I am configuring a mesh visualization platform based on BATMAN which is called ALFRED (I guess the pun is intended by the makers!) and in doing so, a couple of commands need to be executed as the root user. I can easily run most of the commands using sudo but when I get to a cat command, sudo seems to not not have the required privileges.
For instance, to get the ALFRED server running I execute
$ sudo alfred -i br0 -m
and it runs properly and executes the command. But when I want to write to the UNIX socket using ALFRED, I execute the following command intending to write the host name to socket 64
$ sudo cat /etc/hostname | alfred -s 64
and I get the error
can't connect to unix socket: Permission denied
But when I switch to root user manually by su root and run
cat /etc/hostname | alfred -s 64
the command executes properly with no errors given and when I exit the root user and come back with the regular user, I can read the socket by invoking
$ sudo alfred -r 64
which is very odd. Just to make it stranger than it is, I wrote the cat /etc/hostname | alfred -s 64 command in a shell script and called it alfred_start.sh. Now I can easily run
$ sudo sh alfred_start.sh
and no errors are given.
I have found a way to work around the whole problem but the question still remains, WHY?
Are there different privileges associated with root that are not accessible through sudo?
I do not believe that BATMAN or ALFRED have anything to do with the whole matter and it probably has something to do with the permissions associated with writing to UNIX sockets. I would very much appreciate any help on this matter.
Advertisement
Answer
sudo is a normal command, which interacts with the calling shell in a normal way. In this pipeline:
sudo cat /etc/hostname | alfred -s 64
the command on the left is sudo cat /etc/hostname. It runs cat with elevated privileges. The command on the right has no sudo in it so the alfred process is not sudo-elevated.
Move the sudo to the right of the pipe. (I assume you don’t need elevated privileges to read your /etc/hostname!)
If you ever do need to sudo an entire pipeline, you must tell sudo to create priveleged shell, which then executes the pipeline supplied as a string, like this:
sudo sh -c 'something | something'
Other examples can be found in this question