[gentoo-user] sudo echo cannot write to /etc/ files ?

[gentoo-user] sudo echo cannot write to /etc/ files ?

[Holly Bostick]

Hey, ho--

Here's (one of) today's non-critical problems that's getting on my
nerves, so hopefully somebody can help.

I've finally got around to setting up sudo. It works fine, except for
one thing.

I don't just give myself blanket permissions to sudo to all commands; I
made a Cmd_Alias group which includes a lot of utility apps. And, like
many of you, I included emerge in this group.

But a lot of the time, when I do an emerge -av, I find that there's a
USE flag I want or don't want for the package, or I want an unstable
version, or whatever, which means I have to echo to one of the files in
/etc/portage.

Echo is in the sudo-ed group, and echo isn't the problem-- the problem
is that permission is refused to write to the file itself (which is an
error *from* echo, so it would seem that echo itself is OK as far as
sudo goes). Which means that I have to su anyway, to echo to the file,
which really isn't the point of the exercise.

As I see it, this error can mean only one of two things:

sudo does not give me a login shell (so my UID is 'really' still my UID
and not root's, and I don't have permission to write to the file); or

there is another, "invisible" cli utility responsible for actually
writing to the file, which is not sudo-ed.

Or could it be something else?

In any case, does anybody know how I could fix this? It's really
screwing up my useability, which was just starting to shape up nicely :-) .

Thanks,
Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[A. Khattri]

On Wed, 6 Jul 2005, Holly Bostick wrote:

> Echo is in the sudo-ed group, and echo isn't the problem-- the problem
> is that permission is refused to write to the file itself (which is an
> error *from* echo, so it would seem that echo itself is OK as far as
> sudo goes). Which means that I have to su anyway, to echo to the file,
> which really isn't the point of the exercise.

What is in /etc/sudoers?

Either the problem is there or maybe its because in some shells, echo is a
built-in command and in others its not (so /bin/echo comes into play).


-- 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Holly Bostick]

A. Khattri schreef:
> On Wed, 6 Jul 2005, Holly Bostick wrote:
> 
> 
>>Echo is in the sudo-ed group, and echo isn't the problem-- the problem
>>is that permission is refused to write to the file itself (which is an
>>error *from* echo, so it would seem that echo itself is OK as far as
>>sudo goes). Which means that I have to su anyway, to echo to the file,
>>which really isn't the point of the exercise.
> 
> 
> What is in /etc/sudoers?
> 
> Either the problem is there or maybe its because in some shells, echo is a
> built-in command and in others its not (so /bin/echo comes into play).
> 
> 

Well, I'm not going to copy my entire file, but I've got /usr/bin/echo
sudoed (because that's what 'which echo' said was the path to echo).

But doing a locate echo reveals that there is also a /bin/echo.... oh,
and la /usr/bin/echo reveals it to be a symlink to /bin/echo. Fine. What
 in the bloody blue blazes does that tell me? Changing visudo to allow
/bin/echo rather than /usr/bin/echo didn't do a thing.

I'm using bash, like a boring person. Looking (searching, actually)
through man bash, I can see that echo is a built-in-- do I have to sudo
bash as well? And in any case, echo isn't refusing to run-- if I run

secho $JAVA_HOME, I get a return... but it's the return of the *user's*
JAVA_HOME, rather than the *system* JAVA_HOME.

This supports my theory that this is a regular su shell and not an su -
shell, which is not much help to me in this situation (for echo to write
to the /etc/files, I need UID 0).

So I suppose I could find this in man sudoers, but that's almost as bad
as man bash for trying to find something when you're not quite sure what
you're looking for.

Is there a way to get sudo to behave as a login shell when sudo-ing
rather than just a regular su? And is that a scalable or global change
(limitable would be nice)?

