From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.help Subject: Re: Finding simpler better sudo for Emacs Date: Wed, 31 Mar 2021 09:27:53 +0300 Message-ID: References: <8735wcogti.fsf@gmail.com> <87pmzfkh31.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="18885"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0.6 (2021-03-06) Cc: help-gnu-emacs@gnu.org To: Utkarsh Singh Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Wed Mar 31 08:35:24 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lRURo-0004kI-DS for geh-help-gnu-emacs@m.gmane-mx.org; Wed, 31 Mar 2021 08:35:24 +0200 Original-Received: from localhost ([::1]:55488 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRURn-0003eN-EZ for geh-help-gnu-emacs@m.gmane-mx.org; Wed, 31 Mar 2021 02:35:23 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:38280) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRUOr-0001kB-DT for help-gnu-emacs@gnu.org; Wed, 31 Mar 2021 02:32:21 -0400 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:59799) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRUOo-0004gd-Mi for help-gnu-emacs@gnu.org; Wed, 31 Mar 2021 02:32:20 -0400 Original-Received: from localhost ([::ffff:41.202.241.58]) (AUTH: PLAIN securesender, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 000000000001E1D1.000000006064176E.0000682F; Tue, 30 Mar 2021 23:32:14 -0700 Mail-Followup-To: Utkarsh Singh , help-gnu-emacs@gnu.org Content-Disposition: inline In-Reply-To: <87pmzfkh31.fsf@gmail.com> Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:128785 Archived-At: * Utkarsh Singh [2021-03-31 08:48]: > > You see in this case with redirection of output, it is not so easy to > > provide a command with call-process. > > > Hmm I see the problem with redirection. Do you know any other standard > Emacs way to work with redirection? Maybe temp buffer? There are redirection functions in Emacs. I just do not know now why should I do it with "sudo" and I would not know how to do it. I have no clue where to start. I use this function to give some input as string and receive output: (defun rcd-command-output-from-input (program input &rest args) "Returns output from PROGRAM INPUT with optional ARGS" (let* ((output (with-temp-buffer (insert input) (apply #'call-process-region nil nil program t t nil args) (buffer-string)))) output)) Which then enables me for example to get HTML from markdown: (defun rcd-markdown (text) "Markdown processing" (rcd-command-output-from-input "markdown" text)) And I use the fastest Markdown there is, the Discount Markdown which also includes the command mkd2html, that can quickly create simple HTML pages: (defun rcd-mkd2html (text &optional title author date) "Full page Markdown processing" (let* ((title (if title (format "%% %s\n" title) "% NO TITLE\n")) (author (if author (format "%% %s\n" author) "% NO AUTHOR\n")) (date (if date (format "%% %s\n" date) "% NO DATE")) (header (concat title author date)) (css-line "") (viewport-line "") (text (concat header "\n" text))) (rcd-command-output-from-input "mkd2html" text "-header" viewport-line "-header" css-line))) You see, sudo command helps me run some commands without password if I set sudoers file properly. But then again, to invoke redirection with sudo it requires more fiddling, so I am spawning command "su" with "sudo". Then "su" is calling shell anyway -- so it is not really process calling as Stefan pointed out, it defeats itself right there, if I wish to freely supply command to "sudo", so the default shell is spawned with different user privileges in the shell. Now I have improved it that I can use it with different username. (defun sudo (command &optional username) "Execute COMMAND with system command `sudo'. Optional argument USERNAME executes system command `sudo' with that USERNAME privileges. As this command uses system command `su', it will invoke the default shall of the USERNAME." (let ((not-remote (not (file-remote-p default-directory))) (sudo-buffer (get-buffer-create "*sudo*")) (current-buffer (current-buffer))) (switch-to-buffer sudo-buffer) (erase-buffer) (switch-to-buffer current-buffer) (if not-remote (let* ((username (or username "root")) (sudo `(call-process "sudo" nil ,sudo-buffer t "su" "-c" "--" ,username "-c" ,command)) (status (eval sudo)) (status (if (= 0 status) "Success" status)) (current-buffer (current-buffer)) (output (progn (switch-to-buffer sudo-buffer) (buffer-string)))) (switch-to-buffer current-buffer) (message "%s%s\nStatus: %s" output (prin1-to-string sudo) status)) (message "This `sudo' does not work on remote directory: %s" default-directory)))) That opens possibility to quickly launch browser from different user space, similar to how it is recommended on: How to Run a More Secure Browser https://www.dragonflybsd.org/docs/handbook/RunSecureBrowser/ In this case I use "iceweasel" browser, one could use something else. (defun browse-safe-url (url) "Browse URL with b" (let ((username "louis")) ;; different username than my own ;; Insecurity settings for personal DISPLAY only (shell-command "xhost +") ;; Browse URL with different username (sudo (format "iceweasel \"%s\"" url) username))) -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns