Web lists-archives.com

Re: Running GParted and Synaptic without entering password




On 05/13/2018 09:09 AM, tomas@xxxxxxxxxx wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, May 13, 2018 at 08:18:26AM -0500, Richard Owlett wrote:
The underlying problem is not understanding what I read concerning
sudo &/or /etc/sudoers (*INCLUDING* man pages).

Only *ONE* individual has physical access to my _personal_ machine.
Therefore, any distinction between 'richard' and 'root' is
inherently artificial.

Not so fast. A small flaw in your browser might allow it to run as
you and try some shenanigan as root: you'd notice it by "something"
asking for your credentials unexpectedly...

You have moths in your logic (cf. https://en.wikipedia.org/wiki/Grace_Hopper):
  Moth, the first:
      When asked for unexpected permission, "Just say NO"
      [If doubtful, then dirty ;]
  Moth, the second:
      What if I had been logged in as root?


The result I wish to achieve is to click on the icon for either
GParted or Synaptic *WITHOUT* being asked for a password (either
root's or user's).

I've found vague hints that adding a line to my local /etc/sudoers file
such as
   richard     ALL = /usr/sbin/gparted , /usr/sbin/synaptic
would accomplish my goal.
Is that correct?

Also my reading suggested that adding myself to sudoers group would
be required.

This has an undesired side effect. I'm asked for my user password
instead of my root password. I currently have four different
installs of Debian each having an intentionally identical sets of
UID, GID, and passwords. No matter which install is active, if asked
for an admin
password I want it to be the 'root password'

Assuming your desktop environment plays well along with sudo (I
think the Gnome derivatives do, but I'll leave that answer to
someone more versed in that) see the manpage for sudoers:

It was only a WAG (wild a????? guess) that sudo might be appropriate ;}



    User Authentication
      The sudoers security policy requires that most users
      authenticate themselves before they can use sudo.  A password
      is not required if the invoking user is root, if the target
      user is the same as the invoking user, or if the policy has
      disabled authentication for the user or command.  Unlike
      su(1), when sudoers requires authentication, it validates
      the invoking user's credentials, not the target user's (or
      root's) credentials.  This can be changed via the rootpw,
      targetpw and runaspw flags, described later.

*ROFL*
That paragraph was one of the explicit reasons I wrote:> The underlying problem is not understanding what I read concerning sudo
&/or /etc/sudoers (*INCLUDING* man pages).

CAVEAT LECTORS:
I have a history of problems asking questions on this forum:
  1. I prefer to ask narrowly focused questions.
     That gets response "Tell us more".
  2. If my original question has details, the responses I get can be
     summed up by somebody's signature tag line -"Universal advice --
     DON'T do that". [should that *ROFL* or "weep weep"?]

P.S.    You have been saved from a plethora of bad puns.
P.P.S.  I've read several articles on "how to ask questions".
        None address my balancing act quandary ;/

*P.P.P.S.*
A definite thank you to all who attempt to answer my questions ;)