[opensuse] BASH .bashrc su question
Listmates, Someone more clever than I must surely have solved this. How can I set through .bashrc or some other more secure way, the ability to alias "su" with its password so I don't have to type my root password every time I su. I have a very secure pw that is a bear to type 50 times a day. alias su='su; <password>' or alias su='su root <password>' or alias su='su root; <password>' Don't work. It almost looks like it would take a separate script to handle the "Password: " chat that su returns. Does anyone have a solution for this? P.S. http://www.novell.com/coolsolutions/tools/17142.html has a number of good .bashrc examples. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 16 January 2008 20:19:57 David C. Rankin wrote:
Listmates,
Someone more clever than I must surely have solved this. How can I set through .bashrc or some other more secure way, the ability to alias "su" with its password so I don't have to type my root password every time I su. I have a very secure pw that is a bear to type 50 times a day.
alias su='su; <password>' or alias su='su root <password>' or alias su='su root; <password>'
Don't work. It almost looks like it would take a separate script to handle the "Password: " chat that su returns. Does anyone have a solution for this?
You want 'sudo'. It is configurable to select which commands can be run as root, even "ALL" if you choose. In the default setup, you don't have to enter the root password, but your own user password instead, or none at all if you think your user password is secure enough. It will remember for a brief, configurable period of time that you entered your password, and will allow succeeding commands to be run without re-entering it. If you want to start a root bash shell, instead of entering 'su -' and entering the root password, enter 'sudo -i' and enter (in the default configuration) your user password. See 'man sudo' and 'man sudoers' Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Cunning wrote:
On Wednesday 16 January 2008 20:19:57 David C. Rankin wrote:
Listmates,
Someone more clever than I must surely have solved this. How can I set through .bashrc or some other more secure way, the ability to alias "su" with its password so I don't have to type my root password every time I su. I have a very secure pw that is a bear to type 50 times a day.
alias su='su; <password>' or alias su='su root <password>' or alias su='su root; <password>'
Don't work. It almost looks like it would take a separate script to handle the "Password: " chat that su returns. Does anyone have a solution for this?
You want 'sudo'. It is configurable to select which commands can be run as root, even "ALL" if you choose. In the default setup,you don't have to enter the root password, but your own user password instead, or none at all if you think your user password is secure enough. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
that makes absolutely ZERO sense. If his password is insecure to an outsider, then forcing an intruder to type it a 2nd time for sudo access is still just as insecure. The no-password option should NEVER be used for sudo. it's just asking for trouble when some random bozo walks up to your desk while you're in a meeting.
It will remember for a brief, configurable period of time that you entered your password, and will allow succeeding commands to be run without re-entering it.
If you want to start a root bash shell, instead of entering 'su -' and entering the root password, enter 'sudo -i' and enter (in the default configuration) your user password.
See 'man sudo' and 'man sudoers'
Jim
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 16 January 2008 21:48, Aaron Kulkis wrote:
... that makes absolutely ZERO sense.
If his password is insecure to an outsider, then forcing an intruder to type it a 2nd time for sudo access is still just as insecure.
Duh. Insecure passwords are insecure. Nothing will change that.
The no-password option should NEVER be used for sudo. it's just asking for trouble when some random bozo walks up to your desk while you're in a meeting.
Choose a suitable timeout. Besides, no one works with "random bozos." They work with their co-workers. (And their cow-orkers.) Randall Schulz -- Be afraid. Be very afraid. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Randall R Schulz wrote:
On Wednesday 16 January 2008 21:48, Aaron Kulkis wrote:
... that makes absolutely ZERO sense.
If his password is insecure to an outsider, then forcing an intruder to type it a 2nd time for sudo access is still just as insecure.
Duh. Insecure passwords are insecure. Nothing will change that.
The no-password option should NEVER be used for sudo. it's just asking for trouble when some random bozo walks up to your desk while you're in a meeting.
Choose a suitable timeout.
Besides, no one works with "random bozos." They work with their co-workers. (And their cow-orkers.)
I stand corrected... Screened and hired bozos. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Aaron Kulkis wrote:
The no-password option should NEVER be used for sudo. it's just asking for trouble when some random bozo walks up to your desk while you're in a meeting.
