On 05/14/2018 02:13 AM, to...@tuxteam.de wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, May 13, 2018 at 02:51:49PM -0500, Richard Owlett wrote:
On 05/13/2018 09:26 AM, bw wrote:
On Sun, 13 May 2018, Richard Owlett wrote:
<snip>
The result I wish to achieve is to click on the icon for either GParted or
Synaptic *WITHOUT* being asked for a password (either root's or user's).
I've found vague hints that adding a line to my local /etc/sudoers file
such as
richard ALL = /usr/sbin/gparted , /usr/sbin/synaptic
would accomplish my goal.
Is that correct?
<snip>
I think that might work if clicking each icon actually runs those
commands from each .desktop file.
I believe it does:
1. if logged in as root, entering "/use/sbin/gparted" runs.
2. if *NOT* logged in as root, entering "/usr/sbin/gparted" asks
for password.
Yes, perhaps that's what sudo is for then (you'd have to run
"sudo /usr/sbin/gparted" instead: make it more convenient by
some wrapper [1]).
Of course the recommendation is still "don't do it", but the
good thing is: it's just that, a recommendation. FWIW, I went
through that phase and am back now to my "custom commands"
asking for a password when doing something sudo-ish. It's a
kind of "are you awake there, at the controls?"
That's what I want on all but one of my installs.
which I've come to appreciate. But to each her own and all that :-)
Cheers
[1] There are many solutions to that: I have a /home/tomas/bin
which I add to my PATH where I put all those little scripts
which are too small or too unstable to go to /usr/local/bin.
If I need a sudo in there, I just code it in. In my default
setting, I then get asked for a password. By relaxing sudoers
(e.g. with NOPASSWD: or !authenticate) you can fine tune that
to skip the authentication at a very fine-grained level (by
command, by user or by host (on which the command is running)).
That sounds promising. What should I be reading?
- -- tomas