[gentoo-user] Mysterious sudoers.d error

[gentoo-user] Mysterious sudoers.d error

[Walter Dnes]

  I've just switched from cdparanoia to cdda2wav, to get track
names/artists.  As a regular user, I ran...

cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B

  I got a bunch of complaints about insufficient read and write
privileges, but it seems to work OK.  I ran the same command as root,
and no error messages.  So I figured I'd just stick the command into
/etc/sudoers.d and run with root privileges under tightly controlled
conditions.  I ran visudo, and appended what would be the 34th line to
/etc/sudoers.d/001  Here were the tentative 32nd/33rd/34th lines...

waltdnes  d531 = (root) NOPASSWD: /usr/bin/fusermount -u /home/waltdnes/tablet
waltdnes  d531 = (root) NOPASSWD: /usr/bin/simple-mtpfs -o allow_other /home/waltdnes/tablet
waltdnes  d531 = (root) NOPASSWD: /usr/bin/cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B

  When I attempted to exit visudo, I go a not-so-helpfull message...

"/etc/sudoers.d/001.tmp" 34L, 2078C written
>>> /etc/sudoers.d/001: syntax error near line 34 <<<
What now?

  Like the message says, "What now?".  It's currently a moot point
because cdda2wav seems to work OK, notwithstanding the "insufficient
permissions" messages.  But if I'm doing something wrong with sudoers,
I'd like to find out what it is now, rather than later when I really
need it.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] Mysterious sudoers.d error

[Alec Ten Harmsel]

On Wed, Aug 26, 2015 at 07:20:37PM -0400, Walter Dnes wrote:
>   I've just switched from cdparanoia to cdda2wav, to get track
> names/artists.  As a regular user, I ran...
> 
> cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B
> 
>   I got a bunch of complaints about insufficient read and write
> privileges, but it seems to work OK.  I ran the same command as root,
> and no error messages.

What exactly are the error messages? Most likely you just need to be
added to the group that has access to CD drives or something like that.

> So I figured I'd just stick the command into
> /etc/sudoers.d and run with root privileges under tightly controlled
> conditions.  I ran visudo, and appended what would be the 34th line to
> /etc/sudoers.d/001  Here were the tentative 32nd/33rd/34th lines...
> 
> waltdnes  d531 = (root) NOPASSWD: /usr/bin/fusermount -u /home/waltdnes/tablet
> waltdnes  d531 = (root) NOPASSWD: /usr/bin/simple-mtpfs -o allow_other /home/waltdnes/tablet
> waltdnes  d531 = (root) NOPASSWD: /usr/bin/cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B
> 
>   When I attempted to exit visudo, I go a not-so-helpfull message...
> 
> "/etc/sudoers.d/001.tmp" 34L, 2078C written
> >>> /etc/sudoers.d/001: syntax error near line 34 <<<
> What now?
> 
>   Like the message says, "What now?".  It's currently a moot point
> because cdda2wav seems to work OK, notwithstanding the "insufficient
> permissions" messages.  But if I'm doing something wrong with sudoers,
> I'd like to find out what it is now, rather than later when I really
> need it.

Looks like it's the commas. Try:

    waltdnes  d531 = (root) NOPASSWD: /usr/bin/cdda2wav -vall dev=1\,0\,0 cddb=0 -paranoia -B

Alec

[gentoo-user] [SOLVED] Mysterious sudoers.d error

[Walter Dnes]

On Wed, Aug 26, 2015 at 07:28:41PM -0400, Alec Ten Harmsel wrote
> On Wed, Aug 26, 2015 at 07:20:37PM -0400, Walter Dnes wrote:
> >   I've just switched from cdparanoia to cdda2wav, to get track
> > names/artists.  As a regular user, I ran...
> > 
> > cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B
> > 
> >   I got a bunch of complaints about insufficient read and write
> > privileges, but it seems to work OK.  I ran the same command as root,
> > and no error messages.
> 
> What exactly are the error messages? Most likely you just need to be
> added to the group that has access to CD drives or something like that.

  I am a member of groups "cdrom" and "cdrw".  Here are the messages...