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[David Morgan]

On 15:52 Wed 06 Jul     , Holly Bostick wrote:
> Hey, ho--
> 
> Here's (one of) today's non-critical problems that's getting on my
> nerves, so hopefully somebody can help.
> 
> I've finally got around to setting up sudo. It works fine, except for
> one thing.
> 
> I don't just give myself blanket permissions to sudo to all commands; I
> made a Cmd_Alias group which includes a lot of utility apps. And, like
> many of you, I included emerge in this group.
> 
> But a lot of the time, when I do an emerge -av, I find that there's a
> USE flag I want or don't want for the package, or I want an unstable
> version, or whatever, which means I have to echo to one of the files in
> /etc/portage.
> 
> Echo is in the sudo-ed group, and echo isn't the problem-- the problem
> is that permission is refused to write to the file itself (which is an
> error *from* echo, so it would seem that echo itself is OK as far as
> sudo goes). Which means that I have to su anyway, to echo to the file,
> which really isn't the point of the exercise.
> 
> As I see it, this error can mean only one of two things:
> 
> sudo does not give me a login shell (so my UID is 'really' still my UID
> and not root's, and I don't have permission to write to the file); or
> 
> there is another, "invisible" cli utility responsible for actually
> writing to the file, which is not sudo-ed.
> 
> Or could it be something else?
> 
> In any case, does anybody know how I could fix this? It's really
> screwing up my useability, which was just starting to shape up nicely :-) .
> 
> Thanks,
> Holly
> 


I assume you mean that you're trying to something like

sudo echo foo >> bar

The problem is that echo is running as root, but >> (a shell builtin)
isn't. Your shell evaluates the >> before it does anything else, so you
get permission denied if you aren't allowed to write to bar. (Think
about what happens if you do 

cat foo > foo

you end up with foo being empty regardless of what was in it before you
ran the command (actually, that command fails with an error about the
input and output files being the same, but I'm pretty sure that what I
said used to be true)).

Someone else asked the same question on this list not long ago, and the
only solution I remember anyone having was to run

su -c "echo foo >> bar"

Dave

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[gentoo]

Le Mercredi, 6 Juillet 2005 15.52, Holly Bostick a ecrit :
> Hey, ho--
>
> Here's (one of) today's non-critical problems that's getting on my
> nerves, so hopefully somebody can help.
>
> I've finally got around to setting up sudo. It works fine, except for
> one thing.
>
> I don't just give myself blanket permissions to sudo to all commands; I
> made a Cmd_Alias group which includes a lot of utility apps. And, like
> many of you, I included emerge in this group.
>
> But a lot of the time, when I do an emerge -av, I find that there's a
> USE flag I want or don't want for the package, or I want an unstable
> version, or whatever, which means I have to echo to one of the files in
> /etc/portage.
>
> Echo is in the sudo-ed group, and echo isn't the problem-- the problem
> is that permission is refused to write to the file itself (which is an
> error *from* echo, so it would seem that echo itself is OK as far as
> sudo goes). Which means that I have to su anyway, to echo to the file,
> which really isn't the point of the exercise.
>
> As I see it, this error can mean only one of two things:
>
> sudo does not give me a login shell (so my UID is 'really' still my UID
> and not root's, and I don't have permission to write to the file); or
>
> there is another, "invisible" cli utility responsible for actually
> writing to the file, which is not sudo-ed.
>
> Or could it be something else?
>
> In any case, does anybody know how I could fix this? It's really
> screwing up my useability, which was just starting to shape up nicely :-) .
>
> Thanks,
> Holly

I think the problem come from the fact that echo is sudo-ed but the shell 
redirection isn't.

Compare this:
su -c "echo foo > /etc/portage/whatever"
and 
su -c "echo foo" > /etc/portage/whatever

The first one will succeed, but not the second.

To solve your problem, I would just do:
chgrp -R portage /etc/portage
chmod -R g+w /etc/portage

-- 
mat
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Holly Bostick]

gentoo@depardo.ch schreef:
> Le Mercredi, 6 Juillet 2005 15.52, Holly Bostick a ecrit :
> 
>>Hey, ho--
>>
>>I've finally got around to setting up sudo. It works fine, except for
>>one thing.
>>
>>I made a Cmd_Alias group which includes a lot of utility apps. And, like
>>many of you, I included emerge in this group.
>>
>>But a lot of the time, I have to echo to one of the files in
>>/etc/portage.
>>
>>Echo is in the sudo-ed group, and echo isn't the problem-- the problem
>>is that permission is refused to write to the file itself
>>
>>As I see it, this error can mean only one of two things:
>>
>>sudo does not give me a login shell (so my UID is 'really' still my UID
>>and not root's, and I don't have permission to write to the file); or
>>
>>there is another, "invisible" cli utility responsible for actually
>>writing to the file, which is not sudo-ed.
>>
>>Or could it be something else?
>>
>>In any case, does anybody know how I could fix this? It's really
>>screwing up my useability, which was just starting to shape up nicely :-) .
>>
>>Thanks,
>>Holly
> 
> 
> I think the problem come from the fact that echo is sudo-ed but the shell 
> redirection isn't.
> 
> Compare this:
> su -c "echo foo > /etc/portage/whatever"
> and 
> su -c "echo foo" > /etc/portage/whatever
> 
> The first one will succeed, but not the second.
> 
> To solve your problem, I would just do:
> chgrp -R portage /etc/portage
> chmod -R g+w /etc/portage
> 

Well, it didn't work (this to all the respondents).

I did change the group and mod of /etc/portage, but even before I did:

"sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords"
-bash: sudo echo 'media-video/xine-ui ~x86'
>>/etc/portage/package.keywords: Onbekend bestand of map

("unknown file or folder", which is at least different, but not really
much of an improvement, and no, before someone asks, putting a space
before /etc doesn't help)

and even after chowning and chmodding:

 sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords
-bash: /etc/portage/package.keywords: Toegang geweigerd

(permission refused)

with the quotes, it's unknown file or folder.

la /etc/portage
totaal 51
drwxrwxr-x   5 root portage  384 jun 13 00:40 .
drwxr-xr-x  88 root root    7312 jul  6 16:15 ..
-rw-rw-r--   1 root portage 9757 jul  6 17:09 package.keywords
-rw-rw-r--   1 root portage 6164 mei 26 11:47 package.keywords~
-rw-rw-r--   1 root portage   64 jun 15 05:27 package.mask
-rw-rw-r--   1 root portage  100 mei 16 14:57 package.mask~
-rw-rw-r--   1 root portage  105 jun 15 05:27 package.unmask
-rw-rw-r--   1 root portage  103 mei 15 21:09 package.unmask~
-rw-rw-r--   1 root portage 2252 jun 30 12:32 package.use
-rw-rw-r--   1 root portage 1616 mei 12 15:46 package.use~
drwxrwxr-x   2 root portage   80 nov 26  2004 profile
drwxrwxr-x   2 root portage   72 jun  2 13:10 profiles
drwxrwsr-x   2 root portage   48 okt 27  2004 sets


Not really sure what good the portage group was supposed to do anyway,
since root is a member of that group, but then again root owns the whole
shebang anyway. The user is not a member of the portage group.

Should I chown the folder -R to users? (seems again quite not the
point)? It still seems that what I really want is a login shell that I'm
not getting.

I'm really lost. Where am I going wrong?

Oh, btw, just remembered-- this is bash 3. Does that make a difference?

Holly


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Christoph Gysin]

Holly Bostick wrote:
> I'm really lost. Where am I going wrong?

check my other post.

> Oh, btw, just remembered-- this is bash 3. Does that make a difference?

No.

Christoph
-- 
echo mailto: NOSPAM !#$.'<*>'|sed 's. ..'|tr "<*> !#:2" org@fr33z3
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[gentoo]

On Wednesday 06 July 2005 17.21, Holly Bostick wrote:
> > To solve your problem, I would just do:
> > chgrp -R portage /etc/portage
> > chmod -R g+w /etc/portage
>
> Well, it didn't work (this to all the respondents).

Are you in the portage group?

> sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords

no need to sudo the echo if you're in the right group.

-- 
mat
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Boyd Stephen Smith Jr.]

Holly Bostick wrote:
> gentoo@depardo.ch schreef:
>>I think the problem come from the fact that echo is sudo-ed but the shell 
>>redirection isn't.
>>
>>Compare this:
>>su -c "echo foo > /etc/portage/whatever"
>>and 
>>su -c "echo foo" > /etc/portage/whatever
>>
>>The first one will succeed, but not the second.
> 
> Well, it didn't work (this to all the respondents).
> 
> "sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords"

This groups *everything* as one shell parameter, so it attempts to 
execute a file named "sudo echo 'media-video/xine-ui ~x86' 
 >>/etc/portage/package.keywords" in your path.

>>>/etc/portage/package.keywords: Onbekend bestand of map
> ("unknown file or folder")

Of course, since it's extremely unlikely a file with that name exists.

>  sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords

Now, you've completely left out the quotes, so the redirection is done 
in the user shell, not the sudo shell.  Of course, your user can't write 
to that file so you get:

> -bash: /etc/portage/package.keywords: Toegang geweigerd
> (permission refused)

You want:
sudo "echo 'media-video/xine-ui ~x86' >> /etc/portage/package.keywords"

This cause the command
echo 'media-video/xine-ui ~x86' >> /etc/portage/package.keywords
to be passed to the sudo shell which causes the bash built-in:
echo
to be called with the single parameter
media-video/xine-ui ~x86
and have it's output appended to the file
/etc/portage/package.keywords


> I'm really lost. Where am I going wrong?

You simply aren't being careful enough with you quotes and 
misunderstanding the intricacies of shell expansion and nesting.

> Oh, btw, just remembered-- this is bash 3. Does that make a difference?

No.

-- 
Boyd Stephen Smith Jr.
bss03@volumehost.com

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Richard Fish]

Boyd Stephen Smith Jr. wrote:

>
> You want:
> sudo "echo 'media-video/xine-ui ~x86' >> /etc/portage/package.keywords"
>
No, I'm sorry, this is completely false.

Running

sudo "echo 'media-video/xine-ui ~x86' >> /etc/portage/package.keywords"

causes sudo to search the PATH for a *single* executable file named
"sudo echo 'media-video/xine-ui ~x86' >>
/etc/portage/package.keywords".  It will find no such file, and report
"command not found".

Besides, the echo command doesn't support the *shell* redirection
operators.  It is the *shell* that interprets those.  Echo just prints
every argument it receives to stdout, so even if you managed to pass
">>" to echo in it's argv, it would just print those characters to its
stdout.

> This cause the command
> echo 'media-video/xine-ui ~x86' >> /etc/portage/package.keywords
> to be passed to the sudo shell which causes the bash built-in:


sudo has no builtin bash or bash-like shell.


-Richard

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Edward Catmur]

On Wed, 2005-07-06 at 15:52 +0200, Holly Bostick wrote:
> Echo is in the sudo-ed group, and echo isn't the problem-- the problem
> is that permission is refused to write to the file itself (which is an
> error *from* echo, so it would seem that echo itself is OK as far as
> sudo goes). Which means that I have to su anyway, to echo to the file,
> which really isn't the point of the exercise.
> 
> As I see it, this error can mean only one of two things:
> 
> sudo does not give me a login shell (so my UID is 'really' still my UID
> and not root's, and I don't have permission to write to the file); or
> 
> there is another, "invisible" cli utility responsible for actually
> writing to the file, which is not sudo-ed.

If you're using e.g. "sudo echo package >> /etc/portage/package.unmask"
then the redirection takes place in your shell, not in sudo.

HTH.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Holly Bostick]

Edward Catmur schreef:
> On Wed, 2005-07-06 at 15:52 +0200, Holly Bostick wrote:
> 
>>Echo is in the sudo-ed group, and echo isn't the problem-- the problem
>>is that permission is refused to write to the file itself (which is an
>>error *from* echo, so it would seem that echo itself is OK as far as
>>sudo goes). Which means that I have to su anyway, to echo to the file,
>>which really isn't the point of the exercise.
>>
>>As I see it, this error can mean only one of two things:
>>
>>sudo does not give me a login shell (so my UID is 'really' still my UID
>>and not root's, and I don't have permission to write to the file); or
>>
>>there is another, "invisible" cli utility responsible for actually
>>writing to the file, which is not sudo-ed.
> 
> 
> If you're using e.g. "sudo echo package >> /etc/portage/package.unmask"
> then the redirection takes place in your shell, not in sudo.
> 
> HTH.
> 

OK, you all likely realize that I responded before I had got the three
more messages telling me what to do.

I'm sure it will work (three people telling you the exact same thing is
pretty convincing ;-) ), but what I don't understand is why/how, if I
want to

sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords

changing that to

"sudo echo media-video/xine-ui ~x86 >>/etc/portage/package.keywords"

is going to write the line

media-video/xine-ui ~x86

to /etc/portage/package.keywords-- i.e., why are the internal quotes no
longer necessary?

Or should it be

"sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords"

or will that *really* screw everything up?

(As you see, my understanding of bash is trying to improve, with only
very limited success :-) ).

