There is a standard way (working across Linux distributions) to launch a process (from another application) asking for the root password in order to elevate privileges?
I tried to use gksudo (it is installed in ubuntu by default), but under other distributions (or under other desktop manager) it may not be installed.
I would recommend looking at PolicyKit which is what most modern distros are using to accomplish this.
That works everywhere but does not cache the password and asks for the root and not the user password (as sudo does):
su - -c command
EDIT: Not on ubuntu where the root-account is disabled. Probably you need something like that:
test -x /usr/bin/sudo && sudo command || su - -c command
The only default thing is text mode su. Most distros have also sudo installed.
Now, in KDE based distros you'll have kdesu, while in GNOME based it'll be gksu and gksudo. Machines in Kerberized domains have ksu.
You might try to use /etc/sysconfig/desktop to see which is the default desktop.
Traditionally, if your application needs to allow a user to elevate privileges, it installs its own single-purpose setuid executable -- single-purpose meaning that it performs the task needed, instead of acting as a general-purpose launcher.
$ su -
# cp `type -p id` /usr/local/bin/root-id
# chown root:users /usr/local/bin/root-id
# chmod 4750 /usr/local/bin/root-id
$ /usr/local/bin/root-id
... euid=0(root) ...
OTOH setuid executables have also been a common source of security holes too, so exercise care.
Related
I'm using the AI Platform notebook and I want to install cuda because the Tensorflow can't use GPU.
sudo apt-get install cuda-cudart-10-0
Then in the command line it's asking me for password.
(base) jupyter#cuda-10-1-20201008-115420:~/tutorials/stylegan2$ sudo apt-get install cuda-cudart-10-0
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for jupyter:
Sorry, try again.
I don't recall I gave it any password while setting it up. Is there a default password for it?
To answer the first question, our Notebooks provide TensorFlow and when you create it, you can select to install Nvidia Driver automatically. Probably this option was missed during instance creation.
With respect to the second question, from the output, seems to be that you are in Jupyter Terminal.
Jupyter Notebooks provides access to Instance OS which could be Debian 9/10 or we support Ubuntu now. Jupyter Terminal process is running as jupyter user. While you can still run process as root. I would suggest you that you login via SSH and run commands directly from there. If you create the Notebook via UI we now provide OS login feature which allows you to access instance via SSH with IAM permissions hence your Google Cloud user account. If you are not sure of any of this, please contact your IT admin.
What do you think sudo does? If this is your first time using a Linux system, know that prepending every command in Linux with sudo is same as typing cmd in the windows run box and then pressing shift+enter. sudo is a way to tell the OS that I need admin rights (or in Linux's case, root permissions). So, it is bound to ask you for the password.
The password it is asking for is your account password. Also, it is usually a good idea to set up the root password when in first use. To set it up, drop into the root prompt from your user account using sudo su. Then type in passwd to set up a new password for the root user. Log out, and restart the machine.
Do not forget that root account has the ultimate privileges, and unless absolutely necessary, it is always better to prepend the command with sudo instead of dropping into the root prompt.
PS: A hint: sudo <command> followed by the caller's password is same as su -c '<command>' followed by the root account's password
You also might want to take a look at fakeroot
Which linux distro are you on? Like Kali has default password as root or toor or kali depending on version
Is there any way to get vs code to work properly in linux? I can't run sudo code . because that gives me an error saying it's not secure to do so, I can't do anything within the editor to force doing things, like staging a file in git, or reloading a newly installed extension. I've googled around, and it seems nobody else has posted about this, and it seems highly unlikely that I'm the first to raise issue about this. (Take it easy on me, I'm a relatively new linux user). I'm trying to figure this out on Ubuntu 18.04 if that's relevant at all. My version of vs code is 1.30.2
I guess my main question is what's the right way to get applications like vs code to be able to perform tasks that required doing things without fighting the OS about sudo and privileges?
Launch via sudo from terminal
To launch VSCode as root --which is highly discouraged-- you must specify an alternate user data directory as follows:
$ sudo code --user-data-dir /path/to/alternate/folder
VSCode will automatically generate the required folders in the selected directory and launch with root privileges.
