You must log in or register to comment.
sudo chmod +x * can solve it sometimes
sudo steam
sudo -u root bashftwOr sudo bash
Missing the
-i.The
-iis not required.It’s silent.
Real pros shuffle across the carpet to build a static charge and do their system administration by electrical fault injection.
REAL pros use butterflies!
Dammit, emacs.
Still not as bad as
chmod -R 777.Jesus, every time I have to run glx or vaapi under a container I end up having to do this then cringe.
You don’t need to
Nah, there’s something broken, I think it’s because group render under the container has a different GID than the container so the acl fails and you either sudo or chmod.
Lxc is still a little wobbly in places.
I use podman and since it runs as my user it has exactly same same permissions as me. I just add my user to the proper group and it works.
Anyway for LXC you could just passthough a folder and then create a file. From there you can look at the file on the host to see who owns it. That will give you the needed information to set permissions correctly
Ahh, I’m running priveleged containers, I wrote my own scripted framework for containers around lxc in mostly python.
Basically I fell head over heels in love with freebsd jails and wanted them on Linux, then started running x11 apps in them, it’s my heroin.
Haven’t used podman outside proper k8s for work, did proxmox for a bit, but it was just a webgui for the same thing.
There were a bunch of online bug reports about the /dev/dri issue, maybe there’s a better solution now, but since this is my workstation I wasn’t as worried about security.
from the chmod or from the containers?
From the chmod, I love running games and shit under containers.
As a one time noob I may have done this once or more.
To get one thing working I borked everything.
Understanding permissions is pretty basic. But understanding permission requirements for system and user apps and their config and dirs can be a bit overwhelming at first.
Thinking a little change to make your life simpler will break something else doesn’t always register immediately.
Shit, even recently, wondering why my SSH keys were being refused and realising that somehow i set my private keys world readable.
Thank god SSH checks file and dir permission.
Once had a friend run
sudo chmod -R 777 /on a (public) Minecraft server we were running back in highschool. It made me die a bit on the inside.Doesn’t it break a lot of things? Half the stuff refuses to work when some specific files have too permissive chmod.
Really only SSH and sudo broke. sudo would still work but you’d have to re-enter your password every time. It was a painful experience and I’m glad I know better now.
Goodbye ssh access
Can’t programs steal sudo access if the timeout isn’t 0?
If on a brand new rig, it’s allowed.
What?
Oh, sorry, I misread programs as programmers 😁.
And no, I don’t think so. Credentials need to be cleared before exectution.
Okay. So you must invoke sudo fr on the exact same shell? It cant be taken from a subsequent script?
Credentials are inherited by every child process that the parent process invokes. Thus, if you give root credentials to a command, every subsequent command that the original one invokes will have root credentials.
There are some exceptions, but these are special case scenarios and are literally only a few.
That doesnt at all answer my concern but I’ll interpret the answer as no it doesn’t do that.
Sorry (again 😂, this happens quite a lot with you, lol), it’s early in the morning here, didn’t have my coffee yet.
If the question is can privileges be escalate later on while a command or a script is executing, the answer is yes. You can also deescalate them once the root creds stuff is done executing. You just have to make it clear in the script or the command that “you do this with root creds, but then you continue with user creds”.
The point I was trying to make with my previous comment was that, if a process (command, script, whatever) is ran with root privileges, every program, command, script it invokes later on is ran with root privileges, unless it’s specifically noted to run this or that part with some other privileges.
I’m partial to sudo bash myself 👌
Reminds me of software saying to put your docker socket into the docker container you are starting for convenience.
Oh yeah, I’m docking the shit ot of that container!
sudo -i ?
Use Sudo -i instead. Sudo su is like cat file | grep pattern vs grep pattern file. You’re wasting resources.
Our crappy vendor software will only function if IPv6 is disabled network wide. Even if one machine has it enabled, the whole thing breaks
Lol our former crappy vendor solution required to be run directly from AD Administrator. Pure luck the entire business didn’t collapse before we replaced it.
A thread I read a long time ago on r/sysadmin
That’s at least once a week
sudo !!:p
I get tired of typing the same command twice.
helenslunch doesn’t know about
sudo !!
Not even arrow keys
sudo su -c “man man”
then at first day of work:
just use sudo su, we don’t have all day here.
And you give them the look and they shut up.
“You’re absolutely right, we wouldn’t want to take too long to break the network or open god rights vulnerabilities”
