invoking password-less sudo via xbindkeys
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I tried to set up key bindings for changing the virtual terminal (VT) in X, as described in this post. Typing sudo chvt $(($XDG_VTNR-1)) into a terminal emulator appropriately changes the VT. However, I find that running chvt with elevated privileges works only when executed as a command to a terminal emulator (e.g., xterm -e), a requirement that I am trying to circumvent.
To describe my setup:
The following line was added to /etc/sudoers:
me ALL=NOPASSWD:/bin/chvt
where me is the output of whoami. I also tried variations on this line (e.g., me ALL=(ALL) NOPASSWD:/bin/chvt and me ALL=(ALL:ALL) NOPASSWD:/bin/chvt)
To ~/.xbindkeysrc, I added key bindings, either:
"sudo chvt $(($XDG_VTNR-1))"
alt + c:113
"sudo chvt $(($XDG_VTNR+1))"
alt + c:114
or
"sudo chvt $(($XDG_VTNR-1))"
m:0x8 + c:113
"sudo chvt $(($XDG_VTNR+1))"
m:0x8 + c:114
The first was suggested by the author of the linked post and the latter was determined by running xbindkeys -k on my system.
The key bindings failed and I ran xbindkeys in non-daemon mode to investigate. Pressing Alt+left or Alt+right while running xbindkeys -n gives the following error:
sudo: no tty present and no askpass program specified
Changing the command in ~/.xbindkeysrc to xterm -e sudo chvt ... produces a working key binding (but at the cost of opening an xterm instance and prompting for a password), which confirms that the lack of a tty is the issue. How can the invocation of sudo in .xbindkeys be achieved without first summoning a terminal?
System details: debian v9.2., dwm v6.1, openbox v.3.6.1, xbindkeys v1.8.6, sudo v1.8.19p1
sudo xbindkeys chvt
asked Oct 30 '17 at 19:33
user001
1,47231936
add a comment |Â
up vote
1
down vote
favorite
I tried to set up key bindings for changing the virtual terminal (VT) in X, as described in this post. Typing sudo chvt $(($XDG_VTNR-1)) into a terminal emulator appropriately changes the VT. However, I find that running chvt with elevated privileges works only when executed as a command to a terminal emulator (e.g., xterm -e), a requirement that I am trying to circumvent.
To describe my setup:
The following line was added to /etc/sudoers:
me ALL=NOPASSWD:/bin/chvt
where me is the output of whoami. I also tried variations on this line (e.g., me ALL=(ALL) NOPASSWD:/bin/chvt and me ALL=(ALL:ALL) NOPASSWD:/bin/chvt)
To ~/.xbindkeysrc, I added key bindings, either:
"sudo chvt $(($XDG_VTNR-1))"
alt + c:113
"sudo chvt $(($XDG_VTNR+1))"
alt + c:114
or
"sudo chvt $(($XDG_VTNR-1))"
m:0x8 + c:113
"sudo chvt $(($XDG_VTNR+1))"
m:0x8 + c:114
The first was suggested by the author of the linked post and the latter was determined by running xbindkeys -k on my system.
The key bindings failed and I ran xbindkeys in non-daemon mode to investigate. Pressing Alt+left or Alt+right while running xbindkeys -n gives the following error:
sudo: no tty present and no askpass program specified
Changing the command in ~/.xbindkeysrc to xterm -e sudo chvt ... produces a working key binding (but at the cost of opening an xterm instance and prompting for a password), which confirms that the lack of a tty is the issue. How can the invocation of sudo in .xbindkeys be achieved without first summoning a terminal?
System details: debian v9.2., dwm v6.1, openbox v.3.6.1, xbindkeys v1.8.6, sudo v1.8.19p1
sudo xbindkeys chvt
asked Oct 30 '17 at 19:33
user001
1,47231936
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I tried to set up key bindings for changing the virtual terminal (VT) in X, as described in this post. Typing sudo chvt $(($XDG_VTNR-1)) into a terminal emulator appropriately changes the VT. However, I find that running chvt with elevated privileges works only when executed as a command to a terminal emulator (e.g., xterm -e), a requirement that I am trying to circumvent.
