1 |
On Tue, Aug 10, 2010 at 04:14:41AM +0200, Frank Steinmetzger wrote |
2 |
> Am Dienstag, 10. August 2010 schrieb Paul Hartman: |
3 |
> |
4 |
> > Typing that long password into sudo every time I ran a command was a |
5 |
> > hassle |
6 |
> |
7 |
> I???ve never used sudo, and never really liked the idea of it. In |
8 |
> fact I???m always amused and slightly annoyed by the sheer amount |
9 |
> of sudo one can find in your typical ubuntu howto. ;-) |
10 |
|
11 |
There are some things that have to be done as root, but are needed by |
12 |
a regular user. E.g. I have a backup dialup account with 295.ca (guess |
13 |
how much they charge per month <G>). When using it, I not only have to |
14 |
run "pon", but I also have to copy over the correct ssmtp.conf settings |
15 |
for my dialup ISP. My ~/bin/udialup (USB dialup) script reads like so... |
16 |
|
17 |
#!/bin/bash |
18 |
/usr/bin/sudo /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf |
19 |
/usr/bin/sudo /usr/sbin/pon u295.ca |
20 |
|
21 |
When I exit, I have to copy back the ssmtp.conf that points to my |
22 |
broadband ISP's MTU. My ~/bin/dialdown script reads like so... |
23 |
|
24 |
#!/bin/bash |
25 |
/usr/bin/sudo /usr/sbin/poff |
26 |
/usr/bin/sudo /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf |
27 |
|
28 |
This is after I figured out how to use "metric" in my network config |
29 |
so that ppp0 and eth0 could co-exist side by side. ppp0 can talk to the |
30 |
outside world via the dialup modem, while eth0 *SIMULTANEOUSLY* talks to |
31 |
my other machines on 192.168.123.248/29 (aka 192.168.123.240 netmask |
32 |
255.255.255.240). Before that, my udialup script had to tear down eth0, |
33 |
and dialdown had to restart it. Here are some of the entries in |
34 |
/etc/sudoers on my machine "i3"... |
35 |
|
36 |
waltdnes i3 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf |
37 |
waltdnes i3 = (root) NOPASSWD: /usr/sbin/pon 295.ca |
38 |
waltdnes i3 = (root) NOPASSWD: /usr/sbin/poff |
39 |
waltdnes i3 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf |
40 |
waltdnes i3 = (root) NOPASSWD: /sbin/poweroff |
41 |
waltdnes i3 = (root) NOPASSWD: /usr/bin/rdate time.nrc.ca -s |
42 |
waltdnes i3 = (root) NOPASSWD: /sbin/hwclock --systohc |
43 |
waltdnes i3 = (root) NOPASSWD: /usr/sbin/hibernate |
44 |
|
45 |
This gives me the power to do specific root-level stuff as a regular |
46 |
user, without giving away the keys to the kingdom. Note that none of |
47 |
the entries accepts any parameters, let alone $*. Also. specifying the |
48 |
path prevents running the wrong executable with root-level privileges. |
49 |
|
50 |
-- |
51 |
Walter Dnes <waltdnes@××××××××.org> |