ColdWater
linuxmemessudo chmod -R 777 /
It's safe because it's sudo! Like sudo rm -rf /*
Back in the olden days we used to nfs mount every other machines file system on every machine. I was root and ran "rm -rf /" instead of "./".
After I realized that it was taking too long, i realized my error.
Now for the fun part. In those days nfs passed root privileges to the remote file system. I took out 2.5 machines before I killed it.
Anyone remember that nvidia fix where a space slipped in like: rm -rf / nvidia ?
I did this in a cleanup script in a make file with an undefined path that turned the pointed dir to root after a hardware change
thank rngesus I was in a user account with limited privileges
Back in the olden days we used to nfs mount every other machines file system on every machine. I was root and ran "rm -rf /" instead of "./".
I still do. With NFS4 even more than ever. Won't let it go unless for a SAN.
Now for the fun part. In those days nfs passed root privileges to the remote file system.
no_root_squash
much?
Like I said, olden days.
Holy smokes. That must have been before 1989 (that's when RFC1094 was released, explicitely prohibiting to map the root user to UID 0). I thought, I was old...
At one of my prior positions they outsourced all the junior engineers to this firm that only had windows desktop support experience.
Actual escalation I got:
contractor: I am trying to remove this file that is filling the drive but it won't let me
me: show me what you are doing.
contractor (screenshot): # rm -f /dev/hdc
another one did rm -rf /var to clear a stuck log file, which at least did solve the problem he was having.
After that I sent out an email stating that I would not help anyone who used he rm command unless they consulted with a senior first. I was later reprimanded for saying I wouldn't help people.
I was later reprimanded for saying I wouldn't help people.
I've heard that before. "No. I won't close the circuit breaker while you're holding the wires." "Boss!..."
You won’t be able to do certain things. Either .ssh or ~ expects certain exact permissions and pukes if it’s different, IIRC
Yep. I fucked up once when I meant to type chmod for something but with "./" but I missed the ".". It was not good.
utter nonsense of the deranged
It's my computer, I'll read and write what I want
A fellow nano user! There are dozens of us!
One of us! One of us!
Yeah, there is only one of you.
Gooble gobble
Hell yeah gotta embrace the pain of using archaic key bindings that you'll forget until the next time you need to edit a file in the terminal, you must suffer like man. Modem and sane terminal editors are for pussies! If it doesn't load in 0.01 ms it's bloated.. Whatever you do don't install anything like micro, just keep suffering!
Its lighter weight than vim
ed
pico gang rise up!
G T F O !
-nano4lifegang
Yikes it was just a joke guys
sorry, ill dial it down a bit
sudo = shut up dammit, obey!
::: spoiler obligatory... (well, you know the rest)
https://xkcd.com/149/ :::
personally, I prefer the good ol double bang (!!), but whatever floats yer boat, and all that.
There are many people who appreciate a double bang.
I mean if you double bang me I'm likely to do whatever you want, too.
Had an idiot "fix" a permission problem by running "sudo chmod -R 777 /"
And that is why sudo privileges were removed for the vast majority of people.
Oh... That sounds like a nightmare. How do you even fix that? There's no "revert the entire filesystem's permissions to default" button that I'm aware of
You restore the system from backup
If you are lucky your system is atomic or has other roll back feature. Otherwise it's reinstall time.
I guess you could set up a fresh system, run a script that goes through each folder checking the permission and setting it on the target system.
I think they had to reinstall. It was part of a Hadoop cluster and that was extra finicky.
seems reasonable to me, root is just a made up concept and the human owns the machine.
Shared this before, but someone I know did a chmod on /bin which nuked all the SUID/GUID bits which borked the system lol.
Surpsingly easy enough to undo by getting a list of the correct perms from a working system, but hilarious nonetheless
why tho?
If it's a file I have to modify once why would I run:
sudo chmod 774 file.conf
sudo chown myuser:myuser file.conf
vi file.conf
sudo chown root:root file.conf
sudo chmod 644 file.conf
instead of:
sudo vi file.conf
Inane. Intentionally convoluted, or someone following the absolute worst tutorials without bothering to understand anything about what they're reading.
I have questions:
- Why are your configurations world readable?
- Why are you setting the executable bit on a .conf file?
- Why change the files group alongside the owner when you've just given the owner rxw and you're going to set it back?
- If it was 644 before, why 774?
- Why even change the mode if you're going to change the ownership?
- Why do you want roots vimrc instead of your users
- Why do you hate sudoedit
- Why go out of your way to make this appear more convoluted than it actually is?
Even jokey comments can lead to people copying bad habits if it's not clear they're jokes.
This was a joke right? I was baited by your trolling?
