KIAUH asks for a sudo password even if sudo does not require a password. #395

New Issue

Closed

opened 2023-10-30 05:11:17 +01:00 by LoganDark · 15 comments

LoganDark commented 2023-10-30 05:11:17 +01:00 (Migrated from github.com)

Copy Link

Linux Distribution

Raspberry Pi OS (Legacy) Lite (Debian Bullseye)

What happened

KIAUH asks for a sudo password.

What did you expect to happen

KIAUH should just run sudo, because I have pi ALL=(ALL) NOPASSWD:ALL in the sudoers file, and it does not require a password.

How to reproduce

Put pi ALL=(ALL) NOPASSWD:ALL in the sudoers file and then run KIAUH. It will ask for a sudo password despite not needing one.

Additional information

This makes it impossible to use KIAUH unless you set a password for pi, which I don't like to have to do because I prefer key authentication for its security.

### Linux Distribution Raspberry Pi OS (Legacy) Lite (Debian Bullseye) ### What happened KIAUH asks for a sudo password. ### What did you expect to happen KIAUH should just run sudo, because I have `pi ALL=(ALL) NOPASSWD:ALL` in the sudoers file, and it does not require a password. ### How to reproduce Put `pi ALL=(ALL) NOPASSWD:ALL` in the sudoers file and then run KIAUH. It will ask for a sudo password despite not needing one. ### Additional information This makes it impossible to use KIAUH unless you set a password for `pi`, which I don't like to have to do because I prefer key authentication for its security.

EricZimmerman commented 2023-12-17 05:38:40 +01:00 (Migrated from github.com)

Copy Link

there is still a password on the account, no? i am in the same boat, NOPASSWD set, public/private key auth, and it worked fine afaik

there is still a password on the account, no? i am in the same boat, NOPASSWD set, public/private key auth, and it worked fine afaik

LoganDark commented 2023-12-17 05:39:39 +01:00 (Migrated from github.com)

Copy Link

there is still a password on the account, no?

But sudo does not require one and sudo is what this script is using so there's no reason for it to ask for my password.

> there is still a password on the account, no? But `sudo` does not require one and `sudo` is what this script is using so there's no reason for it to ask for my password.

dw-0 commented 2023-12-17 11:38:19 +01:00 (Migrated from github.com)

Copy Link

I assume it's a misconfiguration of your sudoers file. I can't reproduce it. Make sure there are no group privileges overwriting the user priviliges.

I assume it's a misconfiguration of your sudoers file. I can't reproduce it. Make sure there are no group privileges overwriting the user priviliges.

LoganDark commented 2023-12-17 11:39:48 +01:00 (Migrated from github.com)

Copy Link

I assume it's a misconfiguration of your sudoers file.

It's... not? I can log in at any time and run any command using sudo, absolutely no problem. But when I try to run KIAUH, it asks me for a password anyway, even though sudo certainly and absolutely does not require one. I had to run a sudo passwd just to set a password to use for KIAUH.

> I assume it's a misconfiguration of your sudoers file. It's... not? I can log in at any time and run any command using `sudo`, absolutely no problem. But when I try to run KIAUH, it asks me for a password anyway, even though `sudo` *certainly and absolutely does not require one*. I had to run a `sudo passwd` *just to set a password to use for KIAUH*.

dw-0 commented 2023-12-17 11:47:38 +01:00 (Migrated from github.com)

Copy Link

Well, as i don't know the content of your sudoers file, i can just make assumptions.

For example, my user is part of the sudo group:

-> i'l' still get asked for the sudo password.
But:

-> i'll not be asked for the password.

That's where my assumption came from.

Well, as i don't know the content of your sudoers file, i can just make assumptions. For example, my user is part of the sudo group:  -> i'l' still get asked for the sudo password. But:  -> i'll not be asked for the password. That's where my assumption came from.

LoganDark commented 2023-12-17 11:49:38 +01:00 (Migrated from github.com)

Copy Link

I added my user at the bottom of the file, so that seems fine. I'm no longer using the system that had this issue since I gave up on 3D printing. Can you share what sudo command KIAUH uses in order to ask for the password? Is there a way to just make it not do that?

I added my user at the bottom of the file, so that seems fine. I'm no longer using the system that had this issue since I gave up on 3D printing. Can you share what sudo command KIAUH uses in order to ask for the password? Is there a way to just make it not do that?

dw-0 commented 2023-12-17 11:53:05 +01:00 (Migrated from github.com)

Copy Link

Can you share what sudo command KIAUH uses in order to ask for the password?

