What do I run? I run an ubuntu derivative, Mint.<div>I only created one account on this computer (if I remember right).</div><div>this is a home used system. I only have one computer I can do this with so I am stuck with testing on it.</div>
<div>I don't think root's account has been locked in mint as I can 'su root' <password> and I am super user. Am I assuming correctly?</div><div><div>:-)~MIKE~(-:</div>
<br><br><div class="gmail_quote">On Sat, Jul 6, 2013 at 9:22 AM, James Dugger <span dir="ltr"><<a href="mailto:james.dugger@gmail.com" target="_blank">james.dugger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">A few questions:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">-What distro are you using?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
-Do you have more than one user account created on the system?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">-Is your computer/system (the one you are doing this on) for testing only or is this a work/home used computer /system?</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
The reason that I ask is that it is good practice to test changes to a system that is not critical to your daily uses. This is especially true for Ubuntu where by default the root account is locked. If you don't have a test system and you are using your daily useable system, then you should be testing these changes with a test user account not your only actual user account.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
As to the reason that sudo still works without a password, I am not entirely sure but my guess is that the '#' in the /etc/group is being ignored. Usually you remove the user from the group either by:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"> gpasswd -d username group</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">or </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"> editing the /etc/group and deleting the user from the sudo group.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">Caution: I would test this out with a test user rather than your personal user account if you are the only user on the system and root account has been disabled.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Sat, Jul 6, 2013 at 7:28 AM, Michael Havens <span dir="ltr"><<a href="mailto:bmike1@gmail.com" target="_blank">bmike1@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">Okay, so I have <user> added to group sudo in /etc/group.<div><div><div>tape:x:26:</div>
<div>sudo:x:27:bmike1</div>
</div><div>audio:x:29:pulse</div><div><br></div><div><div>I have the lines:</div><div><div><br></div><div># Allow members of group sudo to execute any command</div>
</div><div>#sudo ALL=(ALL:ALL) ALL</div><div>%sudo ALL=(ALL) NOPASSWD: ALL</div><div><br></div><div>in /etc/sudoers and as a result sudo no longer requires a password for my user. I then figured I would test this so I commented out my user in /etc/group (sudo:x:27:#<user>) and then opened a new terminal and typed in 'sudo visudo' fully expecting it to ask for a password but no password was requested. So what's up?</div>
<div>:-)~MIKE~(-:</div><div>
<br><br><div class="gmail_quote">On Fri, Jul 5, 2013 at 11:08 PM, James Dugger <span dir="ltr"><<a href="mailto:james.dugger@gmail.com" target="_blank">james.dugger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-size:small;display:inline">Either create a new group or use an exiting group that is not being used. and then add the group to the sido script. so for a new group:</div>
<div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">1. Add a new group to /etc/group with the following command:</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="display:inline"> groupadd groupname (where groupname is a single word)</div></div><div>
<div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">2. Open the /etc/group file and add your username to your new group as discussed before.</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">3. Open the sudo script file with visudo and add the groupname following stanza to the file:</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">%groupname ALL=(ALL) NOPASSWD: ALL </div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
This is basically the same thing. If you are the only user or admin on your system than this is overkill and you could just use the %sudo group stanza as discussed before. However if you are planning or have serveral administrators that will have different permissions than it would be best to re-think not using passwords. </div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div></div><div><br></div></div></blockquote></div></div></div></div>
<br></div></div><div class="im">---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></div></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all">
<div><br></div>-- <br><div dir="ltr">
<font color="#0b5394">James</font><div><br><span style="color:rgb(255,255,255)"><span style="background-color:rgb(11,83,148)"><b><a href="http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/" target="_blank"><span style="background-color:rgb(255,255,255)"><span></span><span style="color:rgb(11,83,148)">Linkedin<span></span></span></span></a></b></span></span><br>
</div></div>
</font></span></div>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br></div>