sudoers mistake
Michael Havens
bmike1 at gmail.com
Sat Jul 6 10:00:37 MST 2013
you know there appears the text :
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
when I invoke visudo. could this have something to do with this present
challenge?
:-)~MIKE~(-:
On Sat, Jul 6, 2013 at 9:53 AM, Michael Havens <bmike1 at gmail.com> wrote:
> well I just 'vi /etc/group' and deleted <user>. Then <cnt><alt>T, sudo
> visudo but it didn't ask for a pass word.
> :-)~MIKE~(-:
>
>
> On Sat, Jul 6, 2013 at 9:42 AM, Michael Havens <bmike1 at gmail.com> wrote:
>
>> What do I run? I run an ubuntu derivative, Mint.
>> I only created one account on this computer (if I remember right).
>> this is a home used system. I only have one computer I can do this with
>> so I am stuck with testing on it.
>> I don't think root's account has been locked in mint as I can 'su root'
>> <password> and I am super user. Am I assuming correctly?
>> :-)~MIKE~(-:
>>
>>
>> On Sat, Jul 6, 2013 at 9:22 AM, James Dugger <james.dugger at gmail.com>wrote:
>>
>>> A few questions:
>>>
>>> -What distro are you using?
>>> -Do you have more than one user account created on the system?
>>> -Is your computer/system (the one you are doing this on) for testing
>>> only or is this a work/home used computer /system?
>>>
>>> The reason that I ask is that it is good practice to test changes to a
>>> system that is not critical to your daily uses. This is especially true for
>>> Ubuntu where by default the root account is locked. If you don't have a
>>> test system and you are using your daily useable system, then you should be
>>> testing these changes with a test user account not your only actual user
>>> account.
>>>
>>> As to the reason that sudo still works without a password, I am not
>>> entirely sure but my guess is that the '#' in the /etc/group is being
>>> ignored. Usually you remove the user from the group either by:
>>>
>>> gpasswd -d username group
>>>
>>> or
>>>
>>> editing the /etc/group and deleting the user from the sudo group.
>>>
>>> Caution: I would test this out with a test user rather than your
>>> personal user account if you are the only user on the system and root
>>> account has been disabled.
>>>
>>>
>>>
>>> On Sat, Jul 6, 2013 at 7:28 AM, Michael Havens <bmike1 at gmail.com> wrote:
>>>
>>>> Okay, so I have <user> added to group sudo in /etc/group.
>>>> tape:x:26:
>>>> sudo:x:27:bmike1
>>>> audio:x:29:pulse
>>>>
>>>> I have the lines:
>>>>
>>>> # Allow members of group sudo to execute any command
>>>> #sudo ALL=(ALL:ALL) ALL
>>>> %sudo ALL=(ALL) NOPASSWD: ALL
>>>>
>>>> in /etc/sudoers and as a result sudo no longer requires a password for
>>>> my user. I then figured I would test this so I commented out my user in
>>>> /etc/group (sudo:x:27:#<user>) and then opened a new terminal and typed in
>>>> 'sudo visudo' fully expecting it to ask for a password but no password was
>>>> requested. So what's up?
>>>> :-)~MIKE~(-:
>>>>
>>>>
>>>> On Fri, Jul 5, 2013 at 11:08 PM, James Dugger <james.dugger at gmail.com>wrote:
>>>>
>>>>> Either create a new group or use an exiting group that is not being
>>>>> used. and then add the group to the sido script. so for a new group:
>>>>>
>>>>> 1. Add a new group to /etc/group with the following command:
>>>>>
>>>>> groupadd groupname (where groupname is a single word)
>>>>>
>>>>> 2. Open the /etc/group file and add your username to your new group
>>>>> as discussed before.
>>>>>
>>>>> 3. Open the sudo script file with visudo and add the groupname
>>>>> following stanza to the file:
>>>>>
>>>>> %groupname ALL=(ALL) NOPASSWD: ALL
>>>>>
>>>>> This is basically the same thing. If you are the only user or admin
>>>>> on your system than this is overkill and you could just use the %sudo group
>>>>> stanza as discussed before. However if you are planning or have serveral
>>>>> administrators that will have different permissions than it would be best
>>>>> to re-think not using passwords.
>>>>>
>>>>>
>>>>>
>>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>> James
>>>
>>> *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130706/787cc985/attachment.html>
More information about the PLUG-discuss
mailing list