo on my systems for years. I've never had any problems with permissions or login settings, but I also added sbin locations with my user's PATH.
Code:
if [ "`id -u`" = "0" -o "`id -u`" = "1000" ]; then
echo $PATH | grep /usr/local/sbin 1> /dev/null 2> /dev/null
if [ ! $? = 0 ]; then
PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH
fi
fi
The "full login" is pretty much tied to the PATH of the user running the commands. If your user has access to all the PATH locations, then a full login won't be an issue.
You can also set the PATH in visudo, which will override the local PATH, but this may have problems if you have programs that set additional PATH locations in /etc/profile.d/.
Code:
## Uncomment to use a hard-coded PATH instead of the user's to find commands
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.