Tiny Core Base > TCB Q&A Forum

sudo and tce-load

(1/2) > >>

nomer:
May I ask why the tce-* commands (i.e. tce-load, tce-run, ....) can't be run as root?
This seems like it is/was a fairly conscious decision.
When running with the default setup this isn't really a problem, but it is a problem if you want to restrict yourself (or another user) slightly.

I can replace
--- Quote ---tc     ALL=NOPASSWD: ALL
--- End quote ---
with
--- Quote ---tc    ALL=ALL
--- End quote ---
in /etc/sudoers.
This will require the user "tc" to enter a password before executing a program as root.
This makes the originally mentioned scripts nearly impossible to use.
Running:
--- Quote ---sudo tce-run <my_app>
--- End quote ---
will result in:
--- Quote ---don't run this as root
--- End quote ---
And if I do
--- Quote ---tce-run <my_app>
--- End quote ---
I have to enter the password over and over and over and over.......

Actually, the script I'm really concerned about is tce-load.
I suppose that I could comment out line 27 in it and the remove every occurrence of "sudo".
Is this a bad idea?   

P.S. I'm running tinycore 4.1

maro:
Just voicing my personal opinion here, but if 'root' would be allowed to execute 'tce-load' chances are that ownership of files and directories would be changed in such a way that subsequently using 'tce-load' as a "non-root' user would become impossible. Sure, one could try to catch all those cases with a lot of "if-then-else", but I tend to agree that disallowing 'root' to "mess things up" is a more pragmatic solution (in particular as 'root' could always use 'sudo -u tc tce-load ..." as a work-around).

OTOH, I don't think that this addresses the situation that you've got yourself into be changing '/etc/sudoers'. I guess what you would need is a mechanism that the likes of Ubuntu (and "friends") are using, where you have to enter the user password once for a 'sudo' command and it remains valid for a while (e.g. 15 minutes). Unfortunately I've never looked into the details how they achieve it, in particular as I considered it rather comical that one has to enter the user password (and not a proper 'root' password) to gain 'sudo' rights.

nomer:
Ahha! Your paragraph offering the possible reasoning behind the system does make sense.

Now that you mention it, I do recall hearing something about the password entered being "cached". I'll look into figuring out how to make that work.

As to entering one's own password for sudo vs. entering the root password, by adding this line to /etc/sudoers

--- Quote ---Defaults rootpw
--- End quote ---
you can make users enter the root password.

nomer:
Hmmm..... It appears that password "caching" isn't working.
I believe that I have some idea of what the problem is. When I run the sudo command with a user that requires a password, it prints this error before prompting me for the password:
--- Quote ---sudo: can't mkdir : No such file or directory
--- End quote ---

It does this with every command. (e.g. "sudo whoami")

Does anyone know how to make sudo remember when a user last used sudo?
While this won't solve the root of my problem, it would still be of some help.

curaga:
Can't reproduce. Started TC 4.4, edited sudoers to require password for user tc, "sudo whoami" works fine, and the normal 5-minute caching works.

Navigation

[0] Message Index

[#] Next page

Go to full version