You are not logged in.
Hi everyone,
So after reading some of tknomanzr's thread here: https://forums.bunsenlabs.org/viewtopic.php?id=971
and reading this article: Admin-Magazine Sudo & Policy Kits
As far as I understand it, Is it correct in assuming that a system can enforce permissions by sudo, polkits, or both? Or is it either one or the other? I can see in Debian (and inherently B.L) we don't have any sudo files or packages installed. So I assume we are dealing with permissions using polkit. (cd'ing to /usr/share/polkit-1/ confirms this..)
If so inclined though, could I install and run the sudo package and effectively have a "two factor" authorization or permission type? (the system would check both permission standards?) Or can they not co-exist peacefully?
Also is it generally accept that polkit is more granular, but less user friendly than sudo?
Last edited by Horizon_Brave (2016-01-17 05:02:35)
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
sudo isinstalled on my bl, and i'm 99.9% 100% sure it was there from the beginning.
no, i think they are just different ways to achieve the same thing: privilege escalation for certain apps/commands.
i don't know much about polkit, i guess it's better for automation, and i think it is what works with systemd, but i think you can essentially achieve the same things with both.
sudo maybe better for the manual approach: i have a script i want to run with a mouseclick, without typing my password each time - you can add that particular script to /etc/sudoers, voilá!
once you've done it succesfully (yes, please use visudo!), it's not so hard. and effective immediately.
Offline
I can see in Debian (and inherently B.L) we don't have any sudo files or packages installed
Pure Debian doesn't include sudo by default but BunsenLabs does.
In respect of the differences between polkit & sudo(8), from your link:
In contrast to sudo, PolicyKit regulates individual (system) functions.
So polkit is a framework that allows individual actions (such as drive mounting, for example) to be controlled at a fine-grained level that is impossible with /etc/sudoers
Polkit rules set the general security level on your system, which actions need which level of permission, etc, whereas sudo(8) controls who has access to those permissions.
Offline
sudo isinstalled on my bl, and i'm 99.9% 100% sure it was there from the beginning.
no, i think they are just different ways to achieve the same thing: privilege escalation for certain apps/commands.
i don't know much about polkit, i guess it's better for automation, and i think it is what works with systemd, but i think you can essentially achieve the same things with both.
sudo maybe better for the manual approach: i have a script i want to run with a mouseclick, without typing my password each time - you can add that particular script to /etc/sudoers, voilá!
once you've done it succesfully (yes, please use visudo!), it's not so hard. and effective immediately.
Hmm that's curious, any explanation for this:
The same nothingness exists for my user accounts as well
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
any explanation for this:
How did you log on to the root account?
Does `/usr/bin/sudo -i` work?
What is the output of:
apt-cache policy sudo
How did you install this system?
What have you done with it since installation?
Offline
`sudo` is included in the BL package list. The bl-welcome script needs it, so you wouldn't get very far as a noob user without it.
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
Horizon_Brave wrote:I can see in Debian (and inherently B.L) we don't have any sudo files or packages installed
Pure Debian doesn't include sudo by default but BunsenLabs does.
In respect of the differences between polkit & sudo(8), from your link:
In contrast to sudo, PolicyKit regulates individual (system) functions.
So polkit is a framework that allows individual actions (such as drive mounting, for example) to be controlled at a fine-grained level that is impossible with /etc/sudoers
Polkit rules set the general security level on your system, which actions need which level of permission, etc, whereas sudo(8) controls who has access to those permissions.
Hmm so in a nutshell. Polkits regulates what processes need what level of permission, and sudo and /etc/sudoers regulates what users can do with the levels of permissions.
So Polkits seem fairly newish, So what regulated this before? Was it all left up to sudoers?
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
Horizon_Brave wrote:any explanation for this:
How did you log on to the root account?
Does `/usr/bin/sudo -i` work?
What is the output of:
apt-cache policy sudo
How did you install this system?
What have you done with it since installation?
Hey, thanks for the quick replies, I missed your responses before I posted my previous comment. Anyway, the result of apt-cache:
And no dice with the /usr/bin/sudo doesn't even exist in that dir.