I felt kinda bad doing that at first. then your absolute rage made my doubt's melt away.
doubt’s
I see what you did there
Anger, rage and ultimately hate
These are the emotions we feel sometimes
Getting flashbacks of me trying to explain to a mac user why using sudo "to make it work" is why he had a growing problem of needing to use sudo... (more and more files owned by root in his home folder).
Sounds like a problem fixing itself, at some point MacOS is going to have problems if it can't edit a config is my guess.
as a GUI pleb i just doubleclick the file, which opens kate.
i edit the file and click save, get asked for my password
and all is fine.
that's way too simple, the linux gods demand more esoteric suffering
How dare you use computers to do stuff the way they were invented for?
You mean sudoedit right? Right?
edit:
While there's a little bit of attention on this I also want to beg you to stop doing sudo su - and start doing sudo -i you know who you are <3
Why memorize a different command? I assume sudoedit just looks up the system's EDITOR environment variable and uses that. Is there any other benefit?
Why memorize a different command? I assume sudoedit just looks up the system’s EDITOR environment variable and uses that. Is there any other benefit?
I don't use it, but, sudoedit is a little more complicated than that.
::: spoiler details
from man sudo:
When invoked as sudoedit, the -e option (described below), is implied.
-e, --edit
Edit one or more files instead of running a command. In lieu
of a path name, the string "sudoedit" is used when consulting
the security policy. If the user is authorized by the policy,
the following steps are taken:
1. Temporary copies are made of the files to be edited with
the owner set to the invoking user.
2. The editor specified by the policy is run to edit the tem‐
porary files. The sudoers policy uses the SUDO_EDITOR,
VISUAL and EDITOR environment variables (in that order).
If none of SUDO_EDITOR, VISUAL or EDITOR are set, the
first program listed in the editor sudoers(5) option is
used.
3. If they have been modified, the temporary files are copied
back to their original location and the temporary versions
are removed.
To help prevent the editing of unauthorized files, the follow‐
ing restrictions are enforced unless explicitly allowed by the
security policy:
• Symbolic links may not be edited (version 1.8.15 and
higher).
• Symbolic links along the path to be edited are not followed
when the parent directory is writable by the invoking user
unless that user is root (version 1.8.16 and higher).
• Files located in a directory that is writable by the invok‐
ing user may not be edited unless that user is root (ver‐
sion 1.8.16 and higher).
Users are never allowed to edit device special files.
If the specified file does not exist, it will be created. Un‐
like most commands run by sudo, the editor is run with the in‐
voking user's environment unmodified. If the temporary file
becomes empty after editing, the user will be prompted before
it is installed. If, for some reason, sudo is unable to update
a file with its edited version, the user will receive a warning
and the edited copy will remain in a temporary file.
:::
tldr: it makes a copy of the file-to-be-edited in a temp directory, owned by you, and then runs your $EDITOR as your normal user (so, with your normal editor config)
note that sudo also includes a similar command which is specifically for editing /etc/sudoers, called visudo 🤪
visudo is a life-saver since it adds some checks to prevent you from breaking your sudo configuration and locking you out of your system.
It doesn't edit the file directly, it creates a temp file that replaces the file when saving. It means that the editor is run as the user, not as root.
So it opens the file in your editor, since you have read access to it. Then saves your changes to a temp file. Then when you close the editor it does a sudo mv tmpfile readfile?
I checked this by checking the file ownership when running touch myself. The file is owned by root. sudo nano myself also creates a file owned by root. sudoedit myself bitches at me not to run it in a writable directory.
sudoedit: myself: editing files in a writable directory is not permitted
So I ran it in a non-writable directory and the resulting file is still owned by root.
So is the advantage of sudoedit preventing a possible escalation of privileges situation?
For me personally the advantage is that since the editor is opened by your user, it has all of the same config that I'm used to (such as my souped up Neovim config).
Whereas if you sudo nvim /path/to/file then the editor is opened as root and you don't have the same configuration.
That's a pretty big advantage actually. Thanks!
I just make /root/.config/nvim a symlink to ~/.config/nvim and running nvim as root gives me all the same settings I'm used to. (I'd rather not run nvim-qt as root though, so in that case sudoedit is useful.)
Yes, and it also lets me use my neovim config.
I know this is a meme community, but a modicum of effort IS warranted IMO. https://superuser.com/questions/785187/sudoedit-why-use-it-over-sudo-vi is the top result of a search for "why use sudoedit" and a pretty good answer. "man sudoedit" also explains it pretty well, as shown by another commenter.
Hey, even memes can lead to learning opportunities!
From the arch wiki
sudo -e {file}
Set SUDO_EDITOR in your profile to the editor of your choice, benefit is it retains your user profile for that editor, it's also less to type. For stuff like editing sudoers you're supposed to use visudo to edit that. Others can probably give better/more thorough reasons to consider it.
