all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Jean Louis <bugs@gnu.support>
To: Utkarsh Singh <utkarsh190601@gmail.com>
Cc: help-gnu-emacs@gnu.org
Subject: Re: Finding simpler better sudo for Emacs
Date: Wed, 31 Mar 2021 09:27:53 +0300	[thread overview]
Message-ID: <YGQWaQFOJrfehvwY@protected.localdomain> (raw)
In-Reply-To: <87pmzfkh31.fsf@gmail.com>

* Utkarsh Singh <utkarsh190601@gmail.com> [2021-03-31 08:48]:
> > You see in this case with redirection of output, it is not so easy to
> > provide a command with call-process.
> >
> Hmm I see the problem with redirection.  Do you know any other standard
> Emacs way to work with redirection? Maybe temp buffer?

There are redirection functions in Emacs. I just do not know now why
should I do it with "sudo" and I would not know how to do it. I have
no clue where to start.

I use this function to give some input as string and receive output:

(defun rcd-command-output-from-input (program input &rest args)
  "Returns output from PROGRAM INPUT with optional ARGS"
  (let* ((output (with-temp-buffer
		  (insert input)
		  (apply #'call-process-region nil nil program t t nil args)
		  (buffer-string))))
    output))

Which then enables me for example to get HTML from markdown:

(defun rcd-markdown (text)
  "Markdown processing"
  (rcd-command-output-from-input "markdown" text))

And I use the fastest Markdown there is, the Discount Markdown which
also includes the command mkd2html, that can quickly create simple
HTML pages:

(defun rcd-mkd2html (text &optional title author date)
  "Full page Markdown processing"
  (let* ((title (if title
		    (format "%% %s\n" title)
		  "% NO TITLE\n"))
	 (author (if author
		     (format "%% %s\n" author)
		   "% NO AUTHOR\n"))
	 (date  (if date
		    (format "%% %s\n" date)
		  "% NO DATE"))
	 (header (concat title author date))
	 (css-line "<style> body { max-width: 70ch; line-height: 1.5; padding: 2ch; margin: auto; font-family: \"Helvetica\", \"Arial\", sans-serif; } h1,h2,h3,h4,h5,h6 { line-height: 1.2; } pre { width: 100%; margin: 2ch; padding: 1ch; background: #f5deb3; border: 2px solid #777; } pre code { tab-width: 4; color #333; } </style>")
	 (viewport-line "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">")
	 (text (concat header "\n" text)))
    (rcd-command-output-from-input "mkd2html" text "-header" viewport-line "-header" css-line)))

You see, sudo command helps me run some commands without password if I
set sudoers file properly. But then again, to invoke redirection with
sudo it requires more fiddling, so I am spawning command "su" with
"sudo". 

Then "su" is calling shell anyway -- so it is not really process
calling as Stefan pointed out, it defeats itself right there, if I
wish to freely supply command to "sudo", so the default shell is
spawned with different user privileges in the shell.

Now I have improved it that I can use it with different username.

(defun sudo (command &optional username)
  "Execute COMMAND with system command `sudo'.

Optional argument USERNAME executes system command `sudo' with
that USERNAME privileges. 

As this command uses system command `su', it will invoke the
default shall of the USERNAME."
  (let ((not-remote (not (file-remote-p default-directory)))
	(sudo-buffer (get-buffer-create "*sudo*"))
	(current-buffer (current-buffer)))
    (switch-to-buffer sudo-buffer)
    (erase-buffer)
    (switch-to-buffer current-buffer)
    (if not-remote
	(let* ((username (or username "root"))
	       (sudo `(call-process "sudo" nil ,sudo-buffer t "su" "-c" "--" ,username "-c" ,command))
	       (status (eval sudo))
	       (status (if (= 0 status) "Success" status))
	       (current-buffer (current-buffer))
	       (output (progn
			 (switch-to-buffer sudo-buffer)
			 (buffer-string))))
	  (switch-to-buffer current-buffer)
	  (message "%s%s\nStatus: %s" output (prin1-to-string sudo) status))
      (message "This `sudo' does not work on remote directory: %s" default-directory))))

That opens possibility to quickly launch browser from different user
space, similar to how it is recommended on:

How to Run a More Secure Browser
https://www.dragonflybsd.org/docs/handbook/RunSecureBrowser/

In this case I use "iceweasel" browser, one could use something else.

(defun browse-safe-url (url)
  "Browse URL with b"
  (let ((username "louis")) ;; different username than my own
    ;; Insecurity settings for personal DISPLAY only
    (shell-command "xhost +")
    ;; Browse URL with different username
    (sudo (format "iceweasel \"%s\"" url) username)))


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns



  reply	other threads:[~2021-03-31  6:27 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <8735wcogti.fsf@gmail.com>
     [not found] ` <YGNq8IGh12I+QL9I@protected.localdomain>
2021-03-31  5:49   ` Control of fan-speed on Lenovo Thinkpads Utkarsh Singh
2021-03-31  6:27     ` Jean Louis [this message]
2021-03-29 20:36 Jean Louis
2021-03-30  8:12 ` Michael Albinus
2021-03-30  9:44   ` Jean Louis
2021-03-30 10:13     ` Michael Albinus
2021-03-30 10:23       ` Finding simpler better sudo for Emacs Jean Louis
2021-03-30 10:34         ` Michael Albinus
2021-03-30 10:43           ` Jean Louis
2021-03-30 10:52             ` Michael Albinus
2021-03-30 11:05               ` Jean Louis
2021-03-30 11:13                 ` Michael Albinus
2021-03-30 11:40                   ` Jean Louis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YGQWaQFOJrfehvwY@protected.localdomain \
    --to=bugs@gnu.support \
    --cc=help-gnu-emacs@gnu.org \
    --cc=utkarsh190601@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.