From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: pjb@informatimago.com (Pascal J. Bourguignon) Newsgroups: gmane.emacs.help Subject: Re: Doing Linux admin work with Emacs Date: Wed, 13 Oct 2010 14:19:57 +0200 Organization: Informatimago Message-ID: <8762x6jnde.fsf@kuiper.lan.informatimago.com> References: <70fd06bf-4566-4274-9381-ee569700cabd@n40g2000vbb.googlegroups.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1291870606 13854 80.91.229.12 (9 Dec 2010 04:56:46 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 9 Dec 2010 04:56:46 +0000 (UTC) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Thu Dec 09 05:56:42 2010 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PQYYb-0003yo-P5 for geh-help-gnu-emacs@m.gmane.org; Thu, 09 Dec 2010 05:56:41 +0100 Original-Received: from localhost ([127.0.0.1]:48348 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PQYYa-0000YK-IQ for geh-help-gnu-emacs@m.gmane.org; Wed, 08 Dec 2010 23:56:40 -0500 Original-Path: usenet.stanford.edu!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail Original-Newsgroups: gnu.emacs.help Original-Lines: 77 Original-X-Trace: individual.net cGYcOlmsvN6b5J3gZWFeAQ23n5vYTo/yoRC3jMOYzErkVrIzlS Cancel-Lock: sha1:ODFjOGNhMmJjNmI2MjQ4N2ZjNWNkYWJmNDJiOWY5MDlmYmQyMzY3OA== sha1:d+BWxH4tnHY05LpoJpzJe40YOP4= Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwAQMAAABtzGvEAAAABlBMVEUAAAD///+l2Z/dAAAA oElEQVR4nK3OsRHCMAwF0O8YQufUNIQRGIAja9CxSA55AxZgFO4coMgYrEDDQZWPIlNAjwq9 033pbOBPtbXuB6PKNBn5gZkhGa86Z4x2wE67O+06WxGD/HCOGR0deY3f9Ijwwt7rNGNf6Oac l/GuZTF1wFGKiYYHKSFAkjIo1b6sCYS1sVmFhhhahKQssRjRT90ITWUk6vvK3RsPGs+M1RuR mV+hO/VvFAAAAABJRU5ErkJggg== X-Accept-Language: fr, es, en X-Disabled: X-No-Archive: no User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) Original-Xref: usenet.stanford.edu gnu.emacs.help:181754 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.help:76691 Archived-At: bebop52 writes: > Hello, > I think it's very nice to use emacs as "operating system" on top of > linux (Ubuntu Lucid 10.0.4 in my case). Especially dired is a > wonderful tool in my eyes. > > When I start Gnu Emacs 23.1.1 with "myUser$ sudo emacs" (with myUser > having admin rights) I can do everything I want, since Emacs acts as > root-user. Which is very comfortable, but has a few negative side- > effects: > > a) It means any new files/folders have owner and group 'root', but > should have owner 'myUser' and group 'myUsersGroup'. > > b) Furthermore, many programs put some files or folders in the active > users home directory during installation. For example maven puts its > repo under ~/.m2/repository/. My maven repository ended up under > root/.m2/repository/, because emacs acted as root user, so that was > the home directory. > > c) Isn't it very dangerous to do websurfing with w3m after starting > emacs with "sudo emacs"? Any malware could potentially act as root > user, if there are security wholes in w3m or emacs. But when I do > admin work, I always have to google some stuff and end up in the web. Indeed. You should not do user stuff as root. It's too easy to make a mistake or to trip by some malware. > On the other hand, if I do "myUser$ emacs" (with myUser having admin > rights), without sudo, I can do admin work from the eshell using sudo > when necessary. But what about dired, for example? How can I give > emacs dired temporarily and in a controlled way admin rights (via > sudo) while running it as 'myUser' and not as 'root'? You can still open files as root with a user emacs, using tramp. C-x C-f /root@localhost:/etc/hosts RET Notice also that when you run a shell command with M-! or M-| from a tramp buffer, the command is actually sent to the remote, ie. to the root account in this case. There's one problem when launching a command with sudo in M-x shell: you cannot kill it with emacs C-c C-c, since emacs runs as a normal user, it cannot kill the sudo'ed process. For this reason, I usually still keep an xterm with screen, and in one of the screens, I su to root, and from here, I launch an emacs (on X). When I have a lot of root stuff to do (eg. install new packages, edit configuration files), I go to this root emacs (my .emacs sets it in a different color theme, with lots of reds, so that I don't forget to switch back to my user emacs when I'm done with root stuff). There's one inconvenient with this setup: my console has always a few root shells available, so it should be in a secure environment. If there are people you don't trust root around you, you cannot leave your console unattended. On the other hand, it also has one advantage. In case of big botch up of your system you still have a couple of root shells which can help you save the day, even if the botching up would prevent root to log in (but this should not occur often, once or twice a life time, I hope). Last time it helped, was when I tried to debug a script containing a: rm -rf $dir/$subdir command, as root... Better write it as: [ "$dir/$subdir" = "/" ] || rm -rf "$dir/$subdir" -- __Pascal Bourguignon__ http://www.informatimago.com/