I lock my screen whenever I walk away from my desk. The random bozos can't do jack. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joe Sloan wrote:
Aaron Kulkis wrote:
The no-password option should NEVER be used for sudo. it's just asking for trouble when some random bozo walks up to your desk while you're in a meeting.
I lock my screen whenever I walk away from my desk. The random bozos can't do jack.
That works well for people who are in the habit of doing so...but I don't assume that for anyone if I've never been able to observe their computer usage. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 16 January 2008 20:19, David C. Rankin wrote:
Listmates,
Someone more clever than I must surely have solved this. How can I set through .bashrc or some other more secure way, the ability to alias "su" with its password so I don't have to type my root password every time I su. I have a very secure pw that is a bear to type 50 times a day.
...
In addition to Jim C.'s suggestions, you can also start an interactive shell via su (or sudo) and then use the built-in "suspend" command to go back to the non-root shell from which it was invoked. Then you can re-enter it using the usual job-control commands. The shell will only honor a "suspend" command when it's not a login shell, so you don't have to worry about suspending a shell with no other shell "above" it to handle the suspended process state. Even better (this is what I do), open a separate tab (or two) in Konsole in which you run a root shell and leave it run permanently. You just switch to that tab and run commands that require root privileges. I use a different Konsole "scheme" (color pattern) to give me a visual cue about which kind of shell I'm interacting with. Konsole also shows a distinctive tab icon for root shells.
-- David C. Rankin
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2008-01-16 at 21:12 -0800, Randall R Schulz wrote:
On Wednesday 16 January 2008 20:19, David C. Rankin wrote:
Listmates,
Even better (this is what I do), open a separate tab (or two) in Konsole in which you run a root shell and leave it run permanently. You just switch to that tab and run commands that require root privileges. I use a different Konsole "scheme" (color pattern) to give me a visual cue about which kind of shell I'm interacting with. Konsole also shows a distinctive tab icon for root shells.
Randall Schulz
that _may_ be safe enough for you behind a locked KDE screen, but please don't try that concept at an alternate (f3 etc) tty. Even if your f7 is in screen lock, a simple switch to f3 (if you had a root parked there) would be devastating to your day. Tom in NM -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 17 January 2008 19:29, Tom Patton wrote:
On Wed, 2008-01-16 at 21:12 -0800, Randall R Schulz wrote:
On Wednesday 16 January 2008 20:19, David C. Rankin wrote:
Listmates,
Even better (this is what I do), open a separate tab (or two) in Konsole in which you run a root shell and leave it run permanently. ...
Randall Schulz
that _may_ be safe enough for you behind a locked KDE screen, but please don't try that concept at an alternate (f3 etc) tty. Even if your f7 is in screen lock, a simple switch to f3 (if you had a root parked there) would be devastating to your day.
You think my cat's going to do something nefarious?
Tom in NM
RRS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2008-01-17 at 19:49 -0800, Randall R Schulz wrote:
On Thursday 17 January 2008 19:29, Tom Patton wrote:
You think my cat's going to do something nefarious?
Can you _really_ trust a cat??? ;-) Tom
Tom in NM
RRS
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 17 January 2008 21:21, Tom Patton wrote:
On Thu, 2008-01-17 at 19:49 -0800, Randall R Schulz wrote:
On Thursday 17 January 2008 19:29, Tom Patton wrote:
You think my cat's going to do something nefarious?
Can you _really_ trust a cat??? ;-) Tom
Oh, yeah. I feed him! All in all, I get along with non-human animals much better than I do with the whole sapiens sapiens brood... RRS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Randall R Schulz wrote:
On Thursday 17 January 2008 21:21, Tom Patton wrote:
On Thu, 2008-01-17 at 19:49 -0800, Randall R Schulz wrote:
On Thursday 17 January 2008 19:29, Tom Patton wrote:
You think my cat's going to do something nefarious? Can you _really_ trust a cat??? ;-) Tom
Oh, yeah. I feed him!
Bring food to a dog for a month, and the dog thinks you are God. Bring food to a cat for a month, and the cat thinks IT is God.
All in all, I get along with non-human animals much better than I do with the whole sapiens sapiens brood...
