AUR, Yaourt, packer and sudo password.

saronno · 2014-04-10 01:14:53

I have an annoying problem after some upgrades.
When yaourt (but it's the same with packer) ask me for root password (sudo)
it doesn't recognize it.
But if I put the password of the user I am logged in for yaourt (and packer) is fine.

How the hell is this possible?

Thanks.

Last edited by saronno (2014-04-10 01:15:29)

jasonwryan · 2014-04-10 01:23:38

Moving to AUR issues...

Scimmia · 2014-04-10 01:40:14

https://bbs.archlinux.org/viewtopic.php?id=178776
https://bbs.archlinux.org/viewtopic.php?id=179011

clfarron4 · 2014-04-10 10:08:13

saronno wrote:

I have an annoying problem after some upgrades.
When yaourt (but it's the same with packer) ask me for root password (sudo)
it doesn't recognize it.
But if I put the password of the user I am logged in for yaourt (and packer) is fine.
How the hell is this possible?
Thanks.

Just installed yaourt to look into this for you (aren't you special). Here's what happens when I am logged in as me and I issue "yaourt -Syu":

claire ~ % yaourt -Syu
[sudo] password for claire:

It asks me for my passphrase, not root's...

saronno · 2014-04-11 11:09:20

clfarron4 wrote:

It asks me for my passphrase, not root's...

In my case ...

[saronno@----- ~]$ yaourt -Syu
[sudo] password for root:

Anyway I don't understand why it should ask user password for a privileged action.

Last edited by saronno (2014-04-11 11:11:40)

Trilby · 2014-04-11 11:12:55

saronno wrote:

Anyway I don't understand why it should ask user password for a privileged action.

Because it uses sudo - that's what sudo does.

If the user is in the sudoers file as being able to do such things.

sudo != su.

If everyone authorized to use sudo were to know the root password, then sudo would serve no purpose.

Last edited by Trilby (2014-04-11 11:14:24)

drcouzelis · 2014-04-11 12:32:31

saronno wrote:

In my case ...

[saronno@----- ~]$ yaourt -Syu
[sudo] password for root:

What is the output of "alias yaourt"? And "which yaourt"?

Do you actually have "sudo" installed? Did you configure it? What is in the file "/etc/sudoers"?

saronno · 2014-04-11 12:34:04

Trilby wrote:

saronno wrote:
Anyway I don't understand why it should ask user password for a privileged action.
Because it uses sudo - that's what sudo does.
If the user is in the sudoers file as being able to do such things.
sudo != su.
If everyone authorized to use sudo were to know the root password, then sudo would serve no purpose.

You are right .... just a question then ...

If my user is part of sudo group with %sudo ALL=(ALL) ALL
and during surfing my browser was hit by a 0-day attack,
the attacker can easily run privileged command using sudo
.. am I right?

Oxyd · 2014-04-11 12:52:42

saronno wrote:

If my user is part of sudo group with %sudo ALL=(ALL) ALL
and during surfing my browser was hit by a 0-day attack,
the attacker can easily run privileged command using sudo
.. am I right?

If the attacker gets access to your shell and the attacker knows your password, then yes.

saronno · 2014-04-11 13:24:07

Oxyd wrote:

saronno wrote:
If my user is part of sudo group with %sudo ALL=(ALL) ALL
and during surfing my browser was hit by a 0-day attack,
the attacker can easily run privileged command using sudo
.. am I right?
If the attacker gets access to your shell and the attacker knows your password, then yes.

It seems far more secure to use "su" to me ....

The Black Fox · 2014-04-11 13:48:36

Su vs sudo aren't really anymore secure than the other, if he has access into your machine, you're already screwed unless you know how he got in. If you're worried about such a thing you may need to look at a 2-factor PAM, such as the Google Authenticator version: https://aur.archlinux.org/packages/goog … libpam-git

That will ensure even if an attacker knows your password, then he can't do any privileged action for either user and you have way more time to find out how he is getting in and patch the hole.

saronno · 2014-04-11 22:14:21

The Black Fox wrote:

Su vs sudo aren't really anymore secure than the other, if he has access into your machine, you're already screwed unless you know how he got in.

If he's still a limited user the damaged will be limited.
I disagree. This is the same idea that make people to surf
the web with administrator account.

If you're worried about such a thing you may need to look at a 2-factor PAM, such as the Google Authenticator version: https://aur.archlinux.org/packages/goog … libpam-git

I am developing a custom tomoyo policy .. so in the end I will use MAC.
am I worried? Aren't you?

That will ensure even if an attacker knows your password, then he can't do any privileged action for either user and you have way more time to find out how he is getting in and patch the hole.

Sincerely I prefer MAC approach. Anyway I disinstalled sudo ...

Trilby · 2014-04-11 22:16:57

Sudo doesn't allow anyone logged in as the user run any command. Sudo still requires the user password even when one is already logged in as that user.

So the logic behind your argument rests on the assumption that it is harder for an attacker to get your root user password than it is to get your regular user password. This assumption does not seem to hold up.

motozirillo · 2016-01-26 20:17:51

I'm experiencing similar behavior: first packer asks for my user password [sudo]. If I do not enter it in a timely matter (who has the time to watch 20 npm modules build?) packer asks for the root password on the next line.

Could this be an issue with sudo?

Trilby · 2016-01-26 20:42:33

motozirillo wrote:

Could this be an issue with sudo?

No.

Please do not "necrobump" old threads - I fail to see that your issue is related, or even an issue at all. It is how packer is likely defined. If sudo fails, it attempts to use su.

Closed.

Arch Linux

#1 2014-04-10 01:14:53

AUR, Yaourt, packer and sudo password.

#2 2014-04-10 01:23:38

Re: AUR, Yaourt, packer and sudo password.

#3 2014-04-10 01:40:14

Re: AUR, Yaourt, packer and sudo password.

#4 2014-04-10 10:08:13

Re: AUR, Yaourt, packer and sudo password.

#5 2014-04-11 11:09:20

Re: AUR, Yaourt, packer and sudo password.

#6 2014-04-11 11:12:55

Re: AUR, Yaourt, packer and sudo password.

#7 2014-04-11 12:32:31

Re: AUR, Yaourt, packer and sudo password.

#8 2014-04-11 12:34:04

Re: AUR, Yaourt, packer and sudo password.

#9 2014-04-11 12:52:42

Re: AUR, Yaourt, packer and sudo password.

#10 2014-04-11 13:24:07

Re: AUR, Yaourt, packer and sudo password.

#11 2014-04-11 13:48:36

Re: AUR, Yaourt, packer and sudo password.

#12 2014-04-11 22:14:21

Re: AUR, Yaourt, packer and sudo password.

#13 2014-04-11 22:16:57

Re: AUR, Yaourt, packer and sudo password.

#14 2016-01-26 20:17:51

Re: AUR, Yaourt, packer and sudo password.

#15 2016-01-26 20:42:33

Re: AUR, Yaourt, packer and sudo password.

Board footer