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[David Morgan]

On 16:54 Wed 06 Jul     , Holly Bostick wrote:
> OK, you all likely realize that I responded before I had got the three
> more messages telling me what to do.
> 
> I'm sure it will work (three people telling you the exact same thing is
> pretty convincing ;-) ), but what I don't understand is why/how, if I
> want to
> 
> sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords
> 
> changing that to
> 
> "sudo echo media-video/xine-ui ~x86 >>/etc/portage/package.keywords"
> 
> is going to write the line
> 
> media-video/xine-ui ~x86
> 
> to /etc/portage/package.keywords-- i.e., why are the internal quotes no
> longer necessary?
> 
> Or should it be
> 
> "sudo echo 'media-video/xine-ui ~x86' >>/etc/portage/package.keywords"
> 
> or will that *really* screw everything up?
> 
> (As you see, my understanding of bash is trying to improve, with only
> very limited success :-) ).
> 

Nope, I don't think you can do it with sudo since bash uses whitespace
as a separator, so if you do sudo "echo foo >> bar", it'll look for a
single command "echo foo >> bar", which is not what you want - you want
a command echo with argument foo, and then redirect the output to bar
(the double quotes prevent bash from evaluating the whitespace or the
 >>).

afaik you can only do it with su -c "echo foo >> bar", which stops bash
from doing anything with the >> or the whitespace to begin with, but
then passes everything inside the double quotes to another shell, which
gets started by su -c

It's kind of annoying, I know, but I don't think there's a way round it
with sudo.

Dave

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 779 bytes --]

On Wed, 6 Jul 2005 16:12:18 +0100, David Morgan wrote:

> Nope, I don't think you can do it with sudo since bash uses whitespace
> as a separator, so if you do sudo "echo foo >> bar", it'll look for a
> single command "echo foo >> bar", which is not what you want - you want
> a command echo with argument foo, and then redirect the output to bar
> (the double quotes prevent bash from evaluating the whitespace or the
>  >>).

You could do it with a shell script

#!/bin/sh
#Call this /usr/local/bin/suecho
echo "$1" >>$2

Add /usr/local/bin/suecho to /etc/sudoers and you can do

sudo suecho "media-video/xine-ui ~x86" /etc/portage/package.keywords


-- 
Neil Bothwick

Software: (n.) That which hardware manufacturers can blame for physical
failures.

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Christoph Gysin]

David Morgan wrote:
> afaik you can only do it with su -c "echo foo >> bar", which stops bash
> from doing anything with the >> or the whitespace to begin with, but
> then passes everything inside the double quotes to another shell, which
> gets started by su -c
> 
> It's kind of annoying, I know, but I don't think there's a way round it
> with sudo.

Yes it is possible. But you need the shell (which handles the redirect)
to run as root.

$ sudo echo package ~x86 >> /etc/portage/package.keywords

will run the redirection as user, where:

$ sudo bash -c "echo package ~x86 >> /etc/portage/package.keywords"

will run the redirection as root.

For stuff like this, I'd recommend you to write simple shell functions:

addkeyword(){
  sudo bash -c "echo $* >> /etc/portage/package.keywords"
}

Write them in your .bashrc and their avaible when you need it.

Use it like this:

$ addkeyword package ~x86

Christoph
-- 
echo mailto: NOSPAM !#$.'<*>'|sed 's. ..'|tr "<*> !#:2" org@fr33z3
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Holly Bostick]

Christoph Gysin schreef:
> David Morgan wrote:
> 
>>afaik you can only do it with su -c "echo foo >> bar", which stops bash
>>from doing anything with the >> or the whitespace to begin with, but
>>then passes everything inside the double quotes to another shell, which
>>gets started by su -c
>>
>>It's kind of annoying, I know, but I don't think there's a way round it
>>with sudo.
> 
> 
> Yes it is possible. But you need the shell (which handles the redirect)
> to run as root.

Ah-HAH! (at least I figured that much out, thanks for confirming)

> 
> $ sudo echo package ~x86 >> /etc/portage/package.keywords
> 
> will run the redirection as user, where:
> 
> $ sudo bash -c "echo package ~x86 >> /etc/portage/package.keywords"
> 
> will run the redirection as root.
> 
> For stuff like this, I'd recommend you to write simple shell functions:
> 
> addkeyword(){
>   sudo bash -c "echo $* >> /etc/portage/package.keywords"
> }
> 
> Write them in your .bashrc and their avaible when you need it.
> 
> Use it like this:
> 
> $ addkeyword package ~x86
> 
> Christoph

Thank you, Christoph!!!!

