sudo issue

[Karl Auer]

On Mon, 2016-08-08 at 14:47 +0200, Ralf Mardorf wrote:
> On Tue, 2 Aug 2016 21:24:27 +0200, Ralf Mardorf wrote:
> > [weremouse at moonstudio ~]$ echo performance | sudo tee
> > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor 
> Btw.
> 
>   echo performance|sudo tee
> /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
> 
> works with the wildcard.

Why would it not? Every element of the /sys tree, all the way down to
and including scaling_governor, is readable (and for directories,
executable) by all. The wildcard in the pipeline is expanded in YOUR
shell, then sudo is executed and tee is passed the already-expanded
paths. Because it is running with superuser privs, tee can write to the
leaf nodes of those paths.

If any element of the /sys path were not executable by your account,
this command would fail like this:

kauer at kt:~$ mkdir t
kauer at kt:~$ mkdir t/t
kauer at kt:~$ mkdir t/t/t
kauer at kt:~$ sudo chown root:root t/t
kauer at kt:~$ sudo chmod go-rwx t/t
kauer at kt:~$ ls -la t
total 32
drwxrwxr-x   3 kauer kauer  4096 Aug  8 23:14 .
drwxr-xr-x 101 kauer kauer 20480 Aug  8 23:14 ..
drwx------   3 root  root   4096 Aug  8 23:14 t
kauer at kt:~$ ls -la t/t
ls: cannot open directory 't/t': Permission denied
kauer at kt:~$ sudo ls -la t/t
total 12
drwx------ 3 root  root  4096 Aug  8 23:14 .
drwxrwxr-x 3 kauer kauer 4096 Aug  8 23:14 ..
drwxrwxr-x 2 kauer kauer 4096 Aug  8 23:14 t
kauer at kt:~$ sudo ls -la t/*/t
ls: cannot access 't/*/t': No such file or directory
kauer at kt:~$ echo boo | tee t/*/t/fred
tee: 't/*/t/fred': No such file or directory
boo
kauer at kt:~$ echo boo | sudo tee t/*/t/fred
tee: 't/*/t/fred': No such file or directory
boo

Regards, K.


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4