Re: Finding simpler better sudo for Emacs

help-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Finding simpler better sudo for Emacs

From:	Jean Louis
Subject:	Re: Finding simpler better sudo for Emacs
Date:	Wed, 31 Mar 2021 09:27:53 +0300
User-agent:	Mutt/2.0.6 (2021-03-06)

* Utkarsh Singh <utkarsh190601@gmail.com> [2021-03-31 08:48]:
> > You see in this case with redirection of output, it is not so easy to
> > provide a command with call-process.
> >
> Hmm I see the problem with redirection.  Do you know any other standard
> Emacs way to work with redirection? Maybe temp buffer?

There are redirection functions in Emacs. I just do not know now why
should I do it with "sudo" and I would not know how to do it. I have
no clue where to start.

I use this function to give some input as string and receive output:

(defun rcd-command-output-from-input (program input &rest args)
  "Returns output from PROGRAM INPUT with optional ARGS"
  (let* ((output (with-temp-buffer
                  (insert input)
                  (apply #'call-process-region nil nil program t t nil args)
                  (buffer-string))))
    output))

Which then enables me for example to get HTML from markdown:

(defun rcd-markdown (text)
  "Markdown processing"
  (rcd-command-output-from-input "markdown" text))

And I use the fastest Markdown there is, the Discount Markdown which
also includes the command mkd2html, that can quickly create simple
HTML pages:

(defun rcd-mkd2html (text &optional title author date)
  "Full page Markdown processing"
  (let* ((title (if title
                    (format "%% %s\n" title)
                  "% NO TITLE\n"))
         (author (if author
                     (format "%% %s\n" author)
                   "% NO AUTHOR\n"))
         (date  (if date
                    (format "%% %s\n" date)
                  "% NO DATE"))
         (header (concat title author date))
         (css-line "<style> body { max-width: 70ch; line-height: 1.5; padding: 
2ch; margin: auto; font-family: \"Helvetica\", \"Arial\", sans-serif; } 
h1,h2,h3,h4,h5,h6 { line-height: 1.2; } pre { width: 100%; margin: 2ch; 
padding: 1ch; background: #f5deb3; border: 2px solid #777; } pre code { 
tab-width: 4; color #333; } </style>")
         (viewport-line "<meta name=\"viewport\" content=\"width=device-width, 
initial-scale=1\">")
         (text (concat header "\n" text)))
    (rcd-command-output-from-input "mkd2html" text "-header" viewport-line 
"-header" css-line)))

You see, sudo command helps me run some commands without password if I
set sudoers file properly. But then again, to invoke redirection with
sudo it requires more fiddling, so I am spawning command "su" with
"sudo". 

Then "su" is calling shell anyway -- so it is not really process
calling as Stefan pointed out, it defeats itself right there, if I
wish to freely supply command to "sudo", so the default shell is
spawned with different user privileges in the shell.

Now I have improved it that I can use it with different username.

(defun sudo (command &optional username)
  "Execute COMMAND with system command `sudo'.

Optional argument USERNAME executes system command `sudo' with
that USERNAME privileges. 

As this command uses system command `su', it will invoke the
default shall of the USERNAME."
  (let ((not-remote (not (file-remote-p default-directory)))
        (sudo-buffer (get-buffer-create "*sudo*"))
        (current-buffer (current-buffer)))
    (switch-to-buffer sudo-buffer)
    (erase-buffer)
    (switch-to-buffer current-buffer)
    (if not-remote
        (let* ((username (or username "root"))
               (sudo `(call-process "sudo" nil ,sudo-buffer t "su" "-c" "--" 
,username "-c" ,command))
               (status (eval sudo))
               (status (if (= 0 status) "Success" status))
               (current-buffer (current-buffer))
               (output (progn
                         (switch-to-buffer sudo-buffer)
                         (buffer-string))))
          (switch-to-buffer current-buffer)
          (message "%s%s\nStatus: %s" output (prin1-to-string sudo) status))
      (message "This `sudo' does not work on remote directory: %s" 
default-directory))))

That opens possibility to quickly launch browser from different user
space, similar to how it is recommended on:

How to Run a More Secure Browser
https://www.dragonflybsd.org/docs/handbook/RunSecureBrowser/

In this case I use "iceweasel" browser, one could use something else.

(defun browse-safe-url (url)
  "Browse URL with b"
  (let ((username "louis")) ;; different username than my own
    ;; Insecurity settings for personal DISPLAY only
    (shell-command "xhost +")
    ;; Browse URL with different username
    (sudo (format "iceweasel \"%s\"" url) username)))


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Finding simpler better sudo for Emacs, (continued)
- Re: Control of fan-speed on Lenovo Thinkpads, Utkarsh Singh, 2021/03/31
  - Re: Finding simpler better sudo for Emacs, Jean Louis <=

Prev by Date: Re: Best strategy to disable a touchpad on a laptop when in Emacs?
Next by Date: Re: Best strategy to disable a touchpad on a laptop when in Emacs?
Previous by thread: Re: Control of fan-speed on Lenovo Thinkpads
Next by thread: Check and install/update necessary packages when calling them in emacs.
Index(es):
- Date
- Thread