Fake sudo?

Gary C Martin gary at garycmartin.com
Wed Nov 26 15:00:52 EST 2008


On 26 Nov 2008, at 15:32, pgf at laptop.org wrote:

> gary c martin wrote:
>>
>> 	 "standard in must be a tty"
>>
>> After much poking I discovered sudo on the XO was a custom script
>> using su (su does not allow non ttys to become privileged, only the
>> real sudo).
>>
>> Just curious as to the need for this change, though any hints to a
>> workaround would be much appreciated :-) I'm assuming it was added  
>> for
>> something security related, as a yum install of the real sudo seems  
>> to
>> suggest it's just an extra ~200k (though it fails to install due to a
>> conflict with olpcsudo-1.2-1.noarch).
>
> as i understand it, the script is a result of some older releases
> going out using su, later releases going out using sudo, but that
> change broke compatibility with the "su"-based releases, so scott's
> reimplementation was an attempt to combine the commonly use cases
> into one script.  i hit the "must be a tty" issue as well -- i've
> used this really ugly workaround
>    xterm -e 'su -c "command1; command2"'
> since that provides the needed tty but i'm sure (or, rather, i
> hope) there's a better way.

Thanks, I think :-) Seeing you had a possible (but unpleasant)  
solution kept me digging... and it would seem to be embarrassingly  
obvious once you know. Digging for ways of making a pseudo tty, it  
turns out ssh already offers that option, and a simple ssh -t seems to  
make su and the fake sudo script happy again.

--Gary

> (this works for me because the commands are run from my .xsession.
> in your case (remote via ssh) you'd need to set DISPLAY to
> localhost:0 for this to work, and you might need an "xhost +"
> beforehand to allow that.  not sure.  ymmv.)
>
> paul
> =---------------------
> paul fox, pgf at laptop.org
> give one laptop, get one laptop --- http://www.amazon.com/xo
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel




More information about the Devel mailing list