Everything In Between

While working on $client‘s Linux server last week, I found myself installing a cron job that ran as root. The cron job called a custom bash script that, in turn, called out to various custom maintenance tasks client had already written. One task in particular had to run as a different user.

During testing, I discovered that the odd-ball task failed to run, and found the following error in the system log:

sudo: sorry, you must have a tty to run sudo

I traced this error to a line trying to invoke a perl command as a user called dynamic:

sudo -u dynamic /usr/bin/perl run-periodic-tasks --load 5 --randomly

A simple Google search turned up an obvious solution to the error: use visudo to disable sudo’s tty requirement, allowing sudo to be invoked from any shell lacking a tty (including cron). This would have solved my problem, but it just felt wrong, dirty, and most troublingly insecure.

One reason why sudo ships with the requiretty option enabled by default is, among other reasons, to prevent remote users from exposing the root password over SSH. Disabling this security precaution for a simple maintenance task already running as root seemed totally unnecessary, not to mention irresponsible. Moreover, client‘s script didn’t even need a tty.

Thankfully, there’s a better way: use su --session-command and send the whole job to the background.

su --session-command="/usr/bin/perl run-periodic-tasks --load 5 --randomly" dynamic &

This line launches a new, non-login shell (typically bash) as the other user in a separate, background process and runs the command you passed using the shell’s -c option. Sending the command to the background (using &) continues execution of the rest of the cron job.

A process listing would look like this:

root     28109     1  0 17:10 ?        00:00:00 su --session-command=/usr/bin/perl run-periodic-tasks --load 5 --randomly dynamic
dynamic  28110 28109  0 17:10 ?        00:00:00 bash -c /usr/bin/perl run-periodic-tasks --load 5 --randomly

Note the parent process (PID 28109) is owned by root but the actual perl process (PID 28110) is being run as dynamic.

This in-script solution that replaces sudo -u user cmd with su --session-command=cmd user seems much better than relying on a change in sudo‘s default (and more secure) configuration to me.

Of the Ten Commandments, only 3 are phrased in the affirmative. The other 7 are phrased as negatives. Why? Doesn’t that seem kind of oppressive to anyone else?

Here’s the Ten Commandments as listed on Wikipedia:

1. I am the Lord your God
2. You shall not make for yourself an idol
3. You shall not make wrongful use of the name of your God
4. Remember the Sabbath and keep it holy
5. Honor your father and mother
6. You shall not murder
7. You shall not commit adultery
8. You shall not steal
9. You shall not bear false witness against your neighbor
10. You shall not covet your neighbor’s wife

Well, it certainly sounds like Insert-Your-Favorite-Deity is having a bit of a power trip. Let’s take a closer look at these commandments, but this time let’s phrase them all in the affirmative.

1. I am the Lord your God
2. You shall identify falsehoods and treat them as such
3. You shall respect the power of words, names, and language
4. Remember the Sabbath and keep it holy
5. Honor your father and mother
6. You shall let other living beings live
7. You shall honor the relationship contracts that you enter and those of others
8. You shall honor the property of others
9. You shall uphold truth as you have seen it
10. You shall strive for your own happiness

Doesn’t that sound infinitely better already? Interestingly, I feel that this rephrasing not only covers more ground (e.g., “You shall honor the property of others” turns “You shall not steal” into protections against stealing and vandalism), but it’s also a lot more inclusive of diversity.

Now let’s take this one step further and rephrase even the ones that were originally affirmative so that they not only reflect positive ideals, but also engender self-empowerment in the reader. Now my ten commandments read as follows:

1. I am lord over my own body and mind
2. I identify falsehoods and treat them as such
3. My power comes from words, names, and language
4. I honor my memories and choose my traditions
5. I honor my chosen family
6. I protect and create free life
7. I demand respect for the relationship contracts I enter and grant respect to those of others
8. I gift wealth to others
9. I uphold my own convictions
10. I spread joy

I wonder what kind of world we would live in today if this list had been the Ten Commandments so fervently adhered to. Since nothing in life is unchangeable, I’m going to start believing that these self-empowering words are the Ten Commandments for me.

• I ♥ my server logs, too. ;) ♺ @ConfidentInCali: Checking my server logs, some people read my blog at church! Presbyterians are kinky freaks. #
• Proud of myself for my Spanish translation at http://SexEdEverywhere.com. I impressed 2 native speakers! Vote to get us even more resources! #
• ♺ @KinkForAll Thinking abt your KinkForAll presentation topic yet? #KFASF #039;s only 15 days away! Read others' ideas+sign up http://tr.im/kfasf #
• Dear everyone, please #smile at a stranger today. It's good for you, for them, and for our planet. Sincerely, everyone else. Thank you! :) #
• Hang out w/me at 3PM Eastern, 12PM Pacific TOMORROW when I appear on San Francisco community radio. Listen live from http://FCCFreeRadio.com #
• ♺ @thesexademic "He said he didn't have a condom. [I said] that's fine; I was ready to be a mom…he magically [found one]" http://tfl.nu/4u76 #
• @seraglioletters @starletfallen Yay! Smiles are among the most viral contagions I know. Glad you keep spreading them around. Enjoy your day! in reply to seraglioletters #
• Reason №7624 why I love being an information worker: I've managed to make work for myself that necessitates consuming AND producing content. #
• ♺ @KinkOnTap Busty snowlady prompts anon complaint, cops ask family to "tone down" display. HEY ANON, GET OFF MY LAWN! http://icio.us/b0f0sz #
• Home after much-needed dinner socializing with @sarahdopp. Among other things, I realized I need to visit other SF neighborhoods more often. #
• I hate it when I'm full of #ideas but they don't make it to the outside of my head coherently no matter what form they try to take. #burnout #
• Augh. You know you need to take a break from work when you're stressing over what to wear to your RADIO interview the next day. #TimeToRelax #

• KinkForAll San Francisco venue contract signed+sealed+delivered: http://tr.im/QLJD Pls SIGN UP if you haven't yet: http://tr.im/kfasf #KFASF #
• ♺ @KinkForAll Signed up for KinkForAll San Francisco yet? It's free & helps us estimate participation levels! http://tr.im/kfasf Thx! #KFASF #
• Credit card statements are like little time machines. Every line-item is a #memory transporting me to the time or place I made the purchase. #
• Finally published my post abt #submission & how many people get it totally wrong: http://vb.ly/25cz I really need more hrs in my days. #BDSM #

• ♺ @agahran ROFL! Mark Fiore's cartoon is the BEST COMMENTARY EVER on #healthcare debate: http://bit.ly/cdqfYJ "Plummeting Death Reform" #hcr #
• ♺ @KinkForAll: You're invited to a free unconference about sexuality+life on Mar 21 at the Women's Bldg.! http://tr.im/kfasf RT this invite. #
• @pearlbear False! NY http://vimeo.com/tag:kfanyc DC http://vimeo.com/tag:kfadc RI http://vimeo.com/tag:kfapvd MA http://vimeo.com/tag:kfabos in reply to pearlbear #
• @SicknessNow Really? MaleSubmissionArt.com is a "femdom site"? What makes you say that? Looks more like a site about #submissive #men to me. in reply to SicknessNow #
• @furrygirl HOW DARE THAT GIRL HUG GOD! To depict God as though He can be encompassed by a child is BLASPHEMOUS! Not to mention PORNOGRAPHIC! in reply to furrygirl #
• Writing cheque for #KFASF at Women's Bldg. Covering an extra $220 myself cuz still short. Donate $10 to help me out? http://tr.im/kfasf Thx! #
• I feel completely worn out. Don't wanna think. Don't even wanna eat. Just wanna be cuddled. Which is why I don't wanna look at my empty bed. #
• Dear #Spanish speakers: is my best-effort #translation of http://SexEdEverywhere.com homepage content good enough? Can you improve it? #i18n #
• "Staying anonymous online can protect your job, your freedom of speech, & even your life." http://youtube.com/watch?v=9Y-bOO-2Ck4 ♺ @ioerror #
• Hilarious, eye-opening, and poignant: "Men Explaining #Birth #Control" http://ur1.ca/ofhj Associated post is a must-read: http://ur1.ca/ofi8 #
• I'm astounded by how much simpler and yet more effective #Google Docs's "inline comment" #features are over MS Word's "Track Changes." #KISS #
• #Vatican chorister sacked for allegedly procuring male prostitutes for papal gentleman-in-waiting http://ur1.ca/oflt Do they get a discount? #
• Impulse buy from http://ur1.ca/ofnl awesome #vulva Etsy shop is totally @pledgemistress's fault. I got a #pendant cuz FUCKYEAHVULVAPENDANTS! #

