From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Tim X Newsgroups: gmane.emacs.help Subject: Re: remote file editing over ssh with emacs 22.3.1 on Windows Date: Sun, 17 May 2009 11:59:14 +1000 Organization: Rapt Technologies Message-ID: <87d4a87aml.fsf@lion.rapttech.com.au> References: <4A02A04F.6010307@simplistix.co.uk> <83hbzwdazt.fsf@gnu.org> <0F841C30-5A42-4F96-95CE-49FA51BDBDB6@digg.com> <4A04A18F.2020404@simplistix.co.uk> <833abedact.fsf@gnu.org> <4A0543A3.9000007@simplistix.co.uk> <616ABE37-83DE-43D4-A4CA-FE18AD9A3063@Web.DE> <4A05C5FE.20900@simplistix.co.uk> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1242528055 19559 80.91.229.12 (17 May 2009 02:40:55 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 17 May 2009 02:40:55 +0000 (UTC) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Sun May 17 04:40:48 2009 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1M5WIx-0005AT-A6 for geh-help-gnu-emacs@m.gmane.org; Sun, 17 May 2009 04:40:47 +0200 Original-Received: from localhost ([127.0.0.1]:47366 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1M5WIw-0006aV-Lx for geh-help-gnu-emacs@m.gmane.org; Sat, 16 May 2009 22:40:46 -0400 Original-Path: news.stanford.edu!newsfeed.stanford.edu!newshub.sdsu.edu!news.astraweb.com!border1.newsrouter.astraweb.com!not-for-mail Original-Newsgroups: gnu.emacs.help User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.93 (gnu/linux) Cancel-Lock: sha1:WvOfJhim8oVhebsT/T7+0StM5JM= Original-Lines: 83 Original-NNTP-Posting-Host: fe032f5d.news.astraweb.com Original-X-Trace: DXC=oO26]nbOeKl:PIc[8_6SKeL?0kYOcDh@j:TJDfnkk_GhM]_cYjjLQeO[ZI52P` Original-Xref: news.stanford.edu gnu.emacs.help:169253 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.help:64510 Archived-At: Chris Withers writes: > Peter Dyballa wrote: >> >> When you write this, at which protocols do you think? > > SSH. > >> When it's every protocol, then the only chance is to SSH login as some >> user, become superuser in that user's login shell, and then send GNU >> Emacs as client to your local X server over SSH. > > I don't know what this means. I do know that most of the servers will not > be running X of any description. > > cheers, > Let me just recap to make sure I understand the problem. 1. You use tramp to edit files remotely as a normal user 2. sometimes, you need to edit a remote file that requires root privs. 3. You cannot ssh to the remote host as root There are two possible solutions I can think of. The first is a type of tramp multi-hop connection method. i.e. from the manual Opening `/sudo:randomhost.your.domain:' would connect first `randomhost.your.domain' via `ssh' under your account name, and perform `sudo -u root' on that host afterwards. It is important to know that the given method is applied on the host which has been reached so far. `sudo -u root', applied on your local host, wouldn't be useful here. For this to work, you would need to have sudo configured on the remote host. As you have root access to edit files, you shold be able to do this. The second method involves taking advantage of X11. The remote servers don't need full X11 support for this to work, though some X11 libs are required. For an X11 connection, a lot depends on how you are connected. Its ideal for a LAN, works OK for reasonably fast WANs, such as DSL and can work over modem dialup at 56k (though in that case, you would want to use one of the X11 compression protocols). For this method to work, you enable X11 forwarding in the ssh configuration (see the ssh manual). This option is often enabled by default on Linux systems. When you start a remote emacs, all the display stuff is handled by your local X session. If your network speed is adequate, its just like running emacs locally. However, a question I have to ask is how often do you really need to edit files as root? At one time, I was responsible for maintaining a key system on servers that were scattered all over the country. The company I worked for had a very strict policy on root access. With only a small amount of analysis, we found that we were able to reconfigure things so that over 90% of what I needed to do could be done without root access. Maybe you could do something similar? Its good practice to only run things as root when they absolutely need those privs. Unfortunately, there is a considerable frequency of systems where either through lazy admins or lack of skill/knowledge, programs run as root when they don't need to because admins don't have the knowledge, time or resources to configure things otherwise. There are actualy only a few key reasons things need to run as root - for example, binding to ports below 1024. Even in these cases, many well written programs will rn as root to bind to the socket and then drop back to a less privileged user for normal operation. Another solution is to use a different group and have the files owned by that group (using the sticky bit on group directory permissions can ensure any files created in that directory are in that group). Then, you add that group to your user account and adjust the file permissions to allow members of that group to edit the file. You then don't need root authority to edit these files. HTH Tim -- tcross (at) rapttech dot com dot au