Trevor
Starfighter Starfighter
Starfighter
  • 1,470 Views

sudo voodoo

Jump to solution

Hello all,

Time for a little something to stretch the mind.  Had a little situation involving the "sudo" mechanism.  

I was doing a litlle work with kernel tunables, and was attempting to modify one of the tunables by adding a file to the /etc/sysctl.d directory.  When executing my commands, I was logged as a non-privileged user.  However, I promise you, I have my sudo configuration setup properly.  I've executed commands with the greatest of ease using "sudo", until I was blind-sided with not being able to perform a task which definitely qualifies - at least I thought so - as "low-hanging fruit".

Okay, already someone is saying that my "sudo" config is not setup properly.  I get it - end users are NOT to be trusted    So, here's my entry in my /etc/sudoers file:

            ec2-user  ALL=(ALL)   NOPASSWD:  ALL


Now, here's the command that I executed, that is prompting this post:

sudo echo   vm.swappiness=42   >>   /etc/sysctl.d/swap.conf
-bash: /etc/sysctl.d/swap.conf: Permission denied

Whooooooooa!  Stop the presses!!!  What's going on here?   

Okay, so the first elementary thing to look at is the permission settings on the /etc/sysctl.d directory:     

      drwxr-xr-x. 2 root root 41 Dec 12 19:55 /etc/sysctl.d

Okay, so the permissions on the directory are not an issue.

I promise, the issue is NOT with my sudoers file!!!!  It's not something quirky involving kernel tunables and/or the /etc/sysctl.d directory.  Okay, that's all I'm  guaranteeing.   I don't want to lead you in any particular direction.  I'll say this much, don't put your focus on anything related to kernel tunables.  Alright, I've said enough

My question: Where's the issue?   What's the problem?

 

 

 

 

 

Trevor "Red Hat Evangelist" Chandler
Labels (3)
0 Kudos
2 Solutions

Accepted Solutions
Trevor
Starfighter Starfighter
Starfighter
  • 1,444 Views

Ding!  Ding!  Ding!

That's great work Fran!!!  You get the prize!!!
I'm not sure what it is just yet, but you get it

Your response is definitely one approach to
the resolution.  Great work!!!

 

Trevor "Red Hat Evangelist" Chandler

View solution in original post

0 Kudos
EmanuelHaine
Flight Engineer
Flight Engineer
  • 1,365 Views

@Trevor

Thanks for bringing this question to the Learn Platform.

@Fran_Garcia 

Great answer. I wasn't aware of that. In fact, I haven't had a situation like this.

 

I was taking a look at sudo's man page and I saw another way for this case:

sudo bash -c "echo vm.swappiness=42 >> /etc/sysctl.d/swap.conf"

It's the same concept with a different code.

 

View solution in original post

4 Replies
Fran_Garcia
Starfighter Starfighter
Starfighter
  • 1,456 Views

hi there

This is a known gotcha of sudo / bash shell interaction . Your echo is indeed run by root with sudo, but your file redirection (>>  /etc/sysctl.d/swap.conf) is not, because that's processed in the context of the user that runs the current bash process.

A workaround for that is:

 

echo "content" | sudo tee -a /etc/foo.conf

 

In this case, the writing is performed by tee, which is run by root

 

Hope this helps!

 

Fran

Trevor
Starfighter Starfighter
Starfighter
  • 1,445 Views

Ding!  Ding!  Ding!

That's great work Fran!!!  You get the prize!!!
I'm not sure what it is just yet, but you get it

Your response is definitely one approach to
the resolution.  Great work!!!

 

Trevor "Red Hat Evangelist" Chandler
0 Kudos
EmanuelHaine
Flight Engineer
Flight Engineer
  • 1,366 Views

@Trevor

Thanks for bringing this question to the Learn Platform.

@Fran_Garcia 

Great answer. I wasn't aware of that. In fact, I haven't had a situation like this.

 

I was taking a look at sudo's man page and I saw another way for this case:

sudo bash -c "echo vm.swappiness=42 >> /etc/sysctl.d/swap.conf"

It's the same concept with a different code.

 

Trevor
Starfighter Starfighter
Starfighter
  • 1,357 Views

Ding!  Ding!  Ding!

Gotta ring the bell for you as well Emanuel!!!  
Your solution is right on point!!!

Thank you for taking the time to look at the
post, and for providing a solution.

Hope you're safe and well!!!

Trevor "Red Hat Evangelist" Chandler
Join the discussion
You must log in to join this conversation.