You have not only saved my sanity, but you've given me a solution to two
problems you didn't even know I had (it was the next question)! i.e.,
how to essentially export self-created variables or something similar
(you don't know how many times I've put a comma between package and
keywords/use/unmask, and I really needed some way to not have to be
typing it all the time until I get more time in with GTypist); and also
how to easily use some of the aliases I've got in root's .bashrc (or at
least their functionality). Now, with some minor adjustments of this
template, not only can I add keywords (or useflags or mask and unmask)
easily, I can also open the package.* file in nano and edit it easily if
I screw up, or want to check something.

Last question on this subject-- is this all just bash scripting (so I
can learn about it if I sit and study the abs-guide) or is there
someplace else I should check out if I want to learn how to write this
stuff myself?

Thanks again,
Holly



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Christoph Gysin]

Holly Bostick wrote:
> Thank you, Christoph!!!!

Your welcome.

> Last question on this subject-- is this all just bash scripting (so I
> can learn about it if I sit and study the abs-guide) or is there
> someplace else I should check out if I want to learn how to write this
> stuff myself?

Yes, this is pure bash scripting. The related parts are redirection [1]
and shell functions [2].

[1] http://www.tldp.org/LDP/abs/html/io-redirection.html
[2] http://www.tldp.org/LDP/abs/html/functions.html

Christoph
-- 
echo mailto: NOSPAM !#$.'<*>'|sed 's. ..'|tr "<*> !#:2" org@fr33z3
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Richard Fish]

Holly Bostick wrote:

>>I don't just give myself blanket permissions to sudo to all commands; I
>>made a Cmd_Alias group which includes a lot of utility apps. And, like
>>many of you, I included emerge in this group.
>>
>


>Christoph Gysin schreef:
>  
>
>>
>>$ sudo bash -c "echo package ~x86 >> /etc/portage/package.keywords"
>>
>>will run the redirection as root.
>>
>>For stuff like this, I'd recommend you to write simple shell functions:
>>
>>addkeyword(){
>>  sudo bash -c "echo $* >> /etc/portage/package.keywords"
>>}
>>
>>Write them in your .bashrc and their avaible when you need it.
>>
>>Use it like this:
>>
>>$ addkeyword package ~x86
>>
>>Christoph
>>    
>>
>
>Thank you, Christoph!!!!
>
>You have not only saved my sanity, but you've given me a solution to two
>problems you didn't even know I had (it was the next question)! i.e.,
>  
>

BTW Holly,

You should recognize that from a security standpoint allowing yourself
to execute bash is really giving yourself "blanket permissions to sudo
to all commands".  You might as well make life easier on yourself and
just make your sudo settings "ALL=(ALL) NOPASSWD: ALL".

My $.02.

-Richard

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Holly Bostick]

Richard Fish schreef:
> BTW Holly,
> 
> You should recognize that from a security standpoint allowing yourself
> to execute bash is really giving yourself "blanket permissions to sudo
> to all commands".  You might as well make life easier on yourself and
> just make your sudo settings "ALL=(ALL) NOPASSWD: ALL".
> 
> My $.02.
> 
> -Richard
> 

Thank you for the heads-up, Richard, but it would seem that that isn't
quite true-- I did a test:


 sudo bash -c /etc/init.d/samba restart

Gentoo Linux RC-Scripts; http://www.gentoo.org/
 Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL

Usage: samba < flags > [ options ]

Options:

In other words, I couldn't restart the Samba daemon, whereas when root I
can:

 su
Wachtwoord:

wo 07/06/05 20:31
~
root -> /etc/init.d/samba restart
 * samba -> stop: smbd ...

                             [ ok ] * samba -> stop: nmbd ...

                                                                [ ok ] *
samba -> start: smbd ...

                          [ ok ] * samba -> start: nmbd ...

                                                             [ ok ]

So I think I'll pass on the ALL/ALL -- I know that this is not the most
secure setup possible (though as soon as I set up a personal firewall
behind the router's firewall and set up chrootkit, I'll feel yet
better), but still, I'd like to keep what minimal limits still exist,
despite having punched holes in them my own self.

