How to Open xterm window from a terminal and run a command in background from xterm?

Question

My application tries to execute roots command "sudo ifup eth0" and "sudo ifdown eth0". But it returned an error "sudo: sorry, you must have a tty to run sudo". So, it requires a tty to execute the sudo commands. So, I tried to execute the commands by opening tty sessions

gnome-terminal --command="sudo ifdown eth0" &
xterm -e "sudo ifdown eth0" &

then it worked fine. But I am not able to send the command from newly created gnome-terminal or xterm. i.e., if I close the newly created gnome or xterm windows before they had executed the commands, then the commands were terminated immediately.

Can you give suggestion how to disable the window from closing by the user or how to make it invisible to the user?

Note: you can test this by using system-config-network command instead of ifdown and ifup

score 4 · Accepted Answer · edited Apr 13 '17 at 12:13

4

I would suggest not to use xterm or gnome-terminal to provide a terminal for sudo, but to deal with the "sorry, you must have a tty to run sudo" message directly.

There is a requiretty option in the sudoers file that makes sudo demand a terminal. If this option is unset with !requiretty and the command is executed with the NOPASSWD option sudo should run without the need to open a new terminal window. There are more details in this serverfault post.

That is how sudo is used for instance in cron scripts.

Since requiretty option provides additional security in an environment where sudo is used not only in cron scripts but to let remote users issue commands with elevated privileges, the action of !requiretty can be restricted.

   User_Alias LOCAL_USERS = john, mary
   Cmnd_Alias NETWORK_SCRIPTS = /sbin/ifup, /sbin/ifdown
   Defaults!NETWORK_SCRIPTS     !requiretty
   LOCAL_USERS ALL = NOPASSWD: NETWORK_SCRIPTS

edited Apr 13 '17 at 12:13

Community

1
1

answered Jun 02 '12 at 13:50

Dima Chubarov

16,199
6
40
76

But this will add security flaws in the system... according to this post: http://maymay.net/blog/2010/03/17/how-to-work-around-sorry-you-must-have-a-tty-to-run-sudo-without-sacrificing-security/ – Rajasekhar Jun 02 '12 at 14:21
and I cant edit all the linux systems in a company. Thanks for one suggestion regarding use of NOPASSWD option, which I will use for non-root users – Rajasekhar Jun 02 '12 at 14:24
1

Regarding the security issue that you mention you can restrict !requiretty only to a specific command or user. – Dima Chubarov Jun 02 '12 at 14:48
sudo should require a tty. That's usually acceptable. When you launch sudo, it's likely going to need a password anyway, so you can't rely on it being able to run without user intervention. – Nicholas Wilson Jun 02 '12 at 14:58
Hi Nicholas, any way I am using NOPASSWD option for the network commands in /etc/sudoers file. – Rajasekhar Jun 04 '12 at 07:24
Thanks Dmitri. I am using your solution to do it work. Thanks alot – Rajasekhar Jun 05 '12 at 06:50

Michał Šrajer · Answer 2 · 2012-06-02T15:30:17.170

3

If you run your code within X session, then you can use gksudo instead of sudo:

gksudo -m "Your message" /command/to/run

It will prompt user for password (if needed) using nice GUI interface. No need to xterm or gnome-terminal.

Effect will be more secure than allowing particular command to run without any password and solution will be more consistent to what users are used to.

enter image description here

edited Jun 02 '12 at 15:30

answered Jun 02 '12 at 15:19

Michał Šrajer

30,364
7
62
85

Hi, I am using RHEL5 and gnome session and the command was not found. – Rajasekhar Jun 04 '12 at 07:17
@Rajasekhar: on RHEL/CentOS/Fedora you can use `consolehelper` or `userhelper`, but I don't have experience with those, sorry. – Michał Šrajer Jun 04 '12 at 14:13

Nicholas Wilson · Answer 3 · 2012-06-02T15:09:25.427

In general, sudo or su need to prompt for a password, or programs could escalate their privileges without user intervention. If you application needs to elevate for some purpose, you will need to use an xterm or similar. There are difficulties though in getting the return code back (konsole might need --nofork and gnome-terminal might need --disable-factory, but the options sadly vary by version), and it's not easy to get it right on every system. Most unixes and linux distributions provide xterm, but some old Fedora/RHEL/CentOS provide X without xterm, so it's another dependency to think about.

The command launched by xterm -e sudo -- ... can then do the standard double-fork and setsid. Once the user has entered his password in the xterm, it goes away immediately, but your command runs in the background with elevated privileges. It can connect back to the original program using a socket or fifo to run as a root co-process.

The daemon or disown commands or similar might be useful if you want to wrap an existing application in a double-fork & setsid (eg, xterm -e sudo -- daemon system-config-network or perhaps xterm -e sudo -- bash -c "system-config-network & disown -a").

I executed this commands from RHEL5 gnome terminal, If I close the newely opened xterm window, then the system-config-network window also closed. I want the system-config-network window to be opened until I close it (or until ifup command has executed). — Rajasekhar, Jun 04 '12 at 07:20
Ah. On linux you'll probably want `setsid`(1) rather than `daemon`. That should do it fine. — Nicholas Wilson, Jun 04 '12 at 13:05

How to Open xterm window from a terminal and run a command in background from xterm?

3 Answers3