Dev1 Galaxy Forum / Replacing sudo.

Re: Replacing sudo.

dummy@example.com (yeti) — Tue, 31 Oct 2023 19:54:33 +0000

sup? Compile-time configuration smells too much like those suck**ss tools. Definitely not my taste.

For a while now doas has got persist added on Linux too, so I see no reason any more not to use it.

Re: Replacing sudo.

dummy@example.com (czeekaj) — Tue, 31 Oct 2023 17:58:35 +0000

https://sup.dyne.org/

This is apparently a replacement option

Re: Replacing sudo.

dummy@example.com (czeekaj) — Sun, 17 Sep 2023 02:47:47 +0000

There is also sudo -i to just pretty much login as root.

to make it request password everytime you might need to set alias in .bashrc when sudo is invoked.
Although I am unsure how to block sudo -i using an alias.

Re: Replacing sudo.

dummy@example.com (dpkg) — Mon, 11 Sep 2023 20:41:25 +0000

Devarch wrote:

Surprisingly, if this line is removed I do not need to tap password.

It is because:

     The last matching rule determines the action taken.  If no rule matches, the ac-
     tion is denied.

https://man.openbsd.org/doas.conf#DESCRIPTION

Devarch wrote:

What is wrong with using XAUTHORITY?

Nothing, but you should have only one line matching the same username.

permit nopass keepenv setenv { XAUTHORITY=/home/username/.Xauthority DISPLAY=:0.0 LANG LC_ALL } username as root

Re: Replacing sudo.

dummy@example.com (Head_on_a_Stick) — Wed, 05 Oct 2022 19:34:30 +0000

See https://en.wikipedia.org/wiki/Principle … _privilege — what's the point of running the graphical interface as root if you only need to use elevated priviledges to save the modified file? That's what sudoedit & admin:// do.

Devarch wrote:

Almost every linux distribution lets run editor as root?

Almost every Linux distribution expressly advises against running editor GUIs as root. That's why sudoedit & admin:// exist. The latter is the default for GNOME and can also be used in the file manager so that can be operated without having to run the GUI itself as root.

EDIT: just for the record this works fine in my sway (Wayland) desktop:

doas mousepad /etc/fstab

I didn't think that was supposed to be possible

Re: Replacing sudo.

dummy@example.com (Devarch) — Wed, 05 Oct 2022 19:18:00 +0000

Head_on_a_Stick, hhank you for this hint.

What is wrong with using XAUTHORITY? Almost every linux distribution lets run editor as root? I use it to edit system files. Is there some security problem?

Re: Replacing sudo.

dummy@example.com (Head_on_a_Stick) — Wed, 05 Oct 2022 05:06:47 +0000

If you want to run a graphical text editor as root then either use one that takes advantage of the GVFS admin:// backend:

gedit admin:///full/path/to/file

Or stick with sudo:

SUDO_EDITOR=geany sudoedit /path/to/file

Set $SUDO_EDITOR in /etc/environment to make it permanent then just use plain sudoedit.

Running the entire GUI editor as root is simply ridiculous. Don't do it.

Re: Replacing sudo.

dummy@example.com (Devarch) — Tue, 04 Oct 2022 21:33:57 +0000

Head_on_a_Stick wrote:

Devarch wrote:
I still need password with doas inspite of
Sorry to ask but you did replace username with the actual username, right?
That syntax works for me with the Debian doas package provided the actual username is supplied.

yes.

I've discovered that if this line is present
permit persist keepenv setenv { XAUTHORITY=/home/username/.Xauthority DISPLAY=:0.0 LANG LC_ALL } :username

than this problem is present.

Surprisingly, if this line is removed I do not need to tap password.

But without this line I can not use geany or other staff as root.

Re: Replacing sudo.

dummy@example.com (Head_on_a_Stick) — Tue, 04 Oct 2022 15:40:14 +0000

Devarch wrote:

I still need password with doas inspite of

Sorry to ask but you did replace username with the actual username, right?

That syntax works for me with the Debian doas package provided the actual username is supplied.

Re: Replacing sudo.

dummy@example.com (Camtaf) — Tue, 04 Oct 2022 08:47:07 +0000

It's not meant to allow all encompassing usage, that's what su is for.

Re: Replacing sudo.

dummy@example.com (Devarch) — Mon, 03 Oct 2022 17:57:53 +0000

I still need password with doas inspite of:

permit username as root
permit nopass username as root

in /etc/doas.conf

Strange

Re: Replacing sudo.

dummy@example.com (Head_on_a_Stick) — Sun, 04 Sep 2022 14:26:51 +0000

./configure
make
doas make install

Or add this to your shell initialisation file (eg, ~/.bashrc):

alias sudo='/usr/bin/doas'

Then just carry on using sudo as you always have done.

Re: Replacing sudo.

dummy@example.com (delgado) — Sun, 04 Sep 2022 12:45:33 +0000

Hm, how would the following look in doas style?
(Capt. Obviuos does not want to compile as root)

$ ./configure
$ make
$ sudo make install

Re: Replacing sudo.

dummy@example.com (Camtaf) — Sun, 04 Sep 2022 09:40:27 +0000

As far as regular desktop users, & small networks go, doas would be a better option for most distros.

Re: Replacing sudo.

dummy@example.com (brocashelm) — Sat, 03 Sep 2022 18:42:05 +0000

Head_on_a_Stick wrote:

The creator of doas explains their reasons here:
https://flak.tedunangst.com/post/doas

I've been listening to some of Ted Unangst's talks. He's very thorough about his approach to improving code.

Anyway, I've been playing around with doas and actively considering installing OpenBSD on the side. I like the more minimalist, no-hands-held environment.