Or is this not a valid proof that there are some limits left?

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Richard Fish]

Holly Bostick wrote:

>Richard Fish schreef:
>  
>
>>BTW Holly,
>>
>>You should recognize that from a security standpoint allowing yourself
>>to execute bash is really giving yourself "blanket permissions to sudo
>>to all commands".  You might as well make life easier on yourself and
>>just make your sudo settings "ALL=(ALL) NOPASSWD: ALL".
>>
>>My $.02.
>>
>>-Richard
>>
>>    
>>
>
>Thank you for the heads-up, Richard, but it would seem that that isn't
>quite true-- I did a test:
>
>
> sudo bash -c /etc/init.d/samba restart
>
>  
>

Remember that the -c option for bash is a single argument, not the rest
of the line.  The 'restart' is being seen as a separate argument to
bash, not as part of the command for bash to execute, if that makes any
sense!  It will work if you do:

sudo bash -c "/etc/init.d/samba restart"

-Richard

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Holly Bostick]

Richard Fish schreef:
> Holly Bostick wrote:
> 
> 
>>Richard Fish schreef:
>> 
>>
>>
>>>BTW Holly,
>>>
>>>You should recognize that from a security standpoint allowing yourself
>>>to execute bash is really giving yourself "blanket permissions to sudo
>>>to all commands".  You might as well make life easier on yourself and
>>>just make your sudo settings "ALL=(ALL) NOPASSWD: ALL".
>>>
>>>My $.02.
>>>
>>>-Richard
>>>
>>>   
>>>
>>
>>Thank you for the heads-up, Richard, but it would seem that that isn't
>>quite true-- I did a test:
>>
>>
>>sudo bash -c /etc/init.d/samba restart
>>
>> 
>>
> 
> 
> Remember that the -c option for bash is a single argument, not the rest
> of the line.  The 'restart' is being seen as a separate argument to
> bash, not as part of the command for bash to execute, if that makes any
> sense!  It will work if you do:
> 
> sudo bash -c "/etc/init.d/samba restart"
> 
> -Richard
> 

So it will. Shoot. Oh, well. Maybe I'll rework this, or I should then
ask for:

1) firewall recommendations (personal, as the router has one too; atm
I'm liking firestarter)

2) anti-hacking monitors (other than chrootkit and rkhunter, if needed--
guess I'm thinking about keyloggers)

?

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[John J. Foster]

On Wed, Jul 06, 2005 at 09:42:27PM +0200, Holly Bostick wrote:
> 
> So it will. Shoot. Oh, well. Maybe I'll rework this, or I should then
> ask for:
> 
> 1) firewall recommendations (personal, as the router has one too; atm
> I'm liking firestarter)
> 
For configuring iptables on Linux, I've had good luck with Guarddog.
Pretty simple to use, yet seems quite complete. I tried using
firestarter back when I was using Suse, but never could quite get the
hang of it. It was probably from the fact that that was my first foray
into firewalls, and I was clueless about the different options, and what
it all meant. (Not to say that much has changed on my part even now !)

I also use fwbuilder on my Linksys router, mainly because it supports,
and has a pre-configured firewall for, custom Sveasoft firmware running
way-stripped down version of Linux on the router.

HTH,
John
-- 
The revolution will not be televised.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Manuel McLure]

Holly Bostick wrote:
> So it will. Shoot. Oh, well. Maybe I'll rework this, or I should then
> ask for:
> 
> 1) firewall recommendations (personal, as the router has one too; atm
> I'm liking firestarter)

I've been very pleased with Shorewall as a firewall.

-- 
Manuel A. McLure KE6TAW <manuel@mclure.org> <http://www.mclure.org>
...for in Ulthar, according to an ancient and significant law,
no man may kill a cat.                       -- H.P. Lovecraft
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] sudo echo cannot write to /etc/ files ?

[Christoph Gysin]

Holly Bostick wrote:
> Or is this not a valid proof that there are some limits left?

Not, it's not. A simple "sudo bash" will give you a root shell.
The problem in your example was the missing quotes:

$ sudo bash -c "/etc/init.d/samba restart"

Christoph
-- 
echo mailto: NOSPAM !#$.'<*>'|sed 's. ..'|tr "<*> !#:2" org@fr33z3
-- 
gentoo-user@gentoo.org mailing list