What do you mean what sudo command? There is only one sudo command -> sudo 😅
It's mainly used in cases where KIAUH does something in terms of checking system packages. Updating the package list, getting the age of the last update of that list. How should KIAUH prevent a user getting asked for a password it its a system-level thing if not configured otherwise?

https://github.com/dw-0/kiauh/blob/master/scripts/ui/install_menu.sh#L38
Probably the very virst occurence of sudo if a user opens KIAUH for the first time.

> Can you share what sudo command KIAUH uses in order to ask for the password? What do you mean what sudo command? There is only one sudo command -> `sudo` 😅 It's mainly used in cases where KIAUH does something in terms of checking system packages. Updating the package list, getting the age of the last update of that list. How should KIAUH prevent a user getting asked for a password it its a system-level thing if not configured otherwise? https://github.com/dw-0/kiauh/blob/master/scripts/ui/install_menu.sh#L38 Probably the very virst occurence of `sudo` if a user opens KIAUH for the first time.

👎 1

LoganDark commented 2023-12-17 11:54:05 +01:00 (Migrated from github.com)

Copy Link

Found it:

7a9e752f9c/scripts/ui/install_menu.sh (L38)

sudo -v: asks the user for a password, no exceptions. Forces sudo to ask for a password even if NOPASSWD is set.

It's not my fault.

I absolutely do configure it otherwise, but again, KIAUH forces sudo to ask for a password, even if it's not necessary.

Use sudo something without -v for this. Maybe sudo true?

Found it: https://github.com/dw-0/kiauh/blob/7a9e752f9ca3297fbca311d5fbb1d95da3093cac/scripts/ui/install_menu.sh#L38 `sudo -v`: asks the user for a password, no exceptions. Forces sudo to ask for a password even if NOPASSWD is set. It's not my fault. I absolutely do configure it otherwise, but again, KIAUH forces sudo to ask for a password, even if it's not necessary. Use sudo something without `-v` for this. Maybe `sudo true`?

dw-0 commented 2023-12-17 11:59:00 +01:00 (Migrated from github.com)

Copy Link

And sudo true won't ask you for password? It does for me.

And `sudo true` won't ask you for password? It does for me.

LoganDark commented 2023-12-17 11:59:44 +01:00 (Migrated from github.com)

Copy Link

And sudo true won't ask you for password? It does for me.

That's correct, it won't ask me for a password because the sudoers file tells it not to. sudo -v forces it to ask for a password even if sudoers says NOPASSWD:ALL. sudo true only asks for a password if it actually needs one.

> And `sudo true` won't ask you for password? It does for me. That's correct, it won't ask me for a password because the sudoers file tells it not to. `sudo -v` forces it to ask for a password even if sudoers says `NOPASSWD:ALL`. `sudo true` only asks for a password if it actually needs one.

dw-0 commented 2023-12-17 12:08:49 +01:00 (Migrated from github.com)

Copy Link

Okay, i can switch that command to use "true" instead.

Okay, i can switch that command to use "true" instead.

🎉 1

LoganDark commented 2023-12-17 12:11:08 +01:00 (Migrated from github.com)

Copy Link

thank you!

thank you!

dw-0 commented 2023-12-17 12:19:40 +01:00 (Migrated from github.com)

Copy Link

Thank you for making me aware of an alternative.

Thank you for making me aware of an alternative.

👍 1

randellhodges commented 2024-01-01 04:57:33 +01:00 (Migrated from github.com)

Copy Link

Looks like it needs adjusted in another spot.

Looks like it needs adjusted in another spot. 

dw-0 commented 2024-01-01 20:05:40 +01:00 (Migrated from github.com)

Copy Link

Looks like it needs adjusted in another spot.

Thank you for the hint! I pushed a commit with that change.

> Looks like it needs adjusted in another spot. > >  Thank you for the hint! I pushed a commit with that change.

❤️ 1

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

feat/obico-for-v6

kiauh-v6-dev

v4

develop

v3

v2

v5.0.0

v4.0.0

v3.1.0

v3.0.0

v2.0.0

Labels

Clear labels

🐛 bug

Something isn't working

can't reproduce

➕ community extension

crowsnest

duplicate

This issue or pull request already exists

✨ feature request

New feature or request

fluidd

Something that is fluidd related

improvement

improvement of existing features/code

invalid

klipper

Something that is klipper related

klipperscreen

Something that is klipperscreen related

mainsail

Something that is mainsail related

mobileraker

moonraker

Something that is moonraker related

not kiauh

not planned

octoeverywhere

Something that is OctoEverywhere related

❓ question

Further information is requested

💤 stale

todo

wontfix

This will not be worked on

No Label improvement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

h3n3

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: h3n3/kiauh#395