Re: remote file editing over ssh with emacs 22.3.1 on Windows

[Tim X <timx@nospam.dev.null>]

Chris Withers <chris@simplistix.co.uk> writes:

> Peter Dyballa wrote:
>>
>> When you write this, at which protocols do you think? 
>
> SSH.
>
>> When it's every protocol, then the only chance is to SSH login as some
>> user, become superuser in that user's login shell, and then send GNU
>> Emacs as client to your local X server over SSH.
>
> I don't know what this means. I do know that most of the servers will not
> be running X of any description.
>
> cheers,
>

Let me just recap to make sure I understand the problem.

1. You use tramp to edit files remotely as a normal user
2. sometimes, you need to edit a remote file that requires root privs.
3. You cannot ssh to the remote host as root

There are two possible solutions I can think of. The first is a type of
tramp multi-hop connection method. i.e. from the manual

   Opening `/sudo:randomhost.your.domain:' would connect first
`randomhost.your.domain' via `ssh' under your account name, and perform
`sudo -u root' on that host afterwards.  It is important to know that
the given method is applied on the host which has been reached so far.
`sudo -u root', applied on your local host, wouldn't be useful here.

For this to work, you would need to have sudo configured on the remote
host. As you have root access to edit files, you shold be able to do
this.

The second method involves taking advantage of X11. The remote servers
don't need full X11 support for this to work, though some X11 libs are
required. For an X11 connection, a lot depends on how you are
connected. Its ideal for a LAN, works OK for reasonably fast WANs, such
as DSL and can work over modem dialup at 56k (though in that case, you
would want to use one of the X11 compression protocols). For this method
to work, you enable X11 forwarding in the ssh configuration (see the ssh
manual). This option is often enabled by default on Linux systems. 

When you start a remote emacs, all the display stuff is handled by your
local X session. If your network speed is adequate, its just like
running emacs locally. 

However, a question I have to ask is how often do you really need to
edit files as root? At one time, I was responsible for maintaining a key
system on servers that were scattered all over the country. The company
I worked for had a very strict policy on root access. With only a small
amount of analysis, we found that we were able to reconfigure things so
that over 90% of what I needed to do could be done without root
access. Maybe you could do something similar? Its good practice to only
run things as root when they absolutely need those privs. Unfortunately,
there is a considerable frequency of systems where either through lazy
admins or lack of skill/knowledge, programs run as root when they don't
need to because admins don't have the knowledge, time or resources to
configure things otherwise. There are actualy only a few key reasons
things need to run as root - for example, binding to ports below
1024. Even in these cases, many well written programs will rn as root to
bind to the socket and then drop back to a less privileged user for
normal operation. 

Another solution is to use a different group and have the files owned by
that group (using the sticky bit on group directory permissions can
ensure any files created in that directory are in that group). Then, you
add that group to your user account and adjust the file permissions to
allow members of that group to edit the file. You then don't need root
authority to edit these files.

HTH

Tim




-- 
tcross (at) rapttech dot com dot au