Installation was from the normal bl Hydrogen-rc1 iso on a dvd. And yea I went through the bl welcome script. Its running in a VM on Virtualbox, but that shouldn't matter.
I log into root by logging into my normal users and using su. or directly from the terminal login prompt.
Last edited by Horizon_Brave (2016-01-17 23:50:18)
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
.....
Hmm so in a nutshell. Polkits regulates what processes need what level of permission, and sudo and /etc/sudoers regulates what users can do with the levels of permissions.
So Polkits seem fairly newish, So what regulated this before? Was it all left up to sudoers?
Well, June 2009 isn't fairly newish It supercedes PolicyKit.
It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).[6] However, it may be preferable to use sudo, as this command provides more flexibility and security, in addition to being easier to configure
Did you specify a root password during the installation? I think sudo is not installed in that case.
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
Horizon_Brave wrote:.....
Hmm so in a nutshell. Polkits regulates what processes need what level of permission, and sudo and /etc/sudoers regulates what users can do with the levels of permissions.
So Polkits seem fairly newish, So what regulated this before? Was it all left up to sudoers?
Well, June 2009 isn't fairly newish
It supercedes PolicyKit.
https://en.wikipedia.org/wiki/Polkit wrote:It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).[6] However, it may be preferable to use sudo, as this command provides more flexibility and security, in addition to being easier to configure
Did you specify a root password during the installation? I think sudo is not installed in that case.
Ahh, yea that makes sense, I did give root a PW. So I suppose that would trigger it to logically cancel out th eneed for the sudo installation, since you basically enable root as a login account?
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
Please use code tags when posting terminal output.
Many of the forum users will have limited bandwidth so it helps to use text rather than images of text
If you wish to use `sudo` then see this guide:
https://wiki.debian.org/sudo
Offline
Please use code tags when posting terminal output.
Many of the forum users will have limited bandwidth so it helps to use text rather than images of text
If you wish to use `sudo` then see this guide:
https://wiki.debian.org/sudo
Whoops. I still haven't figured out how to copy and paste text from virtualbox to the host. It's why I take the screen shots
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
...
Whoops. I still haven't figured out how to copy and paste text from virtualbox to the host. It's why I take the screen shots
It is in the Machine settings, but you need Guest Additions installed first
Preparing a fresh BL install for VB Guest Additions
Last edited by damo (2016-01-18 18:38:47)
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
Horizon_Brave wrote:...
Whoops. I still haven't figured out how to copy and paste text from virtualbox to the host. It's why I take the screen shotsIt is in the Machine settings
Not to get too off track, but yea I enabled bi directional clip board sharing, but I'm not sure what key set to use to actually use it.
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
...
Not to get too off track, but yea I enabled bi directional clip board sharing, but I'm not sure what key set to use to actually use it.
If you have a problem with keys, can you highlight, r-click, copy?
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
Horizon_Brave wrote:...
Not to get too off track, but yea I enabled bi directional clip board sharing, but I'm not sure what key set to use to actually use it.
If you have a problem with keys, can you highlight, r-click, copy?
No, in this instance of BL, I'm not using any xsession. I boot straight to the console, so no right clicking, menus or anything.
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
Have you tried the pen&paper copy&paste method?
Offline
Have you tried the pen&paper copy&paste method?
hehe, it works though!
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline
damo wrote:Horizon_Brave wrote:...
Not to get too off track, but yea I enabled bi directional clip board sharing, but I'm not sure what key set to use to actually use it.
If you have a problem with keys, can you highlight, r-click, copy?
No, in this instance of BL, I'm not using any xsession. I boot straight to the console, so no right clicking, menus or anything.
I was talking about the BL terminal output in the VM. Is that not using openbox-session either?
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
Horizon_Brave wrote:damo wrote:If you have a problem with keys, can you highlight, r-click, copy?
No, in this instance of BL, I'm not using any xsession. I boot straight to the console, so no right clicking, menus or anything.
I was talking about the BL terminal output in the VM. Is that not using openbox-session either?
Yea, I have two two VM's of BL. The one I"m referring to isn't running openbox at all. No gui X at all.
"I have not failed, I have found 10,000 ways that will not work" -Edison
Offline