1

Inside Emacs it's possible to run a shell command under sudo by doing the following:

(let ((default-directory "/sudo::"))
 (shell-command "the-command-that-requires-sudo-access"))

That will prompt for the sudo password and run the command under sudo.

Is it possible to do the same thing with shell-command-on-region?

I have a filter program that requires sudo access to operate, even if it operates on a file on which I have full user-level control. The program is au-filter a bash script I wrote. I tried the following but that does not prompt for the sudo password as the first example above does.

(defun my-sudo-auformat ()
  "Run au-format under sudo."
  (interactive)
  (let ((default-directory "/sudo::"))
    (shell-command-on-region (region-beginning) (region-end) "au-format")))

Is this expected? Should I use some other process function instead of shell-command-on-region for this purpose? From what I see from this SO Q/A , shell-command-on-region does not support Tramp remote execution. Does this mean that unless shell-command-on-region is modified my second function cannot work properly and all I can do is use a modification of the first example to process a complete file and not some lines of a buffer in this case?

And if that's the case, is there any other existing function that could be used to achieve what I'd like to do?

Edit - Clarification: I am looking for away to do it completely inside of Emacs; ie. without the need for an external program that will pop an UI/GUI to prompt for the sudo password. The sudo prompt would show up inside on buffer of my Emacs session.

A method I would be able to use:

  1. when I edit files on my local host running a program locally and,
  2. edit files on a remote host and execute the program running on the remote host. In the scenario 2 I could ssh to the remote host and run Emacs on that remote host.

If there was a way to use Emacs on the local host and use Tramp to process the remote files using the remote program that would be a bonus but it's not the focus of this question.

Improve this question
5
  • Does this help?
    – NickD
    Commented Feb 25 at 14:56
  • I haven't tried Emacs 30.1 yet (still using 29.4 for this) but I don't see any Tramp method that would help. I'm using Tramp a lot. If I only need to access a file as being sudo then I can use the /::sudo/path/to/the/file and that works. But that's not exactly my scenario. I open /a/file on which I have full access. Then inside the buffer visiting that file I want to filter it's content with a script that needs access to a restricted resource and I need to run that script under sudo.
    – PRouleau
    Commented Feb 25 at 15:42
  • What I'm doing exactly is this: 1) I copy a /var/log/audit/audit.log file somewhere, using sudo and change ownership so I can edit that file. 2) I open this file inside an Emacs buffer. 3) I select a set of log lines and want them reformatted by a script I wroteL au-format. I use C-u M-| for that. The au-format script needs to execute ausearch to perform some reformatting. That requires access to the /var/log/audit/audit.log file, which requires sudo access. I have work-arounds. I'm just trying to automate this.
    – PRouleau
    Commented Feb 25 at 15:46
  • @NickD The au-format script I use is here: github.com/pierre-rouleau/usrhome/blob/main/bin/linux/au-format. I use it when looking into SELinux AVC violations to reformat the audit log into something that is more human-friendly.
    – PRouleau
    Commented Feb 25 at 15:48
  • And by the way, I'm operating on the local host. I ssh into a host, login, use Bash, run Emacs in that Bash shell. The audit log file is located inside that host.
    – PRouleau
    Commented Feb 25 at 15:54

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.