I have a UDEV rule set up to change the power settings on the phone depending on whether or not I’m connected to my Nexdock, basically I disable and enable the screen blanking depending on whether or not I’m connected.
I’d also like to change the brightness settings depending on this condition as well which is basically adjusting the value inside /sys/class/backlight/backlight-dsi/brightness.
I’ve tried putting in an exception in the sudoers-d directory to no avail. It continues to ask for a password. Has anyone accomplished a similar thing by having a script run as root without password prompt?
I see the problem, sorry, my mad.
Maybe have a script run as root as a cron job at boot. But make sure the script is running continuously and checking what you need to check and doing what you need doing. Like a while(ture){code} function in C.
Yeah that might do it, seems a bit brute force tho to have that running all the time when I already have a way to trigger it with a UDEV rule.
I know you can specify specific scripts in sudoers to run without a password but it just doesn’t seem to work on the L5, mind you I haven’t tried it on any other linux platform either. Supposedly it should work if it’s at the bottom of the sudoers file or if you put a separate file in the sudoers-d directory it should execute those after all the other lines in the sudoers file.
I’m just wondering if there is something peculiar about the L5 that is blocking that from happening.
The udev man page I think is suggesting you use a service for this kind of thing.
Also, putting that to one side, what user does the command run as by default? Do you actually need to use sudo?
Also note from the udev man page the various restrictions on what you should (not) run as a command e.g. don’t want to be blocking / no network access etc.
It definitely used to work on the Librem 5 - because it used to default that way and I didn’t like that (for security reasons) so I changed it on my phone to require a password. It is possible that the default flipped to secure in byzantium.
Also note that there are permissions restrictions (can’t be too permissive) for files in the sudo config i.e. in order to prevent you shooting yourself in the foot. So be careful with ownership and permissions.
I know it will not run without sudo and I accept the security issue. That’s why I was hoping to use the sudoers file to only allow that one scirpt to run without a password.
On thé librem5 i did not achieve wirh cron except activating thé root account but i round this not secure.
So i did that with a systemd service .
Create a service “at boot” (for instance), with this script (just complete the ExecStart variable):
Yeah I think that’s what people are missing. I already have the trigger for the script, all I need is a way to have it run as root without a password, and I’m prepared to accept the potential security issue of running JUST that script without password.
activate (unexpire) the root account, then crontab root will work, but it is not recommended to do it like this
Or
use a systemd service.
But i would be glad to know a third one …because I searched a long time to run a root script without password for a cron job. Systemd can do the same as cron and even more (note triggers possibilities)
I use this to autowakeup from suspend my librem5 every x minutes in order to get my xmpp (Dino) messages., and the same to backup /etc , /var …etc. (Which requires root without password)
Maybe udev has triggers that better fit your needs, indeed.
It seems like adding the script to the sudoers file or a fille in the sudoers.d directory does not get respected. Is this something that has been depricated?
Yes, but not triggered directly from udev via RUN+=... - instead indirectly via a service i.e. TAG+="systemd", ENV{SYSTEMD_WANTS}=...
Not that I am aware of - but man udev does note that the command that runs directly from udev runs in a sandbox and perhaps that is interfering with your intentions.
Can I add another RUN statement in here for this same rule? Actually I don’t want to make the brightness change in here because I need to use the hotplug script to evaluate whether or not the L5 is plugged into my Nexdock. Or can I just change the brightness setting with an “add” statement when connected and a “remove” when unplugged?