User avatar
thagrol
Posts: 4737
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: "Sudo required"

Thu Apr 15, 2021 5:46 pm

GlowInTheDark wrote:
Thu Apr 15, 2021 5:10 pm
It would be much better if the tool would verify on startup, before doing anything, that it is running as root, and generate an error message that says specifically that.
Guilty as charged. My more recently released code that needs root/sudo does just that (actually checks for UID of 0) then returns "Must be root" on stderr and a non-zero exit code if the user isn't root.

Slightly cryptic, I admit but it should do the job better than a string of random errors.
Finally, and only tangentially related to the above, note that a really good tool would not bother warning you that you need to use sudo, but would just go ahead and re-start itself under sudo. I am thinking specifically of the example given in the OP, of raspi-config. raspi-config should just go ahead and re-start itself under sudo when it detects that it isn't running as root. Of course, that attempt to re-start itself might fail, in which case, then, and only then, should it issue an error message.
That I can't agree with. At least prompt the user for cofirmation first though I've seen people who should know better click through such prompts without reading them.

In the specific case of raspi-config, that has always struck me as a programmer's attempt at a tool for beginners. Sure it's much better than asking a novice to edit the config files but there stuff that might be done to make it safer and less frustrating.
I'm a volunteer. Take me for granted or abuse my support and I will walk away

All advice given is based on my experience. it worked for me, it may not work for you.
Need help? https://github.com/thagrol/Guides

User avatar
thagrol
Posts: 4737
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: "Sudo required"

Thu Apr 15, 2021 5:50 pm

GlowInTheDark wrote:
Thu Apr 15, 2021 5:36 pm
In general, I think the implementors assume that you keep the passwordless sudo, and pretty much consider it your lookout (i.e, all bets off) if you disable it.
Or they assume that if you know enough to disable passwordless sudo you know enough not to need the beginner friendly tools (not a valid assumption in my book).
I'm a volunteer. Take me for granted or abuse my support and I will walk away

All advice given is based on my experience. it worked for me, it may not work for you.
Need help? https://github.com/thagrol/Guides

Heater
Posts: 18032
Joined: Tue Jul 17, 2012 3:02 pm

Re: "Sudo required"

Thu Apr 15, 2021 5:52 pm

GlowInTheDark wrote:
Thu Apr 15, 2021 5:10 pm
Finally, and only tangentially related to the above, note that a really good tool would not bother warning you that you need to use sudo, but would just go ahead and re-start itself under sudo. I am thinking specifically of the example given in the OP, of raspi-config. raspi-config should just go ahead and re-start itself under sudo when it detects that it isn't running as root.
What?!

Are you seriously suggesting that when I accidentally type something equivalent to "rm -rf /" instead of failing with permission denied should go ahead and rerun itself with root privs? That's nuts. At that point "sudo" becomes totally redundant, might as well login as root and do everything with root privs. Forget about any security Linux offers.

Besides. It's a logical impossibility. If a program does not have root privs how is it supposed to et the root privs required to grant itself root privs to run. It a bit like say "If you lock yourself out of the house with the keys inside, just open the door, get the keys, then unlock the door to let yourself in"

And what is wrong with "Permission denied". With a rudimentary understanding of file systems and permissions it is perfectly clear.
Memory in C++ is a leaky abstraction .

User avatar
jahboater
Posts: 6949
Joined: Wed Feb 04, 2015 6:38 pm
Location: Wonderful West Dorset

Re: "Sudo required"

Thu Apr 15, 2021 6:14 pm

Heater wrote:
Thu Apr 15, 2021 5:52 pm
Besides. It's a logical impossibility. If a program does not have root privs how is it supposed to et the root privs required to grant itself root privs to run. It a bit like say "If you lock yourself out of the house with the keys inside, just open the door, get the keys, then unlock the door to let yourself in"
Its easy enough to implement, just make raspi-config a setuid root program.

I don't think its a good idea either, and it would likely fail security audits.

ejolson
Posts: 7114
Joined: Tue Mar 18, 2014 11:47 am

Re: "Sudo required"

Thu Apr 15, 2021 9:05 pm

jahboater wrote:
Thu Apr 15, 2021 6:14 pm
Heater wrote:
Thu Apr 15, 2021 5:52 pm
Besides. It's a logical impossibility. If a program does not have root privs how is it supposed to et the root privs required to grant itself root privs to run. It a bit like say "If you lock yourself out of the house with the keys inside, just open the door, get the keys, then unlock the door to let yourself in"
Its easy enough to implement, just make raspi-config a setuid root program.

I don't think its a good idea either, and it would likely fail security audits.
In my opinion, neither sudo without a password nor having a well-known default password meet with good security practices.

According to the head of the BARK™ consortium,
Fido wrote: Now that the setuid patent has expired

https://patents.google.com/patent/US4135240A/en

there are no good political reasons for continuing to promote the workarounds and clumsy access list methods which originated in non-Unix products.
Note that FidoNet is now required for all correspondence with and within the consortium due to the rash of remote exploits against a popular type of email server.

GlowInTheDark
Posts: 1620
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Thu Apr 15, 2021 10:03 pm

There's been an awful lot of garbage posted in the last few posts. I won't bother to go through it point-by-point, since that would just encourage the Gish Gallup.

Suffice to say that:

1) "rm" is not in the class of programs that we are talking about.

2) The RPi is not expected to pass security audits. This is not a big multi-user system, with mil-spec security expected or in any way desired.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

swampdog
Posts: 632
Joined: Fri Dec 04, 2015 11:22 am

Re: "Sudo required"

Thu Apr 15, 2021 10:06 pm

hippy wrote:
Tue Apr 13, 2021 4:25 pm
Perhaps mostly rhetorical but, why do developers who are writing code which requires 'sudo' to function, and they know that, so often do not check if 'sudo' has been specified, or superuser privileges are held, and report a useful "You need sudo to run this program" but more often than not let the program just run and crash or fail in some way or trap it not working and merely report "that did not work' ?

I appreciate there are some edge cases where things might fail, the check won't be perfect, but it would catch most cases, let the user know they have to say 'please' when they have forgotten.

It has been drummed in to me, time after time, on courses and training I have attended; "Give understandable, meaningful and useful error messages. Let the user know what they got wrong whenever possible", and I agree with that philosophy, strive towards it. It seems many don't.
The developer may not know it has to be used: they might expect it but cannot know. Consider:

I build a lot of code. By default it installs to "/usr/local/" but much of the time I'm not interested in it becoming part of the system. Consequently there is a path "/usr/local/sd/" and that is not owned by root. It's owned by the user I develop as and only that user sees "/usr/local/sd/". It also means I do not have to do "sudo make install", simply "make install". Morever, an unknown build can be tested by using a weird prefix. Loosely..

Code: Select all

$ ../src-1.2.3/configure --prefix=/usr/local/sd/src-1.2.3
$ make
$ make install   #(*1)
$ make uninstall #(*2)
I get to see any behind the scenes shenanigans as they'll error (*1) and uninstall (*2) often does not work properly: it is trivial to "rm -r /usr/local/sd/src-1.2.3/" rather than wade through "/usr/local/" (or even "/usr/local/sd/") trying to remove files manually: plus if the package is faulty it may have overwritten something else.
hippy wrote:
Tue Apr 13, 2021 4:25 pm
Raspberry Pi's 'raspi-config' is a fine example of doing it right, giving a clear and readily understandable report ...

Code: Select all

pi@Pi3B:~ $ raspi-config
Script must be run as root. Try 'sudo raspi-config'
But so much doesn't, and that includes other code from Raspberry Pi.
The above knows it's a user program so can afford to tell you. Some distros go further in that when the user goes into the "control panel" they're not even prompted for a password at all yet other distros will prompt for an admin password: sometimes this is the user password & other times the root password. They may even be calling the same admin tool - just the initial config needed to be changed. Had the admin tool itself attempted to make such checks/decisions then it would be a nightmare to maintain.

You have your standard linux permissions, user,group,all and a couple of other things such as umask, the sticky bit and setuid - which can be fiddled with. However, they are not the only permissions: there is selinux and don't forget not every system is linux - most code runs on unix as well. Things on the BSD's, Aix and so forth don't always precisely match and as most stuff is glued together with some kind of scripting the overall best solution to this is to not make it a problem in the first place (ie: ignore it). Oh. I nearly forgot to mention those programs that refuse to run if you directly invoke them as root user.

You can of course, edit /etc/sudoers(.d) and customise sudo itself. Should you want to experiment with permissions then..

Code: Select all

$ sudo useradd -m -s /bin/bash fred
..will create user "fred" and "/home/fred/".
Log in as "fred" (set "fred" passwd first) then in conjunction with 'cat /etc/password' and 'id' it'll be apparent vary quickly just how little "fred" can do. Hint: 'usermod/groupmod' but now 'sudo' doesn't work. ;-)

Should you not like something it can usually be fixed with a script. My "apt-get update/upgrade" script is called 'svr-upd' and does quite a few things (including working on redhat systems which uses yum/dnf). Do you know what? It doesn't work properly(*). It works well enough for me but would not suit anyone else.

(*) because one of the things it does is flush the apt/yum cache to save space and can be run as the developer user without sudo which makes it dangerous.

It's mentioned below about 'apt-get update' refusing to work without root access. Security. A user could replace a package. That said, and you'd be bonkers to do this, wouldn't surprise me if judicious fiddling with file/folder permissions would see it working with non-root user.

pidd
Posts: 1910
Joined: Fri May 29, 2020 8:29 pm
Location: Wirral, UK
Contact: Website

Re: "Sudo required"

Fri Apr 16, 2021 5:52 pm

swampdog wrote:
Thu Apr 15, 2021 10:06 pm
It's mentioned below about 'apt-get update' refusing to work without root access. Security. A user could replace a package. That said, and you'd be bonkers to do this, wouldn't surprise me if judicious fiddling with file/folder permissions would see it working with non-root user.
apt update doesn't replace any packages which is why I questioned why it has to be run as root, admittedly I can't see any benefit to a non-root user running update but I don't think there is a definitive reason why they shouldn't, root controls the sources and the upgrades.

User avatar
rpdom
Posts: 18549
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: "Sudo required"

Fri Apr 16, 2021 6:49 pm

pidd wrote:
Fri Apr 16, 2021 5:52 pm
swampdog wrote:
Thu Apr 15, 2021 10:06 pm
It's mentioned below about 'apt-get update' refusing to work without root access. Security. A user could replace a package. That said, and you'd be bonkers to do this, wouldn't surprise me if judicious fiddling with file/folder permissions would see it working with non-root user.
apt update doesn't replace any packages which is why I questioned why it has to be run as root, admittedly I can't see any benefit to a non-root user running update but I don't think there is a definitive reason why they shouldn't, root controls the sources and the upgrades.
apt update on its own is fairly harmless, but you can give it options to tell it to use an alternative sources.list and many other things that could change the packages that get installed.

Also the index files (package database) that it updates is owned by root and normal users don't have write permissions to it.
Unreadable squiggle

GlowInTheDark
Posts: 1620
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Fri Apr 16, 2021 10:36 pm

I understand why it is the way it is - that is, since it is making system-wide changes - that affect all users - it needs to be limited to root. That's basic "Running a Multi-User System 101" stuff.

The problem is that that doesn't really stand up to analysis in the context of a single user system, that is intended to used much like a typical Windows system - where there's one user and that one user has all admin rights.

Yes, I know that both Windows and most/all Linux OSes that you can run on the Pi can be configured, administered, and run like Big Iron, but that's not the way they are typically used. It is not the norm.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

User avatar
thagrol
Posts: 4737
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: "Sudo required"

Fri Apr 16, 2021 11:59 pm

GlowInTheDark wrote:
Fri Apr 16, 2021 10:36 pm
I understand why it is the way it is - that is, since it is making system-wide changes - that affect all users - it needs to be limited to root. That's basic "Running a Multi-User System 101" stuff.

The problem is that that doesn't really stand up to analysis in the context of a single user system, that is intended to used much like a typical Windows system - where there's one user and that one user has all admin rights.
So what you want isn't linux, or at the least, it's a flavour of linux that has everything owned by and run by root. You could always install the desktop packages on libreelec or a similar root only OS assuming they actually have the packages you need available.

Plus would you really want you web server etc. running with root privilages?

Unlike windows, and I'm not sure even window is this basic anymore, linux is a full multiuser system. Having only one unprivilaged user and having the OS boot to a logged in desktop doesn't change that.
Yes, I know that both Windows and most/all Linux OSes that you can run on the Pi can be configured, administered, and run like Big Iron, but that's not the way they are typically used. It is not the norm.
I wouldn't want to speculate what the normal use of a Pi is. I certainly wouldn't want to use such an OS in an educational context even if the students each have their own SD card. You'll probably spend more time sorting out mistakes, maliciousness, and "I wonder what happens if I do ..." than anythign else though the current passwordless sudo isn't much better.
I'm a volunteer. Take me for granted or abuse my support and I will walk away

All advice given is based on my experience. it worked for me, it may not work for you.
Need help? https://github.com/thagrol/Guides

User avatar
jahboater
Posts: 6949
Joined: Wed Feb 04, 2015 6:38 pm
Location: Wonderful West Dorset

Re: "Sudo required"

Sat Apr 17, 2021 12:09 am

GlowInTheDark wrote:
Fri Apr 16, 2021 10:36 pm
The problem is that that doesn't really stand up to analysis in the context of a single user system, that is intended to used much like a typical Windows system - where there's one user and that one user has all admin rights.
Why not change pi's entry in /etc/passwd from

Code: Select all

pi:x:1000:1000:,,,:/home/pi:/bin/bash
to

Code: Select all

pi:x:0:0:,,,:/home/pi:/bin/bash
:)

But no, I don't want to go back to those days of old.
I don't think any modern OS is intended to be used like that.
Even though I am the only user of my Pi, the integrity of its OS is important to me, and I am happy to have to take extra steps to make possibly lethal system wide changes, and I am happy that a program I write with an error cannot destroy the machine.

Many years ago I made some silly mistake in an assembler program on MSDOS and afterwards I found that all the files on the machine had only one block! That could not happen on a multi-user machine with protection.

User avatar
Paeryn
Posts: 3237
Joined: Wed Nov 23, 2011 1:10 am
Location: Sheffield, England

Re: "Sudo required"

Sat Apr 17, 2021 1:47 am

GlowInTheDark wrote:
Fri Apr 16, 2021 10:36 pm
The problem is that that doesn't really stand up to analysis in the context of a single user system, that is intended to used much like a typical Windows system - where there's one user and that one user has all admin rights.
Therein lies the problem with your analysis, Linux isn't a single user system, it's a multi user system, and whilst you may be the only human user on your machine there are quite a few other users that can be running various services.

Is it so hard for people to learn to use an OS the way it's meant to be used, especially with so much documentation just a few keypresses / mouse clicks away?

If you want to run the system where you are logged in as the superuser all the time then by all means give root a password and log in as root (or as jahboater said, change pi's UID and GID to be 0) and knock yourself out, just don't expect any sympathy or support when it all goes pear-shaped.
She who travels light — forgot something.
Please note that my name doesn't start with the @ character so can people please stop writing it as if it does!

swampdog
Posts: 632
Joined: Fri Dec 04, 2015 11:22 am

Re: "Sudo required"

Sat Apr 17, 2021 2:21 am

GlowInTheDark wrote:
Fri Apr 16, 2021 10:36 pm
I understand why it is the way it is - that is, since it is making system-wide changes - that affect all users - it needs to be limited to root. That's basic "Running a Multi-User System 101" stuff.

The problem is that that doesn't really stand up to analysis in the context of a single user system, that is intended to used much like a typical Windows system - where there's one user and that one user has all admin rights.

Yes, I know that both Windows and most/all Linux OSes that you can run on the Pi can be configured, administered, and run like Big Iron, but that's not the way they are typically used. It is not the norm.
The windoze permissions are a nightmare https://docs.microsoft.com/en-us/window ... nds/icacls and https://docs.microsoft.com/en-us/troubl ... in-windows which is why all most folk are faced with these days, is that pesky "UAC" dialog box (which they google how to disable). That is, in fact, doing the windoze equivalent of changing user (kind-of).

It's trivial to install Cygwin ssh client on a windoze box but trying to get its "sshd" working is another matter because you run slap into that security model.

Worse. With windoze some other box has the potential change everything whenever it feels like it. That could happen when you join a domain https://docs.microsoft.com/en-us/previo ... 1(v=ws.11).

Typing "sudo" once in a while is a small price to pay! :-)

GlowInTheDark
Posts: 1620
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Sat Apr 17, 2021 6:31 am

You guys are just being silly, as usual. Have at it, Hoss!

Enjoy.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

Heater
Posts: 18032
Joined: Tue Jul 17, 2012 3:02 pm

Re: "Sudo required"

Sat Apr 17, 2021 8:41 am

GlowInTheDark wrote:
Sat Apr 17, 2021 6:31 am
You guys are just being silly, as usual. Have at it, Hoss!

Enjoy.
No. We don't enjoy people being called "silly" or otherwise insulted by someone who does not understand what people are saying clearly. Or just because of not seeing the value in what they say.

By all means run as the root user on your Pi all the time because you feel any protections offered by its permissions system are a waste of time. Just don't expect many people in the world to think that is a sensible idea.

You are also free to use any power tools you have without any safety guards or interlocks. I mean why not? You own them, you are the only user. I presume you never make mistakes. Go ahead.
Memory in C++ is a leaky abstraction .