To describe my setup:
The following line was added to /etc/sudoers:
me ALL=NOPASSWD:/bin/chvt
where me is the output of whoami. I also tried variations on this line (e.g., me ALL=(ALL) NOPASSWD:/bin/chvt and me ALL=(ALL:ALL) NOPASSWD:/bin/chvt)
To ~/.xbindkeysrc, I added key bindings, either:
"sudo chvt $(($XDG_VTNR-1))"
alt + c:113
"sudo chvt $(($XDG_VTNR+1))"
alt + c:114
or
"sudo chvt $(($XDG_VTNR-1))"
m:0x8 + c:113
"sudo chvt $(($XDG_VTNR+1))"
m:0x8 + c:114
The first was suggested by the author of the linked post and the latter was determined by running xbindkeys -k on my system.
The key bindings failed and I ran xbindkeys in non-daemon mode to investigate. Pressing Alt+left or Alt+right while running xbindkeys -n gives the following error:
sudo: no tty present and no askpass program specified
Changing the command in ~/.xbindkeysrc to xterm -e sudo chvt ... produces a working key binding (but at the cost of opening an xterm instance and prompting for a password), which confirms that the lack of a tty is the issue. How can the invocation of sudo in .xbindkeys be achieved without first summoning a terminal?
System details: debian v9.2., dwm v6.1, openbox v.3.6.1, xbindkeys v1.8.6, sudo v1.8.19p1
sudo xbindkeys chvt
asked Oct 30 '17 at 19:33
user001
1,47231936
I tried to set up key bindings for changing the virtual terminal (VT) in X, as described in this post. Typing sudo chvt $(($XDG_VTNR-1)) into a terminal emulator appropriately changes the VT. However, I find that running chvt with elevated privileges works only when executed as a command to a terminal emulator (e.g., xterm -e), a requirement that I am trying to circumvent.
To describe my setup:
The following line was added to /etc/sudoers:
me ALL=NOPASSWD:/bin/chvt
where me is the output of whoami. I also tried variations on this line (e.g., me ALL=(ALL) NOPASSWD:/bin/chvt and me ALL=(ALL:ALL) NOPASSWD:/bin/chvt)
To ~/.xbindkeysrc, I added key bindings, either:
"sudo chvt $(($XDG_VTNR-1))"
alt + c:113
"sudo chvt $(($XDG_VTNR+1))"
alt + c:114
or
"sudo chvt $(($XDG_VTNR-1))"
m:0x8 + c:113
"sudo chvt $(($XDG_VTNR+1))"
m:0x8 + c:114
The first was suggested by the author of the linked post and the latter was determined by running xbindkeys -k on my system.
The key bindings failed and I ran xbindkeys in non-daemon mode to investigate. Pressing Alt+left or Alt+right while running xbindkeys -n gives the following error:
sudo: no tty present and no askpass program specified
Changing the command in ~/.xbindkeysrc to xterm -e sudo chvt ... produces a working key binding (but at the cost of opening an xterm instance and prompting for a password), which confirms that the lack of a tty is the issue. How can the invocation of sudo in .xbindkeys be achieved without first summoning a terminal?
