Re: Doing Linux admin work with Emacs

[pjb@informatimago.com (Pascal J. Bourguignon)]

bebop52 <gruenderteam.berlin@googlemail.com> writes:

> Hello,
> I think it's very nice to use emacs as "operating system" on top of
> linux (Ubuntu Lucid 10.0.4 in my case).  Especially dired is a
> wonderful tool in my eyes.
>
> When I start Gnu Emacs 23.1.1 with "myUser$ sudo emacs" (with myUser
> having admin rights)  I can do everything I want, since Emacs acts as
> root-user.  Which is very comfortable, but has a few negative side-
> effects:
>
> a) It means any new files/folders have owner and group 'root', but
> should have owner 'myUser' and group 'myUsersGroup'.
>
> b) Furthermore, many programs put some files or folders in the active
> users home directory during installation. For example maven puts its
> repo under  ~/.m2/repository/. My maven repository ended up under
> root/.m2/repository/, because emacs acted as root user, so that was
> the home directory.
>
> c) Isn't it very dangerous to do websurfing with w3m after starting
> emacs with "sudo emacs"? Any malware could potentially act as root
> user, if there are security wholes in w3m or emacs. But when I do
> admin work, I always have to google some stuff and end up in the web.

Indeed.  You should not do user stuff as root.  It's too easy to make a
mistake or to trip by some malware.


> On the other hand, if I do "myUser$ emacs" (with myUser having admin
> rights), without sudo, I can do admin work from the eshell using sudo
> when necessary. But what about dired, for example? How can I give
> emacs dired temporarily and in a controlled way admin rights (via
> sudo) while running it as 'myUser' and not as 'root'?

You can still open files as root with a user emacs, using tramp.

C-x C-f /root@localhost:/etc/hosts RET

Notice also that when you run a shell command with M-! or M-| from a
tramp buffer, the command is actually sent to the remote, ie. to the
root account in this case.




There's one problem when launching a command with sudo in M-x shell: you
cannot kill it with emacs C-c C-c, since emacs runs as a normal user, it
cannot kill the sudo'ed process.

For this reason, I usually still keep an xterm with screen, and in one
of the screens, I su to root, and from here, I launch an emacs (on X).
When I have a lot of root stuff to do (eg. install new packages, edit
configuration files), I go to this root emacs (my .emacs sets it in a
different color theme, with lots of reds, so that I don't forget to
switch back to my user emacs when I'm done with root stuff).

There's one inconvenient with this setup: my console has always a few
root shells available, so it should be in a secure environment.  If
there are people you don't trust root around you, you cannot leave your
console unattended.  On the other hand, it also has one advantage.  In
case of big botch up of your system you still have a couple of root
shells which can help you save the day, even if the botching up would
prevent root to log in (but this should not occur often, once or twice a
life time, I hope).  Last time it helped, was when I tried to debug a
script containing a: 

    rm -rf $dir/$subdir

command, as root...  Better write it as:

    [ "$dir/$subdir" = "/" ] || rm -rf "$dir/$subdir"


-- 
__Pascal Bourguignon__                     http://www.informatimago.com/