GlowInTheDark
Posts: 1620
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Sat Apr 17, 2021 12:40 pm

More Gish Gallup.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

swampdog
Posts: 632
Joined: Fri Dec 04, 2015 11:22 am

Re: "Sudo required"

Sat Apr 17, 2021 12:51 pm

Ah. The power tool analogy. I like! :-)

Reminds me of the time someone gave me a petrol chainsaw and no protective gear. The only warning given was not to let go because the safety mechanism "was a bit dodgy" in that it didn't always halt the chain.

I was 15yrs iirc. Never used a chainsaw before but was doing odd jobs for a bit of pocket money. No 'elf 'n' safety back then. Even I thought that was dangerous but not wanting to lose out on a fair bit of cash I went wandering off to borrow a full faced motorcycle helmet. Fortunately my mate wasn't in so I had to decline the work.

Good job. When I later saw a broken motorcycle helmet and what it was made of I shudder to think what could (would) have happened.

Heater
Posts: 18032
Joined: Tue Jul 17, 2012 3:02 pm

Re: "Sudo required"

Sat Apr 17, 2021 1:14 pm

GlowInTheDark wrote:
Sat Apr 17, 2021 12:40 pm
More Gish Gallup.
Please don't use terms you clearly do not know the meaning of. That just confuses everybody.
Memory in C++ is a leaky abstraction .

GlowInTheDark
Posts: 1620
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Sat Apr 17, 2021 1:16 pm

If you followed your own advice, you'd never post at all.

Yes, it is about time the mods locked this thread.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

hippy
Posts: 9713
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: "Sudo required"

Sat Apr 17, 2021 11:45 pm

GlowInTheDark wrote:
Thu Apr 15, 2021 5:10 pm
Finally, and only tangentially related to the above, note that a really good tool would not bother warning you that you need to use sudo, but would just go ahead and re-start itself under sudo.
I have done that with some of my Python programs.
Heater wrote:
Thu Apr 15, 2021 5:52 pm
It's a logical impossibility. If a program does not have root privs how is it supposed to et the root privs required to grant itself root privs to run.
On a passwordless sudo system like a Pi it's easy; you just ask to get given them -

Code: Select all

import os, sys

if os.geteuid() != 0:
  os.system('sudo python' + str(sys.version_info[0]) + ' "' + '" "'.join(sys.argv) + '"')
  sys.exit()

print('We have sudo rights - Do whatever we want')
No, I don't expect that to work when sudo requires a password but as I'm not using something which does, I don't really care.
GlowInTheDark wrote:
Sat Apr 17, 2021 1:16 pm
Yes, it is about time the mods locked this thread.
Unfortunately that's what those who are determined to drive threads off-track want, why they do it.

GlowInTheDark
Posts: 1620
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Sat Apr 17, 2021 11:53 pm

On a passwordless sudo system like a Pi it's easy; you just ask to get given them -
Exactly. 'nuff said.

On a normally configured RPi, this is a non-issue (no matter how hard certain posters try to make it into one). If you've configured your RPi some other way, then that's your lookout. Worst case, it fails. You're no worse off than you were before.

By the way, as I mentioned earlier, the GUI "rpiclone" (aka, "SD card copier") does "sudo" behind the scenes. I've often wondered what it would do on systems w/o passwordless sudo; but I've never wondered enough to test it...
Unfortunately that's what those who are determined to drive threads off-track want, why they do it.
Exactly. 'nuff said.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

ejolson
Posts: 7114
Joined: Tue Mar 18, 2014 11:47 am

Re: "Sudo required"

Sat Apr 17, 2021 11:54 pm

hippy wrote:
Sat Apr 17, 2021 11:45 pm
GlowInTheDark wrote:
Sat Apr 17, 2021 1:16 pm
Yes, it is about time the mods locked this thread.
Unfortunately that's what those who are determined to drive threads off-track want, why they do it.
Though I'm not certain, I'm not sure even the one who asked for this thread to be locked was really trying to drive it off track.

Thanks for posting that Python code. It looks to me like sudo without a password is even more likely to cause trouble than I thought.

GlowInTheDark
Posts: 1620
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Sat Apr 17, 2021 11:55 pm

Nobody asked for this thread to be locked.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

ejolson
Posts: 7114
Joined: Tue Mar 18, 2014 11:47 am

Re: "Sudo required"

Sat Apr 17, 2021 11:56 pm

GlowInTheDark wrote:
Sat Apr 17, 2021 11:55 pm
Nobody asked for this thread to be locked.
Thanks for clarifying. It seems I misunderstood what your said before.

Return to “Off topic discussion”