Guide - Security - How to use Octopi with root password

If you're like me, one of the first things you do on a new Garuda installation is edit /etc/sudoers.d/10-installer and comment out the line allowing users in the wheel group to execute any command. This is just common sense for me - if I have the root user enabled by default, I might as well use it, and if that is the case, then I shouldn't give the regular user any privileges.

After that I also change the user from administrator to standard through Garuda settings (this removes it completely from wheel group) and add it to the groups suggested by the GUI (audio, scanner, sys, etc.).

This setup allows for a pretty easy workflow for most things - when KDE needs elevated privileges, it just asks for root password. When I need to do stuff in the terminal, I just su and do my thing. But Octopi's update and install features really want to use sudo in the backend, and this is a GUI app that I really appreciate and wish to use as intended. So here is what we do:

Write a file in /etc/sudoers.d/octphelper containing the following:

Defaults targetpw
username ALL=(root) /usr/lib/octopi/octphelper -ts
username ALL=(root) /bin/sh -c unset LC_ALL; exec /usr/lib/octopi/octphelper -ts

[If you add just the first two lines, you will see at first it seems to work but then Octopi also wants you to be allowed to run /bin/sh -c unset LC_ALL; exec /usr/lib/octopi/octphelper -ts]

Now we can update from the Octopi notification icon, or install any app using Octopi, and the GUI will ask for root password. This will not allow your user to execute any other commands with the root password. You can create similar rules for pacman or update, or any command you wish really, just don't go all sudo crazy :crazy_face:

Soar on ~

5 Likes

Im trying to follow this but i get the following error?

Could not enter folder /etc/sudoers.d.

using Dolphin.

It needs elevated privs to view or edit the contents of /etc/sudoers.d.

4 Likes

cause a regular user is not permitted to go there.

right click in dolphin > root actions > open in file manager
this will launch dolphin as root.

It sure as hell shouldn't. I know it's there, but unless Garuda made changes that KDE developers expressly removed for good reason, then it should not and will not work on a vanilla Arch installation.

User can already enter any directory (some require elevated privileges), alter a file, and save it with the same elevated privileges. That is how KDE developers wanted it to be, and I remember when they did so.

I seem to recall Manjaro providing a work-around so that users could do as you've stated, but I hope it's not a hold-over brought into Garuda.

1 Like

It should be this one used:
https://aur.archlinux.org/packages/rootactions-servicemenu/

1 Like

@c00ter yes this does work on a default garuda installation since that package is installed. However it's highly recommended editing the file using the terminal

# micro /etc/sudoers.d/octphelper
1 Like

Hey, yeah I see the PKGBUILD in the AUR. Thanks! I might even unpucker enough to install it.
:wink:

Day 20 Smoke Free

EDIT: Scratch that. Think I'll install the latest Dragonized ISO, just because.

4 Likes

I just did last week just because as well :grinning_face_with_smiling_eyes:

3 Likes