System details: debian v9.2., dwm v6.1, openbox v.3.6.1, xbindkeys v1.8.6, sudo v1.8.19p1
sudo xbindkeys chvt
asked Oct 30 '17 at 19:33
user001
1,47231936
asked Oct 30 '17 at 19:33
user001
1,47231936
asked Oct 30 '17 at 19:33
user001
1,47231936
asked Oct 30 '17 at 19:33
user001
1,47231936
1,47231936
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
The security-sensible default (or at least put in your distribution's default sudoers) is to not allow a sudo command without a tty, in order to prevent privilege escalation from a breach in an application. The command run with a shortcut has no tty, so it won't run. You could disable this setting globally, but it's better to disable it for everything except this command. The option is named requiretty:
Cmnd_Alias CHVT = /bin/chvt
me ALL = NOPASSWD: CHVT
Defaults!CHVT !requiretty
The first ! means what follows is a Cmnd_Alias, the second ! is the logical not operator. So running chvt is exempted from requiretty. Here the use of Cmnd_Alias wasn't needed, but should you use a command with options, or want to disable requiretty for two commands the syntax requires it.
NOTE: Some other settings might cancel some of these lines. So putting it last in sudoers might be required. It appears the OP also needed to do this to have it working, perhaps because of %sudo ALL=(ALL:ALL) ALL
answered Oct 30 '17 at 20:04
A.B
3,4901621
Thanks for the helpful explanation. I get the same error message ("sudo: no tty/askpass ...") after adding what you wrote to/etc/sudoers. If I omitsudofrom thexbindkeysfile, then I instead getCouldn't get a file descriptor referring to the consol(which is the same error I get when typingchvt Ninto a terminal withoutsudo).
– user001
Oct 30 '17 at 20:18
usesudo -land see if you seeDefaults!/bin/chvt !requirettyin the result. Maybe an other part of your configuration erases this setting
– A.B
Oct 30 '17 at 20:39
Yes, it is present: "Runas and Command-specific defaults for <me>: Defaults!/bin/chvt !requiretty" (command alias substitution has taken place). I might also note that my/etc/sudoersfile does not setrequirettygenerally.
– user001
Oct 30 '17 at 20:43
Same result:$ setsid sudo chvt 7 </dev/null n sudo: no tty present and no askpass program specified
– user001
Oct 30 '17 at 20:47
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
The security-sensible default (or at least put in your distribution's default sudoers) is to not allow a sudo command without a tty, in order to prevent privilege escalation from a breach in an application. The command run with a shortcut has no tty, so it won't run. You could disable this setting globally, but it's better to disable it for everything except this command. The option is named requiretty:
Cmnd_Alias CHVT = /bin/chvt
me ALL = NOPASSWD: CHVT
Defaults!CHVT !requiretty
The first ! means what follows is a Cmnd_Alias, the second ! is the logical not operator. So running chvt is exempted from requiretty. Here the use of Cmnd_Alias wasn't needed, but should you use a command with options, or want to disable requiretty for two commands the syntax requires it.
NOTE: Some other settings might cancel some of these lines. So putting it last in sudoers might be required. It appears the OP also needed to do this to have it working, perhaps because of %sudo ALL=(ALL:ALL) ALL
answered Oct 30 '17 at 20:04
A.B
3,4901621
Thanks for the helpful explanation. I get the same error message ("sudo: no tty/askpass ...") after adding what you wrote to/etc/sudoers. If I omitsudofrom thexbindkeysfile, then I instead getCouldn't get a file descriptor referring to the consol(which is the same error I get when typingchvt Ninto a terminal withoutsudo).
– user001
Oct 30 '17 at 20:18
usesudo -land see if you seeDefaults!/bin/chvt !requirettyin the result. Maybe an other part of your configuration erases this setting
– A.B
Oct 30 '17 at 20:39
Yes, it is present: "Runas and Command-specific defaults for <me>: Defaults!/bin/chvt !requiretty" (command alias substitution has taken place). I might also note that my/etc/sudoersfile does not setrequirettygenerally.