Change permissions to fix "permission denied" error
The solution in this case is to manually change the permissions of the two directories /home/$USER/.config/Code/ and /home/$USER/.vscode/. Perform these steps:
$ sudo chmod 755 /home/$USER/.config/Code
$ sudo chmod 755 /home/$USER/.vscode
To answer your other question:
If you really need to run several commands as root and you are annoyed by having to enter your password several times (when sudo has expired), just do sudo -i and you'll become root.
If you want to run commands using pipes, use sudo sh -c "comand1 | command2".
You may also want to take a look at this Ask Ubuntu answer about running applications as root.
I solve this problem using:
sudo chown -R YOUR_USER YOUR_PROJECT/
You basically need to tell the OS that you are the owner of the files you create. Use sudo chown <user name> <projects directory>
However, if you already created some files before applying chown, don't forget to change their permission also sudo chown <user name> <projects directory>/<file name>.
I'm quite new to Linux. I remember using a tutorial were you were able to declare your sudo (+password) at the start and then use terminal without having to do sudo or import your password again.
I.e.
Sudo yum-get update -> yum-get update.
Sorry if this is a very obvious question, I honestly don't remember where the tutorial was from, and how to do it again.
ps - if it helps, I'm on a RedHat Distro, but go between Debian and RedHat.
You can use su. This way you are changing the ownership of the session to root (by default, you can also change to any other user on the system) and therefore you will be able to avoid the sudo.
Here you can find some more information on the command.
You may use
sudo -i
It acquires the root user's environment and kind of simulates a login into the root account
I recently noticed a fairly strange and for me unexpected behaviour in Xubuntu 12.04 and 14.04.
I was doing the following:
Testing if my user in in the group users, with
groups $USER
This is not the case by default. So I add my user to this group:
sudo usermod -a -G users $USER
I the can check the file /etc/group and will see my user added in the entry.
I then would like to give the group users access to some files, in my example the www and cgi-bin directory:
sudo chgrp users /var/www /usr/lib/cgi-bin
I also want that my group can write into the directories:
sudo chmod g+w /var/www /usr/lib/cgi-bin
I would assume, that I can now create a file in those directories, but I can't. Neither by commandline, nor by the standard filebrowser from Xubuntu.
Somewhere I read, that I need to logout from the terminal to make it work, so I close and reopen the commandline terminal, but it is still now working.
But: It I reboot the whole system everything works as it should...
Seriously??? Why is this, is it a bug or a feature and are there better ways then restarting the complete OS?
(I thought the strength of Linux is exactly that you don't need to reboot all the time like in other "popular" OS)
(Note: I have not tested this on other systems as e.g. Debian yet...)
Group memberships are inherited from process to process like many other things in a unixoid environment. That means a running shell will not be affected from such changes in the account configuration. Also just opening a new terminal or shell will not show the change, since it is spawned from an already running process, ultimately from the initial process started right after the login.
You have to re-run the login process instead. Either by restarting the graphical environment, or by doing a logout/login sequence when working on the virtual terminals. Also obviously rebooting will lead to a new login process.
The only direct alternative is to spawn a new login shell explicitly: bash -l for example does the trick: it re-executes all stuff run through at login time. But note that this only effects that started shell and processes spawned from it. It does not affect other already running processes. So you have a somewhat mixed environment then...
I've tested code that requires root access in pyCharm by running sudo pycharm.sh but this is not the way I would recommend of doing so.
I know it's possible to debug with sudo privileges by running the python interpreter as sudo in pyCharm but how do we do this?
Create a shell script that does "sudo python" and forwards the arguments, and configure that script as a Python interpreter in PyCharm.
Name of this shell script should start with python (source: http://forum.jetbrains.com/message/PyCharm-424-3).
In PyCharm new version, it has a configure to run Python interpreter in root, no need workaround. See picture below. Check to checkbox: Execute code using this interpreter with root privileges via sudo
For what it's worth, I've managed run a python script with sudo priviledges (on Ubuntu 16.04) like this:
In the very first line in the script, define the interpreter like this:
#!/usr/bin/sudo python
Make the script executable:
chmod +x myscript.py
Run the script directly, without specifying the python interpreter yourself:
./myscript.py
The script will ask for sudo password and continue running with elevated priviledges.