RRS
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Tom Patton wrote:
On Thu, 2008-01-17 at 19:49 -0800, Randall R Schulz wrote:
On Thursday 17 January 2008 19:29, Tom Patton wrote: You think my cat's going to do something nefarious?
Can you _really_ trust a cat???
Nope. They seem to think that keyboards are lounging furniture Especially in winter. And even more when they're hungry. Or when they're jealous because you're giving the keyboard much more attention than them. It's no wonder cats are women's favorite pets... Every cat is some woman's alter-ego. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I have a very cute door thing that says 'beware of dog, and the cat is not very trustworthy either' -----Original Message----- From: Tom Patton [mailto:thpnalb@micro-net.com] Sent: Friday, January 18, 2008 12:22 AM To: opensuse@opensuse.org Subject: Re: [opensuse] BASH .bashrc su question On Thu, 2008-01-17 at 19:49 -0800, Randall R Schulz wrote:
On Thursday 17 January 2008 19:29, Tom Patton wrote:
You think my cat's going to do something nefarious?
Can you _really_ trust a cat??? ;-) Tom
Tom in NM
RRS
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Randall R Schulz wrote:
On Thursday 17 January 2008 19:29, Tom Patton wrote:
On Wednesday 16 January 2008 20:19, David C. Rankin wrote:
Listmates, Even better (this is what I do), open a separate tab (or two) in Konsole in which you run a root shell and leave it run permanently. ...
Randall Schulz
On Wed, 2008-01-16 at 21:12 -0800, Randall R Schulz wrote: that _may_ be safe enough for you behind a locked KDE screen, but please don't try that concept at an alternate (f3 etc) tty. Even if your f7 is in screen lock, a simple switch to f3 (if you had a root parked there) would be devastating to your day.
You think my cat's going to do something nefarious?
you never know... kitty feet have been known to press amazingly damaging unix commands... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin wrote:
Listmates,
Someone more clever than I must surely have solved this. How can I set through .bashrc or some other more secure way, the ability to alias "su" with its password so I don't have to type my root password every time I su. I have a very secure pw that is a bear to type 50 times a day.
alias su='su; <password>' or alias su='su root <password>' or alias su='su root; <password>'
Don't work. It almost looks like it would take a separate script to handle the "Password: " chat that su returns. Does anyone have a solution for this?
1. man sudo or 2. don't exit of your su session 50 times per day, try scaling back to, say, exiting your su session 5 times per day. If you're sitting at your desk, there's no reason to exit your su-ed shell immediately -- you're still sitting in front of the keyboard. I generally keep my su's in a konsole with a different colored background than the other ones... that way, it's easy to find.
P.S. http://www.novell.com/coolsolutions/tools/17142.html has a number of good .bashrc examples.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 16 Jan 2008 22:19:57 -0600, David C. Rankin wrote:
Someone more clever than I must surely have solved this. How can I set through .bashrc or some other more secure way, the ability to alias "su" with its password so I don't have to type my root password every time I su.
I use ssh on localhost for such purposes. Just add your ssh key to root's .ssh/authorized_keys and then use 'ssh root@localhost' to either get a root shell or run commands (which may require X11 forwarding set for ssh). Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin wrote:
Listmates,
Someone more clever than I must surely have solved this. How can I set through .bashrc or some other more secure way, the ability to alias "su" with its password so I don't have to type my root password every time I su. I have a very secure pw that is a bear to type 50 times a day.
alias su='su; <password>' or alias su='su root <password>' or alias su='su root; <password>'
Don't work. It almost looks like it would take a separate script to handle the "Password: " chat that su returns. Does anyone have a solution for this?
P.S. http://www.novell.com/coolsolutions/tools/17142.html has a number of good .bashrc examples.
Another solution may be to use libpam-keyring. It only works for GNOME logins, and I've only used it under Debian 4.0. You could have a look at the other PAM modules, too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (9)
-
Aaron Kulkis
-
David C. Rankin
-
Jim Cunning
-
Joe Sloan
-
Kain, Becki (B.)
-
Philipp Thomas
-
Randall R Schulz
-
Russell Jones
-
Tom Patton