cancel
Showing results for 
Search instead for 
Did you mean: 
Trevor
Starfighter Starfighter
Starfighter
  • 1,784 Views

sudo voodoo

Jump to solution

Hello all,

Time for a little something to stretch the mind.  Had a little situation involving the "sudo" mechanism.  

I was doing a litlle work with kernel tunables, and was attempting to modify one of the tunables by adding a file to the /etc/sysctl.d directory.  When executing my commands, I was logged as a non-privileged user.  However, I promise you, I have my sudo configuration setup properly.  I've executed commands with the greatest of ease using "sudo", until I was blind-sided with not being able to perform a task which definitely qualifies - at least I thought so - as "low-hanging fruit".

Okay, already someone is saying that my "sudo" config is not setup properly.  I get it - end users are NOT to be trusted    So, here's my entry in my /etc/sudoers file:

            ec2-user  ALL=(ALL)   NOPASSWD:  ALL


Now, here's the command that I executed, that is prompting this post:

sudo echo   vm.swappiness=42   >>   /etc/sysctl.d/swap.conf
-bash: /etc/sysctl.d/swap.conf: Permission denied

Whooooooooa!  Stop the presses!!!  What's going on here?   

Okay, so the first elementary thing to look at is the permission settings on the /etc/sysctl.d directory:     

      drwxr-xr-x. 2 root root 41 Dec 12 19:55 /etc/sysctl.d

Okay, so the permissions on the directory are not an issue.

I promise, the issue is NOT with my sudoers file!!!!  It's not something quirky involving kernel tunables and/or the /etc/sysctl.d directory.  Okay, that's all I'm  guaranteeing.   I don't want to lead you in any particular direction.  I'll say this much, don't put your focus on anything related to kernel tunables.  Alright, I've said enough

My question: Where's the issue?   What's the problem?

 

 

 

 

 

Trevor "Red Hat Evangelist" Chandler
Labels (3)
0 Kudos
2 Solutions

Accepted Solutions
Trevor
Starfighter Starfighter
Starfighter
  • 1,758 Views

Ding!  Ding!  Ding!

That's great work Fran!!!  You get the prize!!!
I'm not sure what it is just yet, but you get it

Your response is definitely one approach to
the resolution.  Great work!!!

 

Trevor "Red Hat Evangelist" Chandler

View solution in original post

0 Kudos
EmanuelHaine
Flight Engineer
Flight Engineer
  • 1,679 Views

@Trevor

Thanks for bringing this question to the Learn Platform.

@Fran_Garcia 

Great answer. I wasn't aware of that. In fact, I haven't had a situation like this.

 

I was taking a look at sudo's man page and I saw another way for this case:

sudo bash -c "echo vm.swappiness=42 >> /etc/sysctl.d/swap.conf"

It's the same concept with a different code.

 

View solution in original post

4 Replies
Fran_Garcia
Starfighter Starfighter
Starfighter
  • 1,770 Views

hi there

This is a known gotcha of sudo / bash shell interaction . Your echo is indeed run by root with sudo, but your file redirection (>>  /etc/sysctl.d/swap.conf) is not, because that's processed in the context of the user that runs the current bash process.

A workaround for that is:

 

echo "content" | sudo tee -a /etc/foo.conf

 

In this case, the writing is performed by tee, which is run by root

 

Hope this helps!

 

Fran

Trevor
Starfighter Starfighter
Starfighter
  • 1,759 Views

Ding!  Ding!  Ding!

That's great work Fran!!!  You get the prize!!!
I'm not sure what it is just yet, but you get it

Your response is definitely one approach to
the resolution.  Great work!!!

 

Trevor "Red Hat Evangelist" Chandler
0 Kudos
EmanuelHaine
Flight Engineer
Flight Engineer
  • 1,680 Views

@Trevor

Thanks for bringing this question to the Learn Platform.

@Fran_Garcia 

Great answer. I wasn't aware of that. In fact, I haven't had a situation like this.

 

I was taking a look at sudo's man page and I saw another way for this case:

sudo bash -c "echo vm.swappiness=42 >> /etc/sysctl.d/swap.conf"

It's the same concept with a different code.

 

Trevor
Starfighter Starfighter
Starfighter
  • 1,671 Views

Ding!  Ding!  Ding!

Gotta ring the bell for you as well Emanuel!!!  
Your solution is right on point!!!

Thank you for taking the time to look at the
post, and for providing a solution.

Hope you're safe and well!!!

Trevor "Red Hat Evangelist" Chandler
Join the discussion
You must log in to join this conversation.