My application tries to execute roots command "sudo ifup eth0" and "sudo ifdown eth0". But it returned an error "sudo: sorry, you must have a tty to run sudo". So, it requires a tty to execute the sudo commands. So, I tried to execute the commands by opening tty sessions
我的应用程序尝试执行根命令“sudo ifup eth0”和“sudo ifdown eth0”。但是它返回了一个错误“sudo:对不起,你必须有一个tty来运行sudo”。因此,执行sudo命令需要一个tty。因此,我尝试通过打开tty session来执行命令
gnome-terminal --command="sudo ifdown eth0" &
xterm -e "sudo ifdown eth0" &
then it worked fine. But I am not able to send the command from newly created gnome-terminal or xterm. i.e., if I close the newly created gnome or xterm windows before they had executed the commands, then the commands were terminated immediately.
那么它工作得很好。但是我不能从新创建的gnome-terminal或xterm发送命令。即。,如果在执行命令之前关闭新创建的gnome或xterm窗口,那么命令将立即终止。
Can you give suggestion how to disable the window from closing by the user or how to make it invisible to the user?
你能给用户提供如何禁用窗口关闭的建议吗?或者如何让用户看不到窗口?
Note: you can test this by using system-config-network command instead of ifdown and ifup
注意:您可以使用system-config-network命令而不是ifdown和ifup来测试这一点
3 个解决方案
#1
2
I would suggest not to use xterm or gnome-terminal to provide a terminal for sudo, but to deal with the "sorry, you must have a tty to run sudo" message directly.
我建议不要使用xterm或gnome-terminal来为sudo提供一个终端,但是要处理“对不起,您必须有一个tty来直接运行sudo”消息。
There is a requiretty option in the sudoers file that makes sudo demand a terminal. If this option is unset with !requiretty and the command is executed with the NOPASSWD option sudo should run without the need to open a new terminal window. There are more details in this serverfault post.
在sudoers文件中有一个必要的选项,使得sudo需要一个终端。如果该选项未被设置为!requiretty并且命令是用NOPASSWD选项sudo执行的,那么sudo应该不需要打开新的终端窗口就可以运行。在这个serverfault post中有更多的细节。
That is how sudo is used for instance in cron scripts.
这就是sudo在cron脚本中使用的方式。
Since requiretty option provides additional security in an environment where sudo is used not only in cron scripts but to let remote users issue commands with elevated privileges, the action of !requiretty can be restricted.
因为requiretty选项在一个环境中提供了额外的安全性,在这个环境中,sudo不仅在cron脚本中使用,而且允许远程用户使用高等级权限发出命令,因此,requiretty的操作可以被限制。
User_Alias LOCAL_USERS = john, mary
Cmnd_Alias NETWORK_SCRIPTS = /sbin/ifup, /sbin/ifdown
Defaults!NETWORK_SCRIPTS !requiretty
LOCAL_USERS ALL = NOPASSWD: NETWORK_SCRIPTS
#2
3
If you run your code within X session, then you can use gksudo instead of sudo:
如果您在X会话中运行代码,那么您可以使用gksudo而不是sudo:
gksudo -m "Your message" /command/to/run
It will prompt user for password (if needed) using nice GUI interface. No need to xterm or gnome-terminal.
它将使用nice GUI界面提示用户输入密码(如果需要的话)。不需要xterm或gnome-terminal。
Effect will be more secure than allowing particular command to run without any password and solution will be more consistent to what users are used to.
效果将比允许不带任何密码的特定命令运行更安全,解决方案将更符合用户的习惯。
#3
2
In general, sudo or su need to prompt for a password, or programs could escalate their privileges without user intervention. If you application needs to elevate for some purpose, you will need to use an xterm or similar. There are difficulties though in getting the return code back (konsole might need --nofork and gnome-terminal might need --disable-factory, but the options sadly vary by version), and it's not easy to get it right on every system. Most unixes and linux distributions provide xterm, but some old Fedora/RHEL/CentOS provide X without xterm, so it's another dependency to think about.
通常,sudo或su需要提示输入密码,或者程序可以在不受用户干预的情况下升级它们的特权。如果您的应用程序需要提高某些用途,您将需要使用xterm或类似的方法。不过,要将返回的代码恢复到原来的版本中存在困难(konsole可能需要——nofork和gnome-terminal可能需要——disable-factory,但遗憾的是,选项因版本不同而不同),而且要在每个系统中正确地使用它并不容易。大多数unix和linux发行版都提供xterm,但是一些旧的Fedora/RHEL/CentOS提供了没有xterm的X,所以这是另一个需要考虑的依赖项。
The command launched by xterm -e sudo -- ... can then do the standard double-fork and setsid. Once the user has entered his password in the xterm, it goes away immediately, but your command runs in the background with elevated privileges. It can connect back to the original program using a socket or fifo to run as a root co-process.
xterm -e sudo发布的命令……然后可以做标准的双叉和setsid。一旦用户在xterm中输入了密码,它就会立即消失,但是您的命令在后台运行时具有更高的权限。它可以使用一个套接字或fifo连接回原来的程序,以作为根协作进程运行。
The daemon or disown commands or similar might be useful if you want to wrap an existing application in a double-fork & setsid (eg, xterm -e sudo -- daemon system-config-network or perhaps xterm -e sudo -- bash -c "system-config-network & disown -a").
如果您想要将现有的应用程序包在一个双叉和setsid(例如,xterm -e sudo——守护进程系统-config-network,或者可能是xterm -e sudo—bash -c“系统-config-network & disown -a”)中,那么守护进程或disown命令或类似的命令可能会非常有用。
#1
2
I would suggest not to use xterm or gnome-terminal to provide a terminal for sudo, but to deal with the "sorry, you must have a tty to run sudo" message directly.
我建议不要使用xterm或gnome-terminal来为sudo提供一个终端,但是要处理“对不起,您必须有一个tty来直接运行sudo”消息。
There is a requiretty option in the sudoers file that makes sudo demand a terminal. If this option is unset with !requiretty and the command is executed with the NOPASSWD option sudo should run without the need to open a new terminal window. There are more details in this serverfault post.
在sudoers文件中有一个必要的选项,使得sudo需要一个终端。如果该选项未被设置为!requiretty并且命令是用NOPASSWD选项sudo执行的,那么sudo应该不需要打开新的终端窗口就可以运行。在这个serverfault post中有更多的细节。
That is how sudo is used for instance in cron scripts.
这就是sudo在cron脚本中使用的方式。
Since requiretty option provides additional security in an environment where sudo is used not only in cron scripts but to let remote users issue commands with elevated privileges, the action of !requiretty can be restricted.
因为requiretty选项在一个环境中提供了额外的安全性,在这个环境中,sudo不仅在cron脚本中使用,而且允许远程用户使用高等级权限发出命令,因此,requiretty的操作可以被限制。
User_Alias LOCAL_USERS = john, mary
Cmnd_Alias NETWORK_SCRIPTS = /sbin/ifup, /sbin/ifdown
Defaults!NETWORK_SCRIPTS !requiretty
LOCAL_USERS ALL = NOPASSWD: NETWORK_SCRIPTS
#2
3
If you run your code within X session, then you can use gksudo instead of sudo:
如果您在X会话中运行代码,那么您可以使用gksudo而不是sudo:
gksudo -m "Your message" /command/to/run
It will prompt user for password (if needed) using nice GUI interface. No need to xterm or gnome-terminal.
它将使用nice GUI界面提示用户输入密码(如果需要的话)。不需要xterm或gnome-terminal。
Effect will be more secure than allowing particular command to run without any password and solution will be more consistent to what users are used to.
效果将比允许不带任何密码的特定命令运行更安全,解决方案将更符合用户的习惯。
#3
2
In general, sudo or su need to prompt for a password, or programs could escalate their privileges without user intervention. If you application needs to elevate for some purpose, you will need to use an xterm or similar. There are difficulties though in getting the return code back (konsole might need --nofork and gnome-terminal might need --disable-factory, but the options sadly vary by version), and it's not easy to get it right on every system. Most unixes and linux distributions provide xterm, but some old Fedora/RHEL/CentOS provide X without xterm, so it's another dependency to think about.
通常,sudo或su需要提示输入密码,或者程序可以在不受用户干预的情况下升级它们的特权。如果您的应用程序需要提高某些用途,您将需要使用xterm或类似的方法。不过,要将返回的代码恢复到原来的版本中存在困难(konsole可能需要——nofork和gnome-terminal可能需要——disable-factory,但遗憾的是,选项因版本不同而不同),而且要在每个系统中正确地使用它并不容易。大多数unix和linux发行版都提供xterm,但是一些旧的Fedora/RHEL/CentOS提供了没有xterm的X,所以这是另一个需要考虑的依赖项。
The command launched by xterm -e sudo -- ... can then do the standard double-fork and setsid. Once the user has entered his password in the xterm, it goes away immediately, but your command runs in the background with elevated privileges. It can connect back to the original program using a socket or fifo to run as a root co-process.
xterm -e sudo发布的命令……然后可以做标准的双叉和setsid。一旦用户在xterm中输入了密码,它就会立即消失,但是您的命令在后台运行时具有更高的权限。它可以使用一个套接字或fifo连接回原来的程序,以作为根协作进程运行。
The daemon or disown commands or similar might be useful if you want to wrap an existing application in a double-fork & setsid (eg, xterm -e sudo -- daemon system-config-network or perhaps xterm -e sudo -- bash -c "system-config-network & disown -a").
如果您想要将现有的应用程序包在一个双叉和setsid(例如,xterm -e sudo——守护进程系统-config-network,或者可能是xterm -e sudo—bash -c“系统-config-network & disown -a”)中,那么守护进程或disown命令或类似的命令可能会非常有用。