• Looking over contract for #KFASF at Women's Building on Mar 21. Almost there but I'm still $290 short. Can you donate at http://tr.im/kfasf? #
• http://j.mp/seeiwhc isn't leading cuz competition got 500+ votes in 1 day. Oh, Internet. :) S'ok; we're gonna do SEE anyway. /cc @audaciaray #
• @audaciaray Ya, I know. =) Frankly, I'm thrilled y'all have managed to get us actively sharing our sexual health promotion ideas! GREAT JOB! in reply to audaciaray #
• Working on my next presentation, possibly for #5MoF @Noisebridge in a couple weeks. Working title: "Community Organizing FOR GREAT JUSTICE!" #
• Dear all, pls wish @helio_girl health, happiness. She's feverish & slept all day. 1 way to show love: vote for SEE at http://j.mp/seeiwhc :) #
• Shout outs to @mrsexsmith, @saraeileen, Rachel, and Elizabeth for their donations to #KFASF We're only $220 away now! http://tr.im/kfasf :D #
• @heathercorinna @sarahdopp Sounds like "driven" to me. Could be manic but I do exactly the same thing & I'm better now that I'm off my meds. in reply to heathercorinna #
• Are you (or do you want to be) involved in a #social justice #community project? If so, what's most important to you about it & why? Thx. :) #
• @heathercorinna @sarahdopp Wait…there's a difference between "driven" & "completely off your nut?" Why did nobody tell me this years ago? :) in reply to heathercorinna #
• Switching frm 5MoF.net talk to long-brewing blog post on submissive masculinity was surprisingly productive. Good to have multiple projects. #
• @kristina_lloyd You did a fantastic job w/Erotica Cover Watch. I've learned lots from you. Please let us into what your new projects are! :) in reply to kristina_lloyd #

• ♺ @cand86: "You can safely assume you've created God in your own image when it turns out God hates all the same people you do." -Anne Lamott #
• Hm. Coffee Party (middle-class Americans) emerges from Facebook fan page in response to anti-gov't Tea Party: http://ur1.ca/o5fq #government #
• ♺ @KinkForAll: Some topics: "From Google to Gender," "Relationship Hacking." #KFASF merely $290 away! Can you donate $10? http://tr.im/kfasf #
• Inspired by @BarCamp, cool to see @KinkForAll inspiring. ♺ @writingdirty: http://twitpic.com/168mb6 ALL HAIL THE FLAMING SCREW. #SexGeekCamp #
• MaleSubmissionArt.com gets est 10k+ visitors/mo. http://twitpic.com/169h5x No direct tracking installed. Should I add Analytics? Why or not? #
• The focus people put on #schooling is misguided. Schooling has very little to do with learning. Focus on learning, not schooling. #education #
• @LiteratePervert I don't see the parallel you're making. Schooling is methodology. Does it influence learning? Sure, but is it the same? NO. in reply to LiteratePervert #
• @seraglioletters That's not true; my schooling ABSOLUTELY lead me to education, by forcing me to drop out out of school! /cc @SchoolSurvival in reply to seraglioletters #
• @seraglioletters I agree a methodology's success varies for individual. That was my point. ;) Focusing on schooling is losing sight of goal! in reply to seraglioletters #
• @seraglioletters LOL! So we're clear, I love challenges like the one you made! They force me to restate and reify arguments where necessary. in reply to seraglioletters #
• @LiteratePervert I think OPINIONS on "Intelligent Design" ARE as good as a biologist's. Note, tho, those folks are "schooled" strongly, too. in reply to LiteratePervert #
• @LiteratePervert I would encourage you to look up the word "opinion" in a dictionary. #Opinions need not necessarily be predicated on facts. in reply to LiteratePervert #
• ♺ @KinkOnTap: What do you think of Kink On Tap? Let us know w/ an iTunes #review http://tr.im/kotitunes or click "iTunes" at KinkOnTap.com! #
• @LiteratePervert Such opinions are surely ramblings of fools, but such ramblings surely have a connection to reality. ;) I'll step away now. in reply to LiteratePervert #
• "Masculinity is hot regardless of what genitals [he] might be sporting today." http://ur1.ca/o6wj Yup. Cuz #masculinity isn't about penises. #
• Ditto. ♺ @sarahdopp: Dear #NYC pls send someone to pick up @katebornstein. She's in a cab w/flat tire on the highway. I'll kiss you for it. #
• Up late putting some finishing touches on this episode of @KinkOnTap. I'm afraid I might just miss a midnight deadline, but not by too much. #
• I need your 1-click vote to help everyone on Earth SEE their sexual & reproductive #rights http://j.mp/seeiwhc Vote & RT to make it happen! #