– user001
Oct 30 '17 at 20:43
Same result:$ setsid sudo chvt 7 </dev/null n sudo: no tty present and no askpass program specified
– user001
Oct 30 '17 at 20:47
add a comment |Â
up vote
1
down vote
accepted
The security-sensible default (or at least put in your distribution's default sudoers) is to not allow a sudo command without a tty, in order to prevent privilege escalation from a breach in an application. The command run with a shortcut has no tty, so it won't run. You could disable this setting globally, but it's better to disable it for everything except this command. The option is named requiretty:
Cmnd_Alias CHVT = /bin/chvt
me ALL = NOPASSWD: CHVT
Defaults!CHVT !requiretty
The first ! means what follows is a Cmnd_Alias, the second ! is the logical not operator. So running chvt is exempted from requiretty. Here the use of Cmnd_Alias wasn't needed, but should you use a command with options, or want to disable requiretty for two commands the syntax requires it.
NOTE: Some other settings might cancel some of these lines. So putting it last in sudoers might be required. It appears the OP also needed to do this to have it working, perhaps because of %sudo ALL=(ALL:ALL) ALL
answered Oct 30 '17 at 20:04
A.B
3,4901621
Thanks for the helpful explanation. I get the same error message ("sudo: no tty/askpass ...") after adding what you wrote to/etc/sudoers. If I omitsudofrom thexbindkeysfile, then I instead getCouldn't get a file descriptor referring to the consol(which is the same error I get when typingchvt Ninto a terminal withoutsudo).
– user001
Oct 30 '17 at 20:18
usesudo -land see if you seeDefaults!/bin/chvt !requirettyin the result. Maybe an other part of your configuration erases this setting
– A.B
Oct 30 '17 at 20:39
Yes, it is present: "Runas and Command-specific defaults for <me>: Defaults!/bin/chvt !requiretty" (command alias substitution has taken place). I might also note that my/etc/sudoersfile does not setrequirettygenerally.
– user001
Oct 30 '17 at 20:43
Same result:$ setsid sudo chvt 7 </dev/null n sudo: no tty present and no askpass program specified
– user001
Oct 30 '17 at 20:47
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
The security-sensible default (or at least put in your distribution's default sudoers) is to not allow a sudo command without a tty, in order to prevent privilege escalation from a breach in an application. The command run with a shortcut has no tty, so it won't run. You could disable this setting globally, but it's better to disable it for everything except this command. The option is named requiretty:
Cmnd_Alias CHVT = /bin/chvt
me ALL = NOPASSWD: CHVT
Defaults!CHVT !requiretty
The first ! means what follows is a Cmnd_Alias, the second ! is the logical not operator. So running chvt is exempted from requiretty. Here the use of Cmnd_Alias wasn't needed, but should you use a command with options, or want to disable requiretty for two commands the syntax requires it.
NOTE: Some other settings might cancel some of these lines. So putting it last in sudoers might be required. It appears the OP also needed to do this to have it working, perhaps because of %sudo ALL=(ALL:ALL) ALL
answered Oct 30 '17 at 20:04
A.B
3,4901621
The security-sensible default (or at least put in your distribution's default sudoers) is to not allow a sudo command without a tty, in order to prevent privilege escalation from a breach in an application. The command run with a shortcut has no tty, so it won't run. You could disable this setting globally, but it's better to disable it for everything except this command. The option is named requiretty:
Cmnd_Alias CHVT = /bin/chvt
me ALL = NOPASSWD: CHVT
Defaults!CHVT !requiretty
The first ! means what follows is a Cmnd_Alias, the second ! is the logical not operator. So running chvt is exempted from requiretty. Here the use of Cmnd_Alias wasn't needed, but should you use a command with options, or want to disable requiretty for two commands the syntax requires it.
NOTE: Some other settings might cancel some of these lines. So putting it last in sudoers might be required. It appears the OP also needed to do this to have it working, perhaps because of %sudo ALL=(ALL:ALL) ALL
answered Oct 30 '17 at 20:04
A.B
3,4901621
edited Oct 30 '17 at 21:02
answered Oct 30 '17 at 20:04
A.B
3,4901621
answered Oct 30 '17 at 20:04
A.B
3,4901621
answered Oct 30 '17 at 20:04
A.B
3,4901621
3,4901621
Thanks for the helpful explanation. I get the same error message ("sudo: no tty/askpass ...") after adding what you wrote to/etc/sudoers. If I omitsudofrom thexbindkeysfile, then I instead getCouldn't get a file descriptor referring to the consol(which is the same error I get when typingchvt Ninto a terminal withoutsudo).
– user001
Oct 30 '17 at 20:18
usesudo -land see if you seeDefaults!/bin/chvt !requirettyin the result. Maybe an other part of your configuration erases this setting
– A.B
Oct 30 '17 at 20:39
Yes, it is present: "Runas and Command-specific defaults for <me>: Defaults!/bin/chvt !requiretty" (command alias substitution has taken place). I might also note that my/etc/sudoersfile does not setrequirettygenerally.
– user001
Oct 30 '17 at 20:43
Same result:$ setsid sudo chvt 7 </dev/null n sudo: no tty present and no askpass program specified
– user001
Oct 30 '17 at 20:47
add a comment |Â
Thanks for the helpful explanation. I get the same error message ("sudo: no tty/askpass ...") after adding what you wrote to/etc/sudoers. If I omitsudofrom thexbindkeysfile, then I instead getCouldn't get a file descriptor referring to the consol(which is the same error I get when typingchvt Ninto a terminal withoutsudo).
– user001
Oct 30 '17 at 20:18
usesudo -land see if you seeDefaults!/bin/chvt !requirettyin the result. Maybe an other part of your configuration erases this setting
– A.B
Oct 30 '17 at 20:39
Yes, it is present: "Runas and Command-specific defaults for <me>: Defaults!/bin/chvt !requiretty" (command alias substitution has taken place). I might also note that my/etc/sudoersfile does not setrequirettygenerally.
– user001
Oct 30 '17 at 20:43
Same result:$ setsid sudo chvt 7 </dev/null n sudo: no tty present and no askpass program specified
– user001
Oct 30 '17 at 20:47
Thanks for the helpful explanation. I get the same error message ("sudo: no tty/askpass ...") after adding what you wrote to
/etc/sudoers. If I omit sudo from the xbindkeys file, then I instead get Couldn't get a file descriptor referring to the consol (which is the same error I get when typing chvt N into a terminal without sudo).– user001
Oct 30 '17 at 20:18
Thanks for the helpful explanation. I get the same error message ("sudo: no tty/askpass ...") after adding what you wrote to
/etc/sudoers. If I omit sudo from the xbindkeys file, then I instead get Couldn't get a file descriptor referring to the consol (which is the same error I get when typing chvt N into a terminal without sudo).– user001
Oct 30 '17 at 20:18
use
sudo -l and see if you see Defaults!/bin/chvt !requiretty in the result. Maybe an other part of your configuration erases this setting– A.B
Oct 30 '17 at 20:39
use
sudo -l and see if you see Defaults!/bin/chvt !requiretty in the result. Maybe an other part of your configuration erases this setting– A.B
Oct 30 '17 at 20:39
Yes, it is present: "Runas and Command-specific defaults for <me>: Defaults!/bin/chvt !requiretty" (command alias substitution has taken place). I might also note that my
/etc/sudoers file does not set requiretty generally.– user001
Oct 30 '17 at 20:43
Yes, it is present: "Runas and Command-specific defaults for <me>: Defaults!/bin/chvt !requiretty" (command alias substitution has taken place). I might also note that my
/etc/sudoers file does not set requiretty generally.– user001
Oct 30 '17 at 20:43
Same result:
$ setsid sudo chvt 7 </dev/null n sudo: no tty present and no askpass program specified– user001
Oct 30 '17 at 20:47
Same result:
$ setsid sudo chvt 7 </dev/null n sudo: no tty present and no askpass program specified– user001
Oct 30 '17 at 20:47
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f401466%2finvoking-password-less-sudo-via-xbindkeys%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
