Closed mattmahn closed 6 years ago
@mettmahn you mean the sudo asks for password? Could you elaborate a bit? I haven't encountered this before.
If the script is not run as root or factorio user, the following line prompts for a password:
https://github.com/factoriommo/factorio-multienv-ctl/blob/master/factorio#L79
As a workaround you can run for example sudo factorio status
for the time being. The actual server will be run as factorio user and not as root.
Ah, okay. This is launched by hand, right? Not via systemd services?
AFAIK commands like new-game
need to su
into the factorio user, and the start/stop commands call systemctl, so you need the appropriate privileges or it will ask you to identify in order to get those privileges.
Yes, by hand, @psihius
matt@instance-1:/opt/factorio/factorio$ factorio new-game 'some-new-game'
Password:
Password:
Password:
Password:
Password:
Password:
Password:
As you can see it prompted for the factorio user's password 7 times, which is rather excessive.
@maikelwever Yeah, I see that. I'm just suggesting the line be changed to sudo -u $USERNAME -s /bin/bash "$1"
so that—if somebody doesn't run factorio
as root or their factorio user—they are not prompted many times to enter the same password. By default, sudo
will cache credentials, so in this case I would've been prompted to enter the password once (see passwd_timeout
in sudoers(5)).
Well, we can't just rely on sudo because we ourselves use this on debian - we don't have sudo, so either we make sudo a prerequisite, or we need to think what to do about this.
@mattmahn But if you do sudo -u factorio factorio new-game gamename
- does it ask for the password multiple times?
We can just add sudo to the dependencies, it'll be fine.
@maikelwever or check if sudo is installed and use it when it is. I know some people will not install sudo at all no matter what.
@psihius It's actually not prompting for the password at all running that, even after clearing the cache with sudo -k
/sudo -K
…
@maikelwever or check if sudo is installed and use it when it is. I know some people will not install sudo at all no matter what.
@psihius it that really something we want to care about? Most of those people also hate systemd (which we depend on), and don't install proprietary binaries anyway.
@mattmahn well, probably because factorio
is a passwordless non-loginable user, is it @maikelwever ?
@maikelwever well, maybe then just use sudo all the way. Easier solution :)
Passwordlessness in sudo must be configured by the user and we don't. Else we would already depend on sudo ;)
@mattmahn's current account is probably passwordless, or he is running your example as root.
Well, I did set the password for the factorio user, so I do get prompted when I su factorio
.
su and sudo are different systems. su logins as the user you 'su' to, so you need to enter that user's password, except if you are already root.
sudo uses a configuration allowing certain users/groups to run sudo. Sudo asks for your users own password, and then becomes root and switches to the given user (or stays root if not given).
You can check the sudo configuration file at /etc/sudoers or using the visudo
command.
@maikelwever okay, that makes more sense then; I didn't know sudo went to root first.
But if I cleared out my (username "matt") cached creds with Turns out GCP Compute Engine doesn't prompt for passwords (sudo -k
, wouldn't I be prompted for my password again when executing sudo -u factorio blah
?%google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL
in /etc/sudoers.d/google_sudoers, and "matt" is a member of google_sudoers).
Yep, this is achieved (in both su and sudo's cases) using the setuid bit. For some more technical background check: https://en.wikipedia.org/wiki/Setuid
Your initial suggestion is still valid though to prevent from asking for password multiple times.
@maikelwever could you please find some time, figure what should be done here or close it if nothing needs to be changed? This is a bit out of my league.
Being prompted to enter the factorio user's password several times in a row is weird, and made me think something was broken. I think if
as_user
doessudo -u $USERNAME
the user will only be prompted for the user password once while the credential is cached (by default, 5 minutes). I think it my also be helpful to explicitly say the password prompt is for $USER.