• Excited by how quickly word-of-mouth is spreading news of #KFASF If you're thinking of coming don't forget to sign up at http://tr.im/kfasf #
• Empower #youth to spread knowledge of sexual #rights Vote for SexEdEverywhere w/1 click at IWHC.org: http://j.mp/seeiwhc Tell your friends! #
• Whoa, Free & web-based graphics software claiming to be as powerful as Adobe CS? http://Aviary.com looks fan-fucking-tastic. /via @sarahdopp #
• Did you know private #Internet browsing is a CRIME in some countries? http://censorshipresearch.org/video Free information. /via @austinheap #
• @bastique No, I don't think http://Aviary.com is open source, but I don't think #Adobe CS is #FLOSS either, right? #free #graphics #software in reply to bastique #
• ♺ @KinkForAll Can you donate $10 to make a sexuality unconference happen? http://tr.im/kfasf #KFASF has 4 days to raise $350 for venue cost. #
• Trying out the @WordPress full-screen visual #writing mode. Slick, but I'm so used to raw #HTML I wish there was a full-screen #source mode. #
• Tackling deeply-entrenched misconceptions is hard & often requires us to invent #terminology that doesn't exist. #Semantics are NOT trivial. #
• Yay!♺ @KinkOnTap Thrilled to confirm both @SarahSloane & @EssinEm for next Sunday! 2 of the rockingest alt sex educators on 1 show? Awesome! #
• Want to empower #youth to share their own #sexual #health knowledge? Help @helio_girl & I reach 1,000 votes before 3/25! http://j.mp/seeiwhc #
• @sarcozona @00Syd Yeah…I'm facing that now. It's very difficult to know how people will interpret what I write w/o base of shared knowledge. in reply to sarcozona #
• @writingdirty Sounds cool! Alter flame-in-flame icon more tho? http://twitpic.com/16476a looks like @KinkForAll. Options: http://ur1.ca/o2t4 in reply to writingdirty #
• ♺ @KinkForAll Less than 3wks to KinkForAll San Francisco, March 21 at the Women's Building! Coming? Sign up first! http://tr.im/kfasf #KFASF #
• I can haz #KFASF flyer? YESH! http://tr.im/Qlja Feel free to print & redistribute these flyers at will. It'll help get the word out! Thx! :) #

• Groggily waking up after much-needed 10hr night's rest & extra 1hr long snooze. Catching up on @KinkOnTap topics @helio_girl's been finding. #
• Thrilled to almost be halfway to #KFASF $$ goal! Wanna help make a free+open to public sexuality unconference in #SF See http://tr.im/kfasf #
• Shared my excitement for what I learned from @BillTaverner during #SexTech w/@helio_girl. I wanna win http://j.mp/seeiwhc more than ever! :) #
• LOL! ♺ @sexaminer When "a straight girl sticks something up a straight boy's ass bigoted State reps die a bit inside" http://strn.gr/3489193 #
• ♺ @helio_girl: Thinking of own experience, baffling the term #FemDom is so used. Dominance happens when submission has been given 1st. #BDSM #
• ♺ @nikolasco @ciphergoth: Web forms should be "mad-libs" style; 25-40% better user response http://j.mp/dALdgz #webdev #webdesign #usability #
• Boning up on articles for tonight's #KinkOnTap show. Lots of stuff being tweeted from @KinkOnTap. See "Newly Noted Links" http://ur1.ca/nx5o #
• Starting up tonight's @KinkOnTap. Watch live at http://Live.KinkOnTap.com right now. We've got tons of stuff to talk abt: http://ur1.ca/nx5o #
• The diverse #topics are what I love about @KinkOnTap. Tonight's guest, Marty, who made this video http://vimeo.com/9310463 made them better! #
• :D ♺ @calamusroot Listening to @KinkOnTap is making me flash back to listening to Loveline as teen. This is so much healthier. Ah, progress. #
• Now that @KinkOnTap's monthly finances are published http://ur1.ca/nxyx I'm back to #KFASF Bring your friends on Mar 21! http://tr.im/kfasf #
• Clueless Australian Senator filters phrase "ISP Filtering" from own site after #Internet criticism. http://bit.ly/cAqRBl /via @pomegranate02 #
• I've been invited for an interview on http://PirateCatRadio.com on March 7 at 12 noon! You'll be able to listen live online. Yay broadcasts! #
• Oops! Sorry ignore the link in last post. Correct link for my radio interview on March 7 at Noon is http://FCCFreeRadio.com. See ya then. :) #
• @vniow That's cool! Maybe I'll come early, you can show me around. Can't stay after the interview as I have to go home to record @KinkOnTap. in reply to vniow #
• CONGRATS! ♺ @filamentmag: Our amazing news: Filament to be distributed internationally (but not in the UK) More info at http://bit.ly/9BmCFh #
• Having hard time writing at http://MaleSubmissionArt.com recently. After http://ur1.ca/nye2 @MaleSubmission feels full of unwanted triggers. #