Gentoo Archives: gentoo-user

From: Walter Dnes <waltdnes@××××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
Date: Wed, 11 Aug 2010 02:04:00
Message-Id: 20100811010545.GB15953@waltdnes.org
In Reply to: Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice by Frank Steinmetzger
1 On Tue, Aug 10, 2010 at 04:14:41AM +0200, Frank Steinmetzger wrote
2 > Am Dienstag, 10. August 2010 schrieb Paul Hartman:
3 >
4 > > Typing that long password into sudo every time I ran a command was a
5 > > hassle
6 >
7 > I???ve never used sudo, and never really liked the idea of it. In
8 > fact I???m always amused and slightly annoyed by the sheer amount
9 > of sudo one can find in your typical ubuntu howto. ;-)
10
11 There are some things that have to be done as root, but are needed by
12 a regular user. E.g. I have a backup dialup account with 295.ca (guess
13 how much they charge per month <G>). When using it, I not only have to
14 run "pon", but I also have to copy over the correct ssmtp.conf settings
15 for my dialup ISP. My ~/bin/udialup (USB dialup) script reads like so...
16
17 #!/bin/bash
18 /usr/bin/sudo /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf
19 /usr/bin/sudo /usr/sbin/pon u295.ca
20
21 When I exit, I have to copy back the ssmtp.conf that points to my
22 broadband ISP's MTU. My ~/bin/dialdown script reads like so...
23
24 #!/bin/bash
25 /usr/bin/sudo /usr/sbin/poff
26 /usr/bin/sudo /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf
27
28 This is after I figured out how to use "metric" in my network config
29 so that ppp0 and eth0 could co-exist side by side. ppp0 can talk to the
30 outside world via the dialup modem, while eth0 *SIMULTANEOUSLY* talks to
31 my other machines on 192.168.123.248/29 (aka 192.168.123.240 netmask
32 255.255.255.240). Before that, my udialup script had to tear down eth0,
33 and dialdown had to restart it. Here are some of the entries in
34 /etc/sudoers on my machine "i3"...
35
36 waltdnes i3 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf
37 waltdnes i3 = (root) NOPASSWD: /usr/sbin/pon 295.ca
38 waltdnes i3 = (root) NOPASSWD: /usr/sbin/poff
39 waltdnes i3 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf
40 waltdnes i3 = (root) NOPASSWD: /sbin/poweroff
41 waltdnes i3 = (root) NOPASSWD: /usr/bin/rdate time.nrc.ca -s
42 waltdnes i3 = (root) NOPASSWD: /sbin/hwclock --systohc
43 waltdnes i3 = (root) NOPASSWD: /usr/sbin/hibernate
44
45 This gives me the power to do specific root-level stuff as a regular
46 user, without giving away the keys to the kingdom. Note that none of
47 the entries accepts any parameters, let alone $*. Also. specifying the
48 path prevents running the wrong executable with root-level privileges.
49
50 --
51 Walter Dnes <waltdnes@××××××××.org>

Replies

Subject Author
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice Dale <rdalek1967@×××××.com>