<div dir="ltr"><div class="gmail_default" style="font-size:small;display:inline">Either create a new group or use an exiting group that is not being used. and then add the group to the sido script. so for a new group:</div>
<div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">1. Add a new group to /etc/group with the following command:</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="display:inline"> groupadd groupname (where groupname is a single word)</div></div><div>
<div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">2. Open the /etc/group file and add your username to your new group as discussed before.</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">3. Open the sudo script file with visudo and add the groupname following stanza to the file:</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">%groupname ALL=(ALL) NOPASSWD: ALL </div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
This is basically the same thing. If you are the only user or admin on your system than this is overkill and you could just use the %sudo group stanza as discussed before. However if you are planning or have serveral administrators that will have different permissions than it would be best to re-think not using passwords. </div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div></div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="display:inline"> </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:rgb(11,83,148);display:inline">
</div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jul 5, 2013 at 10:20 PM, James Dugger <span dir="ltr"><<a href="mailto:james.dugger@gmail.com" target="_blank">james.dugger@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
Mike,</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif">Having not seen the original condition of your sudo script file I could only guess. However members of the sudo group listed in /etc/group will only be given complete root privileges if the line "</font><span style="color:rgb(11,83,148);font-family:arial,helvetica,sans-serif">%sudo ALL=(ALL) ALL" ;</span></div>
<div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif"><br></font></div><div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif">1. Exists in the file.</font></div>
<div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif">2. It is uncommented (the '#' at the beginning is removed).</font></div><div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif"><br>
</font></div><div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif">Additionally those in the sudo group will not have to type a password if the "NOPASSWD:" option is:</font></div>
<div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif"><br></font></div><div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif">1. Added to the %sudo line described above, or</font></div>
<div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif">2. It that original line is commented out and a new line with the option is added to it.</font></div><div class="gmail_default">
<font color="#0b5394" face="arial, helvetica, sans-serif"><br></font></div><div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif">I hope this clarifies things a little.</font></div><div class="gmail_default">
<span style="color:rgb(11,83,148);font-family:arial,helvetica,sans-serif"><br></span></div><div class="gmail_default"><span style="color:rgb(11,83,148);font-family:arial,helvetica,sans-serif"> </span><br></div></div><div class="HOEnZb">
<div class="h5"><div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, Jul 5, 2013 at 9:59 PM, Michael Havens <span dir="ltr"><<a href="mailto:bmike1@gmail.com" target="_blank">bmike1@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks James. Now it is acting like I want it to. But what about the thing where people were telling me to add the user to the group sudo? Why do you think that wasn't working?<br clear="all"><div>:-)~MIKE~(-:</div><div>
<div>
<br><br><div class="gmail_quote">On Fri, Jul 5, 2013 at 9:39 PM, James Dugger <span dir="ltr"><<a href="mailto:james.dugger@gmail.com" target="_blank">james.dugger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">Mike, the comment symbol in the sudo file is a '#' not a '%'. The % in the sudo file flags the parser to read the attached trailing letters as a group.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
Leave the line in /etc/group as you have it.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
comment out the line:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
sudo ALL=(ALL:ALL) ALL </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
Like this:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
# sudo ALL=(ALL:ALL) ALL</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
and add a new line below it like this:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
%sudo ALL=(ALL) NOPASSWD: ALL</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
and also remove the following line completely from visudo</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
bmike1 ALL=(ALL:ALL) ALL</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
<div>
On Fri, Jul 5, 2013 at 9:07 PM, Michael Havens <span dir="ltr"><<a href="mailto:bmike1@gmail.com" target="_blank">bmike1@gmail.com</a>></span> wrote:<br></div><div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
/etc/group<div><div>...</div><div>floppy:x:25:</div><div>tape:x:26:</div><div>sudo:x:27:bmike1 <-relevant line</div><div>audio:x:29:pulse</div><div>dip:x:30:bmike1</div><div>/etc/sudoers</div><div><div>...</div><div>
<div># Members of the admin group may gain root privileges</div>
<div>%admin ALL=(ALL) ALL</div><div><br></div><div># Allow members of group sudo to execute any command</div></div><div>%sudo ALL=(ALL:ALL) ALL <-relevant line</div><div>
<div><br></div><div>
# See sudoers(5) for more information on "#include" directives:</div><div><br></div></div></div><div>Isn't the line that is commented out supposed to be that way,,,, wait a second! If I remember correctly the '%' is a comment symbol too. (if I rember right I was messing with a file that used % signs to comment out lines. I'll try removing it and see what happens.</div>
<div>,....</div><div>Well I uncomented it and now the error is:</div><div><div><br></div><div>$ sudo visudo</div><div>bmike1 is not in the sudoers file. This incident will be reported. (I'm terrified! lol)</div></div>
<div><br></div><div>So to me this is saying to put the line:</div><div><div><br></div><div>bmike1 ALL=(ALL:ALL) ALL</div></div><div><br></div><div>under the line:</div><div><br></div><div><div>sudo ALL=(ALL:ALL) ALL</div>
</div><div><br></div><div>so it looks like:</div><div><br></div><div><div><div># Allow members of group sudo to execute any command</div></div><div>sudo ALL=(ALL:ALL) ALL <-relevant line</div>
</div><div><div>bmike1 ALL=(ALL:ALL) ALL <-relevant line</div></div><div><br></div><div><br></div><div>but you were saying I should just need to add my userid to the group sudo (which, as shown, is already done). So I am at a loss! What should I do.</div>
<div><br></div><div>Also, would someone explain the difference between usin a pound symbol and a percent when commenting lines.</div><div><br></div><div>:-)~MIKE~(-:</div><div><div>
<br><br><div class="gmail_quote">On Fri, Jul 5, 2013 at 7:51 PM, James Dugger <span dir="ltr"><<a href="mailto:james.dugger@gmail.com" target="_blank">james.dugger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">Mike,</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">Don't know if it was explained above but the % symbol infront of the names in the sudo file is the reference for a group listed in the /etc/group file. So the line </div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
%sudo ALL=(ALL:ALL) NOPASSWORD : ALL </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
When uncommented (remove the # in front if it exists) tells Linux to allow anyone in the sudo group access to ALL commands as root without a password. All you have to do is make sure this line is uncommented using visudo.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
Then you would edit the /etc/group and add your username to the 'sudo' group line after the ':' on that line. If there is already another user listed simply add a comma to the end of the previous name then a space and add your username at the end (without a comma after your username).</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default"><font color="#0b5394" face="arial, helvetica, sans-serif">Caution: This gives any and all users that are part of the sudo group complete root privileges without password requirements. If this is an issue you can depending on your distro instead use the %wheel group listing in the sudo file. If the %wheel stanza </font><span style="color:rgb(11,83,148);font-family:arial,helvetica,sans-serif">exists </span><span style="color:rgb(11,83,148);font-family:arial,helvetica,sans-serif">(same as the %sudo ... above) and there is a group named wheel in /etc/group you could use this in lieu of %sudo.</span></div>
<div class="gmail_default"><span style="color:rgb(11,83,148);font-family:arial,helvetica,sans-serif"><br></span></div><div class="gmail_default"><span style="color:rgb(11,83,148);font-family:arial,helvetica,sans-serif">Hope this helps. </span></div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jul 5, 2013 at 12:38 PM, Robert Holtzman <span dir="ltr"><<a href="mailto:holtzm@cox.net" target="_blank">holtzm@cox.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On Thu, Jul 04, 2013 at 04:48:42PM -0700, Michael Havens wrote:<br>
> regardless, how do I fix sudoers?<br>
<br>
</div>By deleting the sudoers file and renaming the sudoers.bak file to<br>
sudoers. Uh, you *did* make a backup of the sudoers file...didn't you?<br>
<span><font color="#888888"><br>
--<br>
Bob Holtzman<br>
If you think you're getting free lunch,<br>
check the price of the beer.<br>
Key ID: 8D549279<br>
</font></span><br>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.10 (GNU/Linux)<br>
<br>
iEYEARECAAYFAlHXIKEACgkQv5BYD41UknldegCfT3gS7Xi65I3B50S0QtO+cqR6<br>
bigAnRZbTvl8BpOJsRBbqm4r7qRq5zbl<br>
=DWfp<br>
-----END PGP SIGNATURE-----<br>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><span><font color="#888888"><br></font></span></blockquote></div>
<span><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<font color="#0b5394">James</font><div><br><span style="color:rgb(255,255,255)"><span style="background-color:rgb(11,83,148)"><b><a href="http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/" target="_blank"><span style="background-color:rgb(255,255,255)"><span></span><span style="color:rgb(11,83,148)">Linkedin<span></span></span></span></a></b></span></span><br>
</div></div>
</font></span></div>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br></div></div></div>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div></div></div><span><font color="#888888"><br>
<br clear="all"><div><br></div>-- <br><div dir="ltr">
<font color="#0b5394">James</font><div><br><span style="color:rgb(255,255,255)"><span style="background-color:rgb(11,83,148)"><b><a href="http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/" target="_blank"><span style="background-color:rgb(255,255,255)"><span></span><span style="color:rgb(11,83,148)">Linkedin<span></span></span></span></a></b></span></span><br>
</div></div>
</font></span></div>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br>
</div></div><br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<font color="#0b5394">James</font><div><br><span style="color:rgb(255,255,255)"><span style="background-color:rgb(11,83,148)"><b><a href="http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/" target="_blank"><span style="background-color:rgb(255,255,255)"><span></span><span style="color:rgb(11,83,148)">Linkedin<span></span></span></span></a></b></span></span><br>
</div></div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font color="#0b5394">James</font><div><br><span style="color:rgb(255,255,255)"><span style="background-color:rgb(11,83,148)"><b><a href="http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/" target="_blank"><span style="background-color:rgb(255,255,255)"><span></span><span style="color:rgb(11,83,148)">Linkedin<span></span></span></span></a></b></span></span><br>
</div></div>
</div>