Remove password prompt for `xbacklight`

amixra · 2023-12-25 15:31:45

I use awesome wm. To adjust brightness, I found only `xbacklight` is capable of changing brightness through the terminal. The issue is that I am mapping a working command with the key binding of `XF86MonBrightnessUp/Down`. But `xbacklight` needs to be executed with `sudo` for adjusting brightness.

sudo xbacklight -inc 5

I did the following to "adjust" that

/etc/sudoers
-----------------------------
amit ALL=NOPASSWD:/usr/bin/xbacklight

and added an alias

alias xbacklight='sudo xbacklight'

but that doesn't help. It still prompts for the password.

seth · 2023-12-25 15:45:52

Because the command you're running is "/usr/bin/xbacklight -inc 5", not "/usr/bin/xbacklight"

But xbacklight talks to the X11 server and should™ under no circumstances require root permissions - on the contrary, sudo is more likely tobreak stuff here.
What error do you get when running "xbacklight -inc 5" w/o sudo?

Edit: or is this acpilight in disguise?
https://man.archlinux.org/man/extra/acp … light.1.en

Last edited by seth (2023-12-25 15:47:30)

amixra · 2023-12-25 17:25:25

seth wrote:

What error do you get when running "xbacklight -inc 5" w/o sudo?

The only error that creates instincts for using sudo

/usr/bin/xbacklight: [Errno 13] Permission denied: '/sys/class/backlight/intel_backlight/brightness'

seth wrote:

Because the command you're running is "/usr/bin/xbacklight -inc 5", not "/usr/bin/xbacklight"

Oh!, I assumed binary name would allow me to have all commands with different arguments without a password prompt.

EDIT: I tried

amit ALL=NOPASSWD:/usr/bin/xbacklight -inc 5

this too didn't help. I wanted to confirm if you have to do anything special for "applying changes" after editing `/etc/sudoers`.

Last edited by amixra (2023-12-25 17:44:07)

Head_on_a_Stick · 2023-12-25 17:34:08

Presuming this is the acpilight package, you need to add your user to the video group.

I prefer brightnessctl.

amixra · 2023-12-25 17:52:13

Head_on_a_Stick wrote:

Presuming this is the acpilight package, you need to add your user to the video group.
I prefer brightnessctl.

I have already tried most of the similar tools before trying to solve the permission issue of xbacklight. None of them works.

$ brightnessctl +10%
Device 'intel_backlight' of class 'backlight':
	Current brightness: 960 (1%)
	Max brightness: 96000

$ brightnessctl +10%
Device 'intel_backlight' of class 'backlight':
	Current brightness: 960 (1%)
	Max brightness: 96000

$ brightnessctl +10%
Device 'intel_backlight' of class 'backlight':
	Current brightness: 960 (1%)
	Max brightness: 96000

It shows values correctly but doesn't create any difference.

`light -S 5000` gives error code 1

EDIT: I found out that I have `acpilight` package installed, I just tried `xorg-xbacklight` too.

$ xbacklight -get
No outputs have backlight property

Last edited by amixra (2023-12-25 17:58:26)

amixra · 2023-12-25 18:07:12

Why aren't we expected to enter a password? when I need to enter the password for editing `/sys/class/backlight/intel_backlight/brightness`.

Head_on_a_Stick · 2023-12-25 18:57:44

The acpilight xbacklight command should work if your user is in the video group and you've either rebooted or reloaded the udev rules since installing the package.

Once your user is in the video group and the brightness file under /sys/class/backlight/$whatever/ is owned by the video group your user should be able to write to it directly using `echo` (or so) without needing elevated permissions.

For brightnessctl it might be controlling the wrong device so check

brightnessctl --list

Then use

brightnessctl --device='$name' --set $value

(Replace $name with the name given in the --list command and replace $value with the actual desired value.)

The xorg-xbacklight version only works for Intel cards.

Last edited by Head_on_a_Stick (2023-12-25 19:00:15)

seth · 2023-12-25 20:24:01

wrt your sudoers (but really just add yourself to the video group), please post the entire sudoers file and all files in /etc/sudoers.d - the order matters.

amixra · 2023-12-26 06:40:26

Ok! I was using the wrong command for brightnessctl and it doesn't roger that.

brightnessctl +10%

instead of

brightnessctl set +10%

So brightnessctl seems to work for me.

Also, I added my user to `video` group. xbacklight still prompts me for password.

$ sudo visudo
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias    WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users.  These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias    ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands.  Often used to group related commands together.
# Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
#                           /usr/bin/pkill, /usr/bin/top
# Cmnd_Alias    REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff

##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file.  Note that other programs use HOME to find   
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods.  Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to restore the historic behavior where a command is run in
## the user's own terminal.
# Defaults !use_pty
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
## Sudo will create up to 2,176,782,336 I/O logs before recycling them.
## Set maxseq to a smaller number if you don't have unlimited disk space.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output
# Defaults maxseq = 1000

##
## Runas alias specification
##

##
## User privilege specification
##
root ALL=(ALL:ALL) ALL
amit ALL=NOPASSWD:/usr/bin/xbacklight -inc 5

## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL:ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL:ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL:ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d

amixra · 2023-12-26 06:49:46

How do you read /etc/sudoers.d directory file content? I can't enter in it using `cd`.

However, I can now map brightnessctl for adjusting brightness but I guess it would be a good idea to get the issue raised in OP solved.

Last edited by amixra (2023-12-26 06:51:34)

seth · 2023-12-26 09:12:25

Also, I added my user to `video` group. xbacklight still prompts me for password.

No, sudo does. Just don't sudo (your alias…) xbacklight.

Edit: if you're in the wheel group, the NOPASSWD rule has to be below
"%wheel ALL=(ALL:ALL) ALL"

The last matching rule wins, so the sudoers order has to be
generic
…
specific

Last edited by seth (2023-12-26 09:14:49)

Head_on_a_Stick · 2023-12-26 10:46:48

If you're using brightnessctl remember to remove your user from the video group and reverse the sudoers change. The brightnessctl command uses the systemd-logind API so it doesn't need those dodgy hacks.

Arch Linux

#1 2023-12-25 15:31:45

Remove password prompt for `xbacklight`

#2 2023-12-25 15:45:52

Re: Remove password prompt for `xbacklight`

#3 2023-12-25 17:25:25

Re: Remove password prompt for `xbacklight`

#4 2023-12-25 17:34:08

Re: Remove password prompt for `xbacklight`

#5 2023-12-25 17:52:13

Re: Remove password prompt for `xbacklight`

#6 2023-12-25 18:07:12

Re: Remove password prompt for `xbacklight`

#7 2023-12-25 18:57:44

Re: Remove password prompt for `xbacklight`

#8 2023-12-25 20:24:01

Re: Remove password prompt for `xbacklight`

#9 2023-12-26 06:40:26

Re: Remove password prompt for `xbacklight`

#10 2023-12-26 06:49:46

Re: Remove password prompt for `xbacklight`

#11 2023-12-26 09:12:25

Re: Remove password prompt for `xbacklight`

#12 2023-12-26 10:46:48

Re: Remove password prompt for `xbacklight`

Board footer