Fedora – Prompt for sudo password rather than give access error

fedorarootsudo

Can I configure Fedora 22 so anything needing root privileges asks for a password, rather than giving an error, and needing me to re-run with sudo? I wouldn't even mind having to type my password every time, without the few minute (or whatever it is) timer that it remembers the password for.

i.e. Instead of:

$ dnf history
You don't have access to the history DB.

It would:

$ dnf history
[sudo] password for <username>:

I think some of the gui apps do that, like the gui yum frontend back when I had that installed.

I'm thinking not… That it would be up to each app to implement this. But, I'm hoping it might instead be that apps say root privilege is needed, and there might be some way for the kernel (or wherever else) to remain in a blocking input stage (for the password) before returning whether the user has access.

Best Answer

You could use the python script thefuck available on github. This script is designed to correct the last command you ran incorrectly for a few use cases and forgetting to use sudo is one of them.

From their examples:

➜ apt-get install vim
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

➜ fuck
sudo apt-get install vim
[sudo] password for nvbn:
Reading package lists... Done

This behavior is from the sudo rule you can enable:

sudo – prepends sudo to previous command if it failed because of permissions;

If this doesn't work out of the box for dnf it should be straightforward to create a custom rule to do so.

Related Solutions

Linux – How does sudo remember you already entered root’s password

Where is this information stored?

It's probably under /var/db/sudo or /var/run/sudo and you'll probably find directories of usernames with files under them ordered by tty number.

The actual privileges granted, including how long the sessions lasts before you have to enter your password again depends on how sudoers is setup. There's settings to grant/restrict a lot of different things, but those aren't stored in these files which only store timestamps. How long a session lasts, or when sudo needs to prompt for your password again, is determined by a delta of current time and the session timestamp in this directory, and how long sudo is setup to allow a session to last.

Ssh – Obtain sudo priviledge without sudo password

In the past this would have been doable without Alice’s help, since sudo’s tokens were valid across terminal sessions: Bob could just wait for Alice to authenticate with sudo, then use sudo himself without having to enter a password.

Even with per-terminal tokens, obtaining Alice’s password is relatively easy in the scenario described here, as long as Alice doesn’t check her environment thoroughly all the time:

using Alice’s account, create ~/.bin/sudo with something like

#!/bin/sh
if [ $# = 0 ]; then exec /usr/bin/sudo; fi
if [ ! -f ~/.bin/alices-password ]; then
  echo -n "[sudo] password for $USER: "
  read -s password
  echo
  echo ${password} > ~/.bin/alices-password
  sleep 2
  echo "Sorry, try again."
  /usr/bin/sudo -k
fi
exec /usr/bin/sudo "$@"

add ~/.bin to the path, in the appropriate rc-file depending on which shell Alice uses;
wait for Alice to use sudo in a shell which has noticed the presence of ~/.bin/sudo...

Bob can wait for a password to appear in ~/.bin/alices-password and try it himself before disabling the special variant (doing that in an unobtrusive way is left as an exercise for the reader — remember that the shell caches paths...).

There are a few subtleties in the script above, in particular sudo -k which ensures that “Sorry, try again.” will actually be followed by sudo asking for a password. The script could be improved further, that’s another exercise for the reader!

As you might imagine, this isn’t the only approach...

Best Answer

Related Solutions

Linux – How does sudo remember you already entered root’s password

Ssh – Obtain sudo priviledge without sudo password

Related Question