PDA

View Full Version : [SOLVED] Is there a way to add alias's to sudo ?



lsatenstein
3rd August 2017, 07:48 PM
Fedora's default list of alias's for /root are
alias cp='cp -i'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias mc='. /usr/libexec/mc/mc-wrapper.sh'
alias mv='mv -i'
alias rm='rm -i'
alias which='(alias; declare -f) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot'
alias xzegrep='xzegrep --color=auto'
alias xzfgrep='xzfgrep --color=auto'
alias xzgrep='xzgrep --color=auto'
alias zegrep='zegrep --color=auto'
alias zfgrep='zfgrep --color=auto'
alias zgrep='zgrep --color=auto'

I added the above to my ~./bashrc and verified that they were enforced. I did that as I thought they were useful

However, when I run sudo cp a b
and then redo sudo cp a b

the alias's are not inspected or evaluated. In otherwords, the protection for accidental over-write are not enforced.

Is there a way to enforce same with sudo?

srakitnican
4th August 2017, 08:57 AM
The trick is to add more alias!

alias sudo='sudo '
It works, no joke :D


$ alias sgh="echo 'I am alias'"
$ sgh
I am alias
$ sudo sgh
I am aliashttps://askubuntu.com/a/22043

dswaner
4th August 2017, 11:37 AM
sudo -i

will open an interactive (login) root shell, in which the aliases are available.

dd_wizard
4th August 2017, 07:08 PM
sudo -i

will open an interactive (login) root shell, in which the aliases are available.

This doesn't work for me, even after changing "Defaults env_reset" to "Defaults !env_reset" with visudo. However, the previous post worked, defining the alias sudo='sudo ' in .bashrc.

dd_wizard

dswaner
4th August 2017, 09:02 PM
Originally posted by dd_wizard

... This doesn't work for me ...

Sounds like you don't have any aliases defined for root.

What does your "/root/.bashrc" look like?

Or, same thing: when logged in as root, what does "alias" show?

dd_wizard
4th August 2017, 09:16 PM
They're set in /root/.bashrc:


[root@Mobile-PC ~]# alias
alias ..='cd ..'
alias dir='dir -h --color=auto'
alias dl='dir -hl --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -hl --color=auto'
alias lld='ls -dhl'
alias ls='ls --color=auto'


$ sudo -i ll
-bash: ll: command not found

So I'm not sure what's up here. As I said, I toggled env_reset with visudo, and nothing changed.

dd_wizard

dswaner
4th August 2017, 09:47 PM
For some reason, you are missing the usual root aliases for:

alias cp='cp -i'
alias mv='mv -i'
alias rm='rm -i'

The missing cp alias is causing the failure for lsatenstein's test case, after doing a

$ sudo -i

dd_wizard
4th August 2017, 10:04 PM
This is odd! I added those, and nothing changed as I expected. However, this indicates "sudo -i ll" should work for me.


$ sudo alias
No aliases are listed, output is empty.

$ sudo -i alias
alias ..='cd ..'
alias cp='cp -i'
alias dir='dir -h --color=auto'
alias dl='dir -hl --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -hl --color=auto'
alias lld='ls -dhl'
alias ls='ls --color=auto'
alias mv='mv -i'
alias rm='rm -i'

But:
$ sudo -i ll
-bash: ll: command not found


dd_wizard

dswaner
4th August 2017, 10:33 PM
What works for me is:

$ sudo -i
without specifying any command, such as "ll".
That takes you into a root login session, with a "#" prompt.
Then if you do the "cp /tmp/a /tmp/b" twice, the second time it will prompt

cp: overwrite '/tmp/b'?

However, looking at the sudo man page, what you are doing (sudo -i ll) should also work, but it does
not work for me either. That looks like a bug in sudo to me.

1478651 (https://bugzilla.redhat.com/show_bug.cgi?id=1478651)

lsatenstein
5th August 2017, 03:55 AM
what works is
a) edit ~/.bashrc
add
alias sudo='sudo '

sudo with one space in the alias command does it.
Google for the write up about it or do man sudo.

dswaner
5th August 2017, 01:37 PM
Are there any security implications for this kluge?

dd_wizard
5th August 2017, 10:20 PM
It's documented in the man page for alias. All that happens is the command following sudo is expanded if it's one of your aliases before sudo is executed. So, if you trust your own aliases, sudo should be able to.

dd_wizard

dswaner
12th October 2017, 05:09 PM
Got a definitive answer from the upstream sudo folks:

From the bash manual:

Aliases are not expanded when the shell is not interactive, unless the
expand_aliases shell option is set using shopt (see the description of
shopt under SHELL BUILTIN COMMANDS below).

When you run a command via "sudo -i" the shell is not in interactive
mode so aliases are not applied. If you use a shell function instead
of an alias this is not an issue. Adding "shopt -s expand_aliases" to
the top of .bash_profile should give you the behavior you want.

lsatenstein
12th October 2017, 09:04 PM
What do you get with
[leslie@laptop ~]$ alias sudo='sudo '
[leslie@laptop ~]$ sudo su
[root@laptop leslie]# alias
alias cp='cp -i'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias mc='. /usr/libexec/mc/mc-wrapper.sh'
alias mv='mv -i'
alias rm='rm -i'
alias which='(alias; declare -f) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot'
alias xzegrep='xzegrep --color=auto'
alias xzfgrep='xzfgrep --color=auto'
alias xzgrep='xzgrep --color=auto'
alias zegrep='zegrep --color=auto'
alias zfgrep='zfgrep --color=auto'
alias zgrep='zgrep --color=auto'
[root@laptop leslie]#

In a shell script without #!/bin/bash are the alias's available to the script

dswaner
12th October 2017, 09:44 PM
Sorry, but the "definitive solution" that I posted doesn't work. The bash manual does indeed indicate that the
"expand_aliases" shopt should do the trick. However, it does not work on Fedora 26. I put "shopt -s
expand_aliases" in both .bash_profile and .bashrc - logged out and in, and "sudo -i ll" still gives "bash: ll:
command not found" I will re-open Bug 1478651 on Red Hat bugzilla, and comment on bug 806 at
bugzilla.sudo.ws.

lsatenstein
12th October 2017, 10:01 PM
Did you carefully review the alias for sudo.
sudo with one space in the alias for sudo should do the job.

dswaner
12th October 2017, 10:27 PM
Sorry for the confusion, but it does work if you add the "shopt -s expand_aliases"
to root's .bash_profile, not the user's. That is, "sudo -i ll" works as expected.

Also, regarding


Did you carefully review the alias for sudo.
sudo with one space in the alias for sudo should do the job.

I haven't tried that technique, but I'm certain that it works, since it is working for a number of
contributors to this thread. I'll stick with the "shopt -s expand_aliases" technique.