[d531][waltdnes][~/music/glenn_miller_2a] cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B
cdda2wav: Insufficient 'file read' privileges. You will not be able to open all needed devices.
cdda2wav: Insufficient 'file write' privileges. You will not be able to open all needed devices.
cdda2wav: Insufficient 'device' privileges. You may not be able to send all needed SCSI commands, this my cause various unexplainable problems.
cdda2wav: Insufficient 'priocntl' privileges. You may get jitter.
cdda2wav: Insufficient 'network' privileges. You will not be able to do remote SCSI.
Type: ROM, Vendor 'TSSTcorp' Model 'CDRWDVD TS-H493B' Revision 'D200' MMC+CDDA
569344 bytes buffer memory requested, transfer size 131072 bytes, 4 buffers, 55 sectors
#Cdda2wav version 3.01a16_linux_4.0.5-gentoo_x86_64_intel-r--core-tm-2-duo-cpu-e4600-@-2.40ghz, real time sched., soundcard, libparanoia support
AUDIOtrack pre-emphasis  copy-permitted tracktype channels

> Looks like it's the commas. Try:
> 
>     waltdnes  d531 = (root) NOPASSWD: /usr/bin/cdda2wav -vall dev=1\,0\,0 cddb=0 -paranoia -B

  It woiks!  No warnings.  Thank you very much.  To avoid my
"fumble-fingers", I have a short script "~/bin/cdrip"...

#!/bin/bash
sudo /usr/bin/cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B

  This episode prompted me to research further, to see what else has to
be escaped.  Google turns up...
http://www.sudo.ws/man/1.8.13/sudoers.man.html#x4f74686572207370656369616c206368617261637465727320616e6420726573657276656420776f726473

> Long lines can be continued with a backslash (`\') as the last
> character on the line.
> White space between elements in a list as well as special syntactic
> characters in a User Specification (`=', `:', `(', `)') is optional.
> The following characters must be escaped with a backslash (`\') when
> used as part of a word (e.g. a user name or host name):
> `!', `=', `:', `,', `(', `)', `\'.

... i.e. "!=:,()\"

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] [SOLVED] Mysterious sudoers.d error

[Alan Mackenzie]

Hello, Walter.

On Wed, Aug 26, 2015 at 09:12:57PM -0400, Walter Dnes wrote:
> On Wed, Aug 26, 2015 at 07:28:41PM -0400, Alec Ten Harmsel wrote
> > On Wed, Aug 26, 2015 at 07:20:37PM -0400, Walter Dnes wrote:
> > >   I've just switched from cdparanoia to cdda2wav, to get track
> > > names/artists.  As a regular user, I ran...
> > > 
> > > cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B
> > > 
> > >   I got a bunch of complaints about insufficient read and write
> > > privileges, but it seems to work OK.  I ran the same command as root,
> > > and no error messages.
> > 
> > What exactly are the error messages? Most likely you just need to be
> > added to the group that has access to CD drives or something like that.

>   I am a member of groups "cdrom" and "cdrw".  Here are the messages...

> [d531][waltdnes][~/music/glenn_miller_2a] cdda2wav -vall dev=1,0,0 cddb=0 -paranoia -B
> cdda2wav: Insufficient 'file read' privileges. You will not be able to open all needed devices.
> cdda2wav: Insufficient 'file write' privileges. You will not be able to open all needed devices.
> cdda2wav: Insufficient 'device' privileges. You may not be able to send all needed SCSI commands, this my cause various unexplainable problems.
> cdda2wav: Insufficient 'priocntl' privileges. You may get jitter.
> cdda2wav: Insufficient 'network' privileges. You will not be able to do remote SCSI.
> Type: ROM, Vendor 'TSSTcorp' Model 'CDRWDVD TS-H493B' Revision 'D200' MMC+CDDA
> 569344 bytes buffer memory requested, transfer size 131072 bytes, 4 buffers, 55 sectors
> #Cdda2wav version 3.01a16_linux_4.0.5-gentoo_x86_64_intel-r--core-tm-2-duo-cpu-e4600-@-2.40ghz, real time sched., soundcard, libparanoia support
> AUDIOtrack pre-emphasis  copy-permitted tracktype channels

Don't we just love software that gives half-error messages?  Just how
difficult would it have been for the author to have identified just what
files and devices you couldn't access?

Is your user a member of the audio group?  I do CD ripping sometimes, and
the three groups acm is a member of which seem relevant are audio, cdrom,
and cdrw.

Running ripping as root isn't ideal.

[ .... ]

> -- 
> Walter Dnes <waltdnes@waltdnes.org>
> I don't run "desktop environments"; I run useful applications

-- 
Alan Mackenzie (Nuremberg, Germany).

Re: [gentoo-user] [SOLVED] Mysterious sudoers.d error

[Walter Dnes]

On Thu, Aug 27, 2015 at 09:22:48AM +0000, Alan Mackenzie wrote

> Is your user a member of the audio group?  I do CD ripping sometimes,
> and the three groups acm is a member of which seem relevant are audio,
> cdrom, and cdrw.
> 
> Running ripping as root isn't ideal.

[d531][root][~] grep waltdnes /etc/group | cut -d: -f1
wheel
floppy
uucp
audio
cdrom
video
cdrw
usb
portage
games

  I notice that I was *NOT* a member "users"!  I fixed that, logged out,
logged in, and still got the same warnings.  Weird.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications