[ale] Sudo
Jim Popovitch
jimpop at yahoo.com
Thu May 19 14:59:55 EDT 2005
On Thu, 2005-05-19 at 12:07 -0400, Jason Day wrote:
> On Wed, May 18, 2005 at 05:21:40PM -0400, Jim Popovitch wrote:
> > Several times in the (still going)
> > setuid/viral/malware/root/non-root/etc discussion people have mentioned
> > using sudo. One of the things I've always disliked about sudo is the
> > need for me to have to preface some commands I want to run as su vs
> > which I don't. What I mean is as a user if I want to run "ifconfig eth
> > mtu 1149", I need to acually run "sudo ifconfig eth0 mtu 1149", but if I
> > want to just see what the MTU is for interface eth0 I don't need sudo.
> > What I think would be neat is for bash (or other shells) to remember
> > sudo commands that users run and to automatically invoke sudo the next
> > time I run the command without it. Knowing when to use sudo is not the
> > issue here, having sudo know when it is needed is.
> >
> > A couple of questions:
> >
> > 1) Why would this be good/bad?
>
> Personally, I think this is a bad idea because it removes the extra step
> needed to perform a priviliged action. If you've configured sudo so
> that you don't need to enter a password, then having the shell
> automatically convert "commant" to "sudo command" is dangerous. It's
> equivalent to always running as root, which we all know I think is a bad
> idea :)
;-) True, but some commands, even though they require root, aren't
dangerous for users to run on a desktop/laptop. In those cases why
bother forcing them to use sudo... just do it automagically for them and
let sudo prompt them for a passwd according to settings in sudoers. Let
sudo be the gatekeeper, not the bash command line.
> > 2) Is this something bash completion could accomplish?
>
> I don't think so. But it might be possible to write a wrapper script
> that takes user input, passes it to bash, then passes the bash output
> back to the user. For each user input command, if it starts with
> 'sudo', store the command in a hashtable. If it doesn't start with
> sudo, then see if the command is in the hashtable. If it is, prepend
> 'sudo ' before passing it to bash. I don't know how well that would
> work with pipes though.
Excellent idea. A bash wrapper. perhaps I'll call it "subash". ;-)
-Jim P.
More information about the Ale
mailing list