Correct but it uses the SUDO_EDITOR environment variable. The benefit is more security while editing system files, it creates a temporary file and when you finish it writes changes to the original. There is more to it but that is all I know, it prevents some exploits.
I believe sudoedit disables being able to spawn commands from the editor. In vi, I think it was :!<command>
Sorry, user babe is not in the sudoers file. This incident will be reported
All incidents are reported directly to Stallman.
Torvalds would like to have a word with you
I don't think Torvalds wants to receive any reports.
sudo dolphin
Then I act like a Windows user and go there via the GUI because I didn't feel like learning how to use nano.
If you're running dolphin as sudo and open like a text file in an editor, does it edit the file with sudo?
When you run a process under sudo, it will be running as the root user. Processes that that process launches will also be running as the root user; new processes run as the same user as their parent process.
So internally, no, it won't result in another invocation of sudo. But those processes a dolphin process running as root starts will be running as the root user, same as if you had individually invoked them via sudo.
But in my experience Dolphin refuses to run via sudo anyway.
Does it let you do that?
Also it may fail to connect to the compositor
Add admin:// in Dolphin (so /etc/sudoers.conf.d/ turns into admin:///etc/sudoers.conf.d/)
Try installing micro, it's a 21st century terminal editor
If your file is not in your home directory, you shouldn't do chmod or chown in any other file
What if I make my home /
I'll create directories via sudo in /var/log, /var/lib etc and then chown to the user that the systemd service will be running as.
You meant sudo vim, ok?
(disclaimer: joke. Let the unholy war start)
Do people really war over nano vs vi?
I get the vi vs emacs war, but are people really willing to die on a hill over nano?
Not willing to die over this comment. Hear me out for a second. I recognize how powerful vi (is it neovim these days?) is. But I could never play games with those awful hjkl keys for navigation, I hate them. Also, I don't have to memorize nano. All the key combos are listed on the bottom. So it requires less mental load.
Some guys at my company actually do ;)
We have nano on our servers, but not vim
That’s crazy.
Isn’t vi installed by default on most *nix distros?
Damn, that one I did not test. Will check and see
Great one. Many thanks!
I think you mean sudoedit file
eww.
neovim is better.
LOL, gtfo with that nonsense!
hmmm... looks like emacs doesn't have a lemmy extension yet.
:w !sudo tee %
now i feel shame. I used to love breaking my xorg.conf in nano
Why does it have to be transcribed into numbers anyway?
Doesn't have to. You can also do something like
chmod +rw ./filename
Total noob. Any experienced user knows it's
run0 micro file.txt
How dare you using a 21st century terminal editor that keeps you sane? You're supposed to learn a whole new set of archaic key bindings! And suffer!
If it’s all my system should I really care about chown and chmod? Is the point that automatic processes with user names like www-data have to make edits, and need permission to do so, and that’s it?
Newish Linux user btw
Short answer: yes.
One of the tenets of security is that a user or process should have only enough access to do what it needs, and then no more. So your web server, your user account, to your mail server, should have exactly what they need, and usually that's been intricately planned by the distro.
If you subvert it you could be writing files as root that www-data now can't read or write. This kind of error is sometimes obvious and sometimes very subtle.
Especially if you're new to this different access model, tread carefully.
Great news! If you mess it up, many distros are really great at allowing you to compare permissions and reset them. The bad news is that maybe you're not on one of those. But you could be okay.
Thanks for the explanation!
In addition to corsicanguppy's comment, some — often important — programs actually expect the system to be secured in a particular way and will refuse to function if things don't look right.
Now, you'd be right to expect that closing down permissions too tightly could break a system, but people have actually broken their systems by setting permissions too openly on the wrong things as well.
That said, for general, everyday use, those commands don't need to be used much, and there might even be a way to do what they do from your chosen GUI. Even so, it nice to know they're there and what they do for those rare occasions when they might be needed.
Right, phew, I was kind of worried I should have been editing more of these but I suppose it’s mostly just as I add certain software or features
I'm not sure if that's the joke and it flew over my head but isn't editing with sudo what you should be doing anyway if it's a system level file? You shouldn't change permissions unless the file is actually supposed to be owned by your user.
You are supposed to run sudoedit.
This command creates a temporary copy, opens it in you editor of choice and overwrites the protected file when the temp file changes.
That way the editor doesn't run as root.
You can see the difference if you run shell command, like whoami, in vim.
Ah, thanks for clarifying. I hadn't heard of sudoedit before but that makes a lot of sense.
This is definitely the way for configuration files that you shouldn't change permissions or ownership on but only want to modify a few times.
However, I find chmod easier to use without reference by using the ugoa (+/-) rwxXst syntax rather than the numbers.
vi
What happened with frog_brawler?
mousepad enters the conversation