I solved this problem by copying /usr/bin/python3 in my home, then setting cap_net_bind_service capability:
cp /usr/bin/python3 ~/python35-setcap
sudo setcap 'cap_net_bind_service=+ep' ~/python35-setcap
And then using ~/python35-setcap as python interpreter in pycharm.
This way, you can bind lower ports, but not any python 3 program can do it, and pycharm can still kill your script. You could also restrict execute permission to yourself if you want more security.
I have encountered the same problem trying to debug Bluetooth related code on a Raspberry Pi. I suppose, since you're doing remote debug on the device, that the device is for development use only. In such a case, in my humble option, you should permit ssh root login, so you can configure PyCharm to use the root user and you don't need to sudo. That's the solution I have chosen.
The following instructions are for a Raspberry Pi, but the procedure is the same for any Linux distribution:
First of all, add your public key to the authorized_keys:
cat ~/.ssh/id_rsa.pub | ssh pi#raspberrypi "mkdir -p ~/.ssh && cat >>
~/.ssh/authorized_keys"
Then login into the Raspberry Pi:
ssh pi#raspberrypi
Once you have a console copy your key into the root directory:
sudo mkdir /root/.ssh
sudo cp authorized_keys /root/.ssh/
Finally edit sshd_config adding PermitRootLogin without-password:
sudo vim /etc/ssh/sshd_config
Use your preferred editor.
Now you are able to ssh inside the Raspberry Pi as root:
ssh root#raspberrypi
Using root instead or pi user, give you the ability to run your code, even remotely, with root privileges, as
required by BlueZ.
I have encounter another way to solve this issue so I thought to share it (this answer is more like an alternative for the other answers).
It is worth to mention here that this solution "attacks" the problem by running only a certain Python script (within the pPyCharm IDE) in root mode , and not the entire PyCharm application.
1) Disable requiring password for running Python:
This will be achieved by editing the /etc/sudoers.d/python file. What we need to do is to add an entry in that file as follows:
user host = (root) NOPASSWD: full_path_to_python, for example:
guya ubuntu = (root) NOPASSWD: /usr/bin/python
NOTES:
user can be detected by the command: whoami
host can be detected by the command: hostname
2) Create a "sudo script": The purpose of this script is to give Python privilege to run as root user.
Create a script called python-sudo.sh , and add the following into it:
#!/bin/bash
sudo /usr/bin/python "$#"
Note again that the path is the path to your Python as the previous phase.
Also, this path is the path to Python2 on the system.
Don't forget to give execution permissions to this script using the command: chmod
chmod +x python-sudo.sh
3) Use the python-sudo.sh script as your PyCharm interpreter:
Within PyCharm go to: File --> Settings --> Project interpreter
At the right top hand side click the "setting" icon, and click "Add local".
In the browser option choose the python-sudo.sh script we have created previously. This will give PyCharm the privilege to run a Python script as root.
4) Debug the test: All there is left to do is actually debug the specific Python script in the PyCharm IDE. This can be done easily via Right-click on the script to debug --> hit Debug sample_script_to_debug.py
For those looking for a cleaner solution and don't mind entering a password each time.
Go to your Run Configuration > Edit Configurations
Under 'Execution', check the Emulate terminal in output console option.
This will allow you to debug a Python script while maintaining your current user and giving elevated sudo privileges to the script when it's needed. It also makes it easier to maintain different virtual environments if you work across multiple projects.
Terminal:
sudo ./Pycharm
this way you can start PyCharm as SuperUser
I follow the instructions here and success. But there is a problem that the PYTHONPATH is not valid when you use sudo. So when you edit with
sudo visudo -f /etc/sudoers.d/python
add that:
user host = (root) NOPASSWD:SETENV: /home/yizhao/anaconda3/bin/python
also your script should be:
#! /bin/bash
sudo PYTHONPATH=$PYTHONPATH /home/name/anaconda3/bin/python "$#"
Similar to what #Richard pointed out, the answer posted here worked for me
sudo /Applications/PyCharm.app/Contents/MacOS/pycharm on MacOS