You are not logged in.
Hey guys,
I need someone to review my visudo or suggest an alternative for adjusting the display brightness on my laptop. This is the command I use:
sudo /bin/sh -c 'echo 50 > /proc/acpi/video/VID1/LCD0/brightness'
That works fine, except it always asks for a password. I cannot figure out how to make sudo not ask for a password. Here's relevant portions of my sudoers:
Cmnd_Alias HALT = /sbin/halt
Cmnd_Alias BRIGHTNESS1 = /bin/sh -c 'echo 50 > /proc/acpi/video/VID1/LCD0/brightness'
Cmnd_Alias BRIGHTNESS2 = /bin/sh -c 'echo 100 > /proc/acpi/video/VID1/LCD0/brightness'
dusty ALL=NOPASSWD: HALT
dusty ALL=NOPASSWD: BRIGHTNESS1
dusty ALL=NOPASSWD: BRIGHTNESS2
The halt command runs without running a password, but the brightness commands always ask for a password.
Can anyone see what's wrong with this sudoers? Alternatively, does anyone know how I can give my user permissions to access /proc/acpi/video/VID1/LCD0/brightness? The permissions are currently -rw-r--r-- 1 root root. I'm sure I could chown or chmod it, but I'm also sure they would come up that way again after a reboot -- where would I adjust it permanently?
Thanks,
Dusty
Offline
I don't think the Cmnd_Alias's for your brightness can work that way - I think the spaces within the command are not good.
My suggestion is to put these commands in a shell script in /usr/bin (or elsewhere in your path) and then add the NOPASSWD line for these scripts. Also alias command='sudo command' in your .bashc
Offline
The problem is that sudo isn't matching the command correctly.
sudo is interpreting what's inside the single quotes as the argument to /bin/sh -c,
instead of interpreting the single quotes as part of the argument.
So the solution is to just add another pair of single quotes so that the inner pair
of quotes will be taken as part of the argument:
/bin/sh -c ''echo 50 > /proc/acpi/video/VID1/LCD0/brightness''
Hmm...bolding single quotes doesn't have much effect, but I think you see what I mean.
Last edited by veek (2008-03-03 04:05:57)
Offline
So the solution is to just add another pair of single quotes so that the inner pair
of quotes will be taken as part of the argument:/bin/sh -c ''echo 50 > /proc/acpi/video/VID1/LCD0/brightness''
.
Hmm,
I tried that, but it still prompts for a password.
Cmnd_Alias BRIGHTNESS1 = /bin/sh -c ''echo 50 > /proc/acpi/video/VID1/LCD0/brightness''
Cmnd_Alias BRIGHTNESS2 = /bin/sh -c ''echo 100 > /proc/acpi/video/VID1/LCD0/brightness''
I can try making a script, but I want to figure out how to get it "right" in sudoers. :-D
Dusty
Offline
What about:
xbacklight -set 50
xbacklight -set 100
BTW in my opinion 50 should be the default setting, can't this be changed (in the package)? Who wants full backlight/brightness, it hurts your eyes!
Offline
Maybe try
Cmnd_Alias BRIGHTNESS1 = "/bin/sh -c 'echo 50 > /proc/acpi/video/VID1/LCD0/brightness'"
Cmnd_Alias BRIGHTNESS2 = "/bin/sh -c 'echo 100 > /proc/acpi/video/VID1/LCD0/brightness'"
noobus in perpetuus
Offline
How about putting scripts "brightup" and "brightdown" in /usr/bin and adding:
dusty ALL=(ALL) NOPASSWD: /usr/bin/brightup
dusty ALL=(ALL) NOPASSWD: /usr/bin/brightdown
Maybe not the best way, but I think it is the simplest.
I don't think what you are trying is what Cmnd_Alias is for. I though this was for specifying multiple commands in one go. e.g
Cmnd_Alias BRIGHT = /usr/bin/brightup, /usr/bin/brightdown
dusty ALL=(ALL) NOPASSWD: BRIGHT
It follows, there is no need for Cmnd_Alias alias for HALT.
Last edited by Allan (2008-03-03 22:25:49)
Offline
It is definitely possible to do it in the sudoers file.
Looking in the manpage, programs in the Cmnd_Alias can take arguments.
That will restrict an user to running the program with those specific arguments.
I did various tests with programs and args to verify this.
The strange thing is, I tested dusty's command with a pair of single-quotes and it works for me. Without that
it wasn't working at all, I would get a message that my user was not permitted to run the command as root. In
dusty's case it's still letting him run the program, but he needs to supply the password.
I'm curious as to why that is, the difference seems significant.
dusty, I suppose you know that you have to exit visudo for any changes to take effect. Would you be opposed
to posting your whole sudoers? sudo is so finicky, it can be hard to figure out why things aren't working, maybe
seeing the whole thing would help.
Offline
The 'xbacklight' solution works for me so I'm satisfied, but I'm still curious. Here's my sudoers:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
Cmnd_Alias HALT = /sbin/halt
Cmnd_Alias BRIGHTNESS1 = /bin/sh -c ''echo 50 > /proc/acpi/video/VID1/LCD0/brightness''
Cmnd_Alias BRIGHTNESS2 = /bin/sh -c ''echo 100 > /proc/acpi/video/VID1/LCD0/brightness''
#Cmnd_Alias BRIGHTNESS = /bin/sh -c ''echo 50 > /proc/acpi/video/VID1/LCD0/brightness'', \
#/bin/sh -c ''echo 100 > /proc/acpi/video/VID1/LCD0/brightness''
# Defaults specification
# Runas alias specification
# User privilege specification
root ALL=(ALL) SETENV: ALL
dusty ALL=(ALL) ALL
dusty ALL=NOPASSWD: HALT
dusty ALL=NOPASSWD: BRIGHTNESS1
dusty ALL=NOPASSWD: BRIGHTNESS2
# Uncomment to allow people in group wheel to run all commands
# and set environment variables.
# %wheel ALL=(ALL) SETENV: ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Defaults:dusty env_keep+=PYTHONPATH
Defaults:dusty env_keep+=PYTHONHOME
Defaults:dusty env_delete-=PYTHONPATH
Defaults:dusty env_delete-=PYTHONHOME
~
I had tried putting the commands on one Cmnd_Alias to begin with so I just had to specify one of them later on, as they go hand in hand. I keep the Cmnd_Alias for HALT from old habit -- I used to have /sbin/halt, /sbin/reboot and a couple others all under one Cmnd_Alias. Its not necessary to have it in a Cmnd_Alias, but I find it keeps my file cleaner.
I did exit visudo in between testing and I'd run sudo -k to reset the password timestamp.
Dusty
Offline
I made a script to change brightness:
#!/bin/bash
CUR=`cat /sys/class/backlight/acpi_video0/brightness`
FONT="-adobe-helvetica-bold-*-*-*-34-*-*-*-*-*-*-*"
case "$1" in
plus)
if [ "$CUR" = 100 ]; then
echo brigthness is already max > /tmp/brightness
/usr/bin/osd_cat -pbottom -o20 -Acenter -c red -f$FONT -a2 -l1 -d1 --outline=1 --outlinecolour=black /tmp/brightness
exit 0
fi
NEW=`calc "$CUR"+10`
;;
minus)
if [ "$CUR" = 30 ]; then
echo brigthness is already min > /tmp/brightness
/usr/bin/osd_cat -pbottom -o20 -Acenter -c red -f$FONT -a2 -l1 -d1 --outline=1 --outlinecolour=black /tmp/brightness
exit 0
fi
NEW=`calc "$CUR"-10`
;;
*)
echo "usage: $0 {plus|minus}"
esac
echo new brightness is: $NEW > /tmp/brightness
/bin/echo -n $NEW > /sys/class/backlight/acpi_video0/brightness
/usr/bin/osd_cat -pbottom -o20 -Acenter -c green -f$FONT -a2 -l1 -d1 --outline=1 --outlinecolour=black /tmp/brightness
and then in /etc/sudoers just added:
Cmnd_Alias PLUS = /scripts/brightness
papio ALL = NOPASSWD: PLUS
now it does not ask for password anymore
Zygfryd Homonto
Offline