On Tue, Aug 10, 2010 at 04:14:41AM +0200, Frank Steinmetzger wrote > Am Dienstag, 10. August 2010 schrieb Paul Hartman: > > > Typing that long password into sudo every time I ran a command was a > > hassle > > I???ve never used sudo, and never really liked the idea of it. In > fact I???m always amused and slightly annoyed by the sheer amount > of sudo one can find in your typical ubuntu howto. ;-)
There are some things that have to be done as root, but are needed by a regular user. E.g. I have a backup dialup account with 295.ca (guess how much they charge per month <G>). When using it, I not only have to run "pon", but I also have to copy over the correct ssmtp.conf settings for my dialup ISP. My ~/bin/udialup (USB dialup) script reads like so... #!/bin/bash /usr/bin/sudo /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf /usr/bin/sudo /usr/sbin/pon u295.ca When I exit, I have to copy back the ssmtp.conf that points to my broadband ISP's MTU. My ~/bin/dialdown script reads like so... #!/bin/bash /usr/bin/sudo /usr/sbin/poff /usr/bin/sudo /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf This is after I figured out how to use "metric" in my network config so that ppp0 and eth0 could co-exist side by side. ppp0 can talk to the outside world via the dialup modem, while eth0 *SIMULTANEOUSLY* talks to my other machines on 192.168.123.248/29 (aka 192.168.123.240 netmask 255.255.255.240). Before that, my udialup script had to tear down eth0, and dialdown had to restart it. Here are some of the entries in /etc/sudoers on my machine "i3"... waltdnes i3 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf waltdnes i3 = (root) NOPASSWD: /usr/sbin/pon 295.ca waltdnes i3 = (root) NOPASSWD: /usr/sbin/poff waltdnes i3 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf waltdnes i3 = (root) NOPASSWD: /sbin/poweroff waltdnes i3 = (root) NOPASSWD: /usr/bin/rdate time.nrc.ca -s waltdnes i3 = (root) NOPASSWD: /sbin/hwclock --systohc waltdnes i3 = (root) NOPASSWD: /usr/sbin/hibernate This gives me the power to do specific root-level stuff as a regular user, without giving away the keys to the kingdom. Note that none of the entries accepts any parameters, let alone $*. Also. specifying the path prevents running the wrong executable with root-level privileges. -- Walter Dnes <waltd...@waltdnes.org>
