[sudo-users] '%wheel ALL=(ALL) NOPASSWD: ALL' prompt
Kai Hendry
hendry at webconverger.com
Sun Jan 15 07:02:29 MST 2017
Hi all,
I use:
%wheel ALL=(ALL) NOPASSWD: ALL
in my /etc/sudoers since I am not prepared to type in a password when
I need sudo. In my system I use a password for:
1) Decrypting my cryptroot
2) Unlocking my ssh key and setting up ssh-agent
3) Nope... really don't want to enter more passwords at this point
I do have a user password since I use a screen locker
http://tools.suckless.org/slock/ when I walk away from my running
(decrypted) computer.
Nonetheless I don't ask for a user password on boot since I feel
entering the initial decrypt password was sufficient. I don't care for
a root password, but it has been set. So four passwords to get a
typical system going... PITA. My only respite is trying not to type
them!
So here's my issue with my setup. If a script has `sudo
something-dangerous` from say Archlinux's AUR, I wouldn't know it ran.
I realise I could:
journalctl /bin/sudo -f
And somehow ignore the noise of session {opened, closed}, but I
don't.. I want an *opt-in experience*.
My ideal experience would be something like a red border around the
Xorg screen when a sudo operation on my local system is asked to be
run, and I would click some key basically to accept or deny the
prompt. Has anyone done something like that? I don't want some other
form of identification like fingerprint reader btw. I just want a
prompt without a password. Bonus points if the prompt tells me what
command and process is trying to get sudo running.
I hope this is not a too crazy/stupid/impractical idea.
Thanks!
More information about the sudo-users
mailing list