Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 25/26 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 25th August 2011, 07:41 AM
Bazu135's Avatar
Bazu135 Offline
Registered User
 
Join Date: Aug 2011
Location: Luton, UK
Age: 32
Posts: 291
linuxfirefox
sudo NOPASSWD to .bashrc alias?

I've set up an alias in .bashrc (let's call it alias1), and am trying to set up a sudo NOPASSWD rule for that particular command. Is there a way to do this?

So far, I've attempted:

user ALL = NOPASSWD: alias1
user ALL=(ALL) NOPASSWD: alias1

But keep getting told I have a syntax error - presumably this is because visudo doesn't recognise alias1?

I've already checked that alias1 works correctly, so I assume I'm just referring to it incorrectly. Any suggestions?
Reply With Quote
  #2  
Old 25th August 2011, 07:59 AM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 7,346
linuxfedorafirefox
Re: sudo NOPASSWD to .bashrc alias?

You can't do that.

A bash alias only exists within the memory of the bash interpreter. Sudo is not bash.

And even if you could, you shouldn't - nothing would prevent the user from changing the value of the alias to something else, and then running that something else at elevated privilege.
Reply With Quote
  #3  
Old 25th August 2011, 08:13 AM
Bazu135's Avatar
Bazu135 Offline
Registered User
 
Join Date: Aug 2011
Location: Luton, UK
Age: 32
Posts: 291
linuxfirefox
Re: sudo NOPASSWD to .bashrc alias?

Right - question answered! I'll mark this as solved - thank you~
Reply With Quote
  #4  
Old 1st September 2011, 06:38 PM
Redagadir Offline
Registered User
 
Join Date: Aug 2011
Posts: 95
linuxubuntufirefox
Re: sudo NOPASSWD to .bashrc alias?

instead you can specify the command with fixed options to restrict usage of that command

servlet and jsp event handling

Last edited by Redagadir; 21st December 2011 at 09:08 AM.
Reply With Quote
  #5  
Old 2nd September 2011, 07:53 AM
Bazu135's Avatar
Bazu135 Offline
Registered User
 
Join Date: Aug 2011
Location: Luton, UK
Age: 32
Posts: 291
linuxfirefox
Re: sudo NOPASSWD to .bashrc alias?

Quote:
Originally Posted by Redagadir View Post
instead you can specify the command with fixed options to restrict usage of that command
Out of curiosity, how would I do that?

To put more context to the issue, I found out why the password was necessary for the command in the first place. This is the line from my .bashrc file:
Code:
alias wiiclem='wminput -r -c /home/neko/wiimoteconfigs/wminput-clementine.config'
The problem was that wminput needs to use /dev/uinput, which has restricted access by default. I could change the permissions on it, which removed the need to enter a password, but as I later found out, this was only a temporary fix because everything in /dev regenerates on boot, meaning I had to change the permissions again. By adding this to /etc/rc.local:
Code:
chgrp (group) /dev/uinput
chmod 660 /dev/uinput
I assigned uinput to my group on startup and gave my group read/write access, thus removing the need to enter a password when running wiiclem

If the fixed options path is likely to be easier/more elegant/more secure/more 'correct', though, I'd be happy to hear it for future reference!
Reply With Quote
  #6  
Old 2nd September 2011, 12:56 PM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 7,346
linuxfedorafirefox
Re: sudo NOPASSWD to .bashrc alias?

Not necessarily.

The problem isn't "easier/more elegant" but secure.

Remember that you are giving the program elevated privileges, and if it can be coerced into doing something malicious then it isn't a good idea.

Changing the ownership/modes of /dev/uinput at boot time would be better IF it does not have anything too special about it (like /dev/random).

I don't think /dev/uinput has been completely configured into the system yet or something like that would have been done by now. You can report it as a bug/enhancement, and report a workaround such as putting the command "chmod +r /dev/uinput" (or maybe +rw if it needs initialization written to it) in the file /etc/rc.local. This will have the chmod run after everything else, and make the /dev/uinput device available for everyone.
Reply With Quote
  #7  
Old 3rd September 2011, 09:31 AM
Bazu135's Avatar
Bazu135 Offline
Registered User
 
Join Date: Aug 2011
Location: Luton, UK
Age: 32
Posts: 291
linuxfirefox
Re: sudo NOPASSWD to .bashrc alias?

That really is one of those glaringly obvious alternatives, isn't it? Thank you!
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot open /var/db/sudo after sudo package upgrade Replicant10000 Security and Privacy 1 16th September 2010 01:25 PM
awk alias and .bashrc problem giulianoz Using Fedora 2 17th August 2009 05:08 PM
How to Change Firefox Alias or any Alias? FergatROn Using Fedora 1 3rd June 2008 09:18 PM
sudo and NOPASSWD sentry Using Fedora 21 19th May 2006 10:04 PM
sudo question (host alias) arc2v Using Fedora 2 23rd June 2005 01:37 PM


Current GMT-time: 03:27 (Thursday, 19-10-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat