sudoers mistake

Fri Jul 5 23:08:23 MST 2013

Either create a new group or use an exiting group that is not being used.
 and then add the group to the sido script.  so for a new group:

1.  Add a new group to /etc/group with the following command:

    groupadd groupname (where groupname is a single word)

2.  Open the /etc/group file and add your username to your new group as
discussed before.

3.  Open the sudo script file with visudo and add the groupname following
stanza to the file:

%groupname ALL=(ALL) NOPASSWD:  ALL

This is basically the same thing.  If you are the only user or admin on
your system than this is overkill and you could just use the %sudo group
stanza as discussed before.  However if you are planning or have serveral
administrators that will have different permissions than it would be best
to re-think not using passwords.

On Fri, Jul 5, 2013 at 10:20 PM, James Dugger <james.dugger at gmail.com>wrote:

> Mike,
>
> Having not seen the original condition of your sudo script file I could
> only guess.  However members of the sudo group listed in /etc/group will
> only be given complete root privileges if the line "%sudo ALL=(ALL)  ALL"
> ;
>
> 1. Exists in the file.
> 2. It is uncommented (the '#' at the beginning is removed).
>
> Additionally those in the sudo group will not have to type a password if
> the  "NOPASSWD:" option is:
>
> 1.  Added to the %sudo line described above, or
> 2.  It that original line is commented out and a new line with the option
> is added to it.
>
> I hope this clarifies things a little.
>
>
>
>
> On Fri, Jul 5, 2013 at 9:59 PM, Michael Havens <bmike1 at gmail.com> wrote:
>
>> Thanks James. Now it is acting like I want it to. But what about the
>> thing where people were telling me to add the user to the group sudo? Why
>> do you think that wasn't working?
>> :-)~MIKE~(-:
>>
>>
>> On Fri, Jul 5, 2013 at 9:39 PM, James Dugger <james.dugger at gmail.com>wrote:
>>
>>> Mike, the comment symbol in the sudo file is a '#' not a '%'.  The % in
>>> the sudo file flags the parser to read the attached trailing letters as a
>>> group.
>>>
>>> Leave the line in /etc/group as you have it.
>>>
>>> comment out the line:
>>>
>>>       sudo ALL=(ALL:ALL) ALL
>>>
>>> Like this:
>>>
>>>       # sudo ALL=(ALL:ALL)  ALL
>>>
>>> and add a new line below it like this:
>>>
>>>       %sudo ALL=(ALL)  NOPASSWD:  ALL
>>>
>>> and also remove the following line completely from visudo
>>>
>>>       bmike1 ALL=(ALL:ALL) ALL
>>>
>>>
>>>
>>>  On Fri, Jul 5, 2013 at 9:07 PM, Michael Havens <bmike1 at gmail.com>wrote:
>>>
>>>> /etc/group
>>>> ...
>>>> floppy:x:25:
>>>> tape:x:26:
>>>> sudo:x:27:bmike1 <-relevant line
>>>> audio:x:29:pulse
>>>> dip:x:30:bmike1
>>>> /etc/sudoers
>>>> ...
>>>> # Members of the admin group may gain root privileges
>>>> %admin ALL=(ALL) ALL
>>>>
>>>> # Allow members of group sudo to execute any command
>>>> %sudo   ALL=(ALL:ALL) ALL
>>>> <-relevant line
>>>>
>>>> # See sudoers(5) for more information on "#include" directives:
>>>>
>>>> Isn't the line that is commented out supposed to be that way,,,, wait a
>>>> second! If I remember correctly the '%' is a comment symbol too. (if I
>>>> rember right I was messing with a file that used % signs to comment out
>>>> lines. I'll try removing it and see what happens.
>>>> ,....
>>>> Well I uncomented it and now the error is:
>>>>
>>>> $ sudo visudo
>>>> bmike1 is not in the sudoers file.  This incident will be reported.
>>>> (I'm terrified! lol)
>>>>
>>>> So to me this is saying to put the line:
>>>>
>>>> bmike1   ALL=(ALL:ALL) ALL
>>>>
>>>> under the line:
>>>>
>>>> sudo   ALL=(ALL:ALL) ALL
>>>>
>>>> so it looks like:
>>>>
>>>> # Allow members of group sudo to execute any command
>>>> sudo   ALL=(ALL:ALL) ALL
>>>> <-relevant line
>>>> bmike1   ALL=(ALL:ALL) ALL
>>>> <-relevant line
>>>>
>>>>
>>>> but you were saying I should just need to add my userid to the group
>>>> sudo (which, as shown, is already done). So I am at a loss! What should I
>>>> do.
>>>>
>>>> Also, would someone explain the difference between usin a pound symbol
>>>> and a percent when commenting lines.
>>>>
>>>> :-)~MIKE~(-:
>>>>
>>>>
>>>> On Fri, Jul 5, 2013 at 7:51 PM, James Dugger <james.dugger at gmail.com>wrote:
>>>>
>>>>> Mike,
>>>>>
>>>>> Don't know if it was explained above but the % symbol infront of the
>>>>> names in the sudo file is the reference for a group listed in the
>>>>> /etc/group file.  So the line
>>>>>
>>>>> %sudo ALL=(ALL:ALL) NOPASSWORD : ALL
>>>>>
>>>>> When uncommented (remove the # in front if it exists) tells Linux to
>>>>> allow anyone in the sudo group access to ALL commands as root without a
>>>>> password.  All you have to do is make sure this line is uncommented using
>>>>> visudo.
>>>>>
>>>>> Then you would edit the /etc/group and add your username to the 'sudo'
>>>>> group line after the ':' on that line.  If there is already another user
>>>>> listed simply add a comma to the end of the previous name then a space and
>>>>> add your username at the end (without a comma after your username).
>>>>>
>>>>> Caution:  This gives any and all users that are part of the sudo group
>>>>> complete root privileges without password requirements.  If this is an
>>>>> issue you can depending on your distro instead use the %wheel group listing
>>>>> in the sudo file. If the %wheel stanza exists (same as the %sudo ...
>>>>> above) and there is a group named wheel in /etc/group you could use this in
>>>>> lieu of %sudo.
>>>>>
>>>>> Hope this helps.
>>>>>
>>>>>
>>>>> On Fri, Jul 5, 2013 at 12:38 PM, Robert Holtzman <holtzm at cox.net>wrote:
>>>>>
>>>>>> On Thu, Jul 04, 2013 at 04:48:42PM -0700, Michael Havens wrote:
>>>>>> > regardless, how do I fix sudoers?
>>>>>>
>>>>>> By deleting the sudoers file and renaming the sudoers.bak file to
>>>>>> sudoers. Uh, you *did* make a backup of the sudoers file...didn't you?
>>>>>>
>>>>>> --
>>>>>> Bob Holtzman
>>>>>> If you think you're getting free lunch,
>>>>>> check the price of the beer.
>>>>>> Key ID: 8D549279
>>>>>>
>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>> Version: GnuPG v1.4.10 (GNU/Linux)
>>>>>>
>>>>>> iEYEARECAAYFAlHXIKEACgkQv5BYD41UknldegCfT3gS7Xi65I3B50S0QtO+cqR6
>>>>>> bigAnRZbTvl8BpOJsRBbqm4r7qRq5zbl
>>>>>> =DWfp
>>>>>> -----END PGP SIGNATURE-----
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> James
>>>>>
>>>>> *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>> James
>>>
>>> *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> James
>
> *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
>

-- 
James

*Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130705/b081a099/attachment.html>