oh man... you are great. That is what I was wondering. I was thinking I could satisfy what I wanted to do by:<div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">
<user> ALL=(ALL) ALL</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">but I guess I will just leave it as is.</div>
<div>:-)~MIKE~(-:</div>
<br><br><div class="gmail_quote">On Sat, Jul 6, 2013 at 3:59 PM, James Dugger <span dir="ltr"><<a href="mailto:james.dugger@gmail.com" target="_blank">james.dugger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">Mike, Try login out and logging back in.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">Also regarding the sudo file it helps to understand the basic parts of the stanza: Take the following 2 examples for a user named frank and a group named coolusers:</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
Example 1 - groups</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
%coolusers ALL=(ALL) ALL</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
%coolusers The % designates coolusers as a group and not a user.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">ALL= This means on all hosts, or any computer with this sudoer file that can connect.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">(ALL) This means 'all target users' , or in other words these privileges can be run as any user.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">ALL This means that all privileges are allowed.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">You could limit the permissions above in several ways. for instance if you had three computers with hostnames office, home, kids, you could change the stanza to limit the computer named kids from root privileges by:</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
%coolusers office,home=(ALL) ALL this means that office and home have all privileges, but kids does not.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
%coolusers ALL=(root) ALL This means all hosts have access but commands are run as root not as another user.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
%coolusers ALL=(ALL) path/to/program This means that all users in cooluser group only have access to the program listed in the path.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">Example 2 - user</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">frank ALL=(ALL) ALL This means frank has privileges to do everything from all hosts and can do it as any user.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">frank ALL=(root) ALL This means frank has privileges to do everything from all hosts but can only do so as the root user.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">frank ALL=(root) NOPASSWD: path/to/program1, path/to/program2 > This means that frank has privileges to program1 and program2 only as root but on all hosts and without a password.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
There are a lot more possible combinations and options, you could list them by typing man sudo at the command prompt in terminal to access them all.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra">
<br><br><div class="gmail_quote">On Sat, Jul 6, 2013 at 9:53 AM, Michael Havens <span dir="ltr"><<a href="mailto:bmike1@gmail.com" target="_blank">bmike1@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">well I just 'vi /etc/group' and deleted <user>. Then <cnt><alt>T, sudo visudo but it didn't ask for a pass word.<br clear="all">
<div>:-)~MIKE~(-:</div><div><div>
<br><br><div class="gmail_quote">On Sat, Jul 6, 2013 at 9:42 AM, Michael Havens <span dir="ltr"><<a href="mailto:bmike1@gmail.com" target="_blank">bmike1@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
What do I run? I run an ubuntu derivative, Mint.<div>I only created one account on this computer (if I remember right).</div><div>this is a home used system. I only have one computer I can do this with so I am stuck with testing on it.</div>
<div>I don't think root's account has been locked in mint as I can 'su root' <password> and I am super user. Am I assuming correctly?</div><div><div>:-)~MIKE~(-:</div><div><div>
<br><br><div class="gmail_quote">On Sat, Jul 6, 2013 at 9:22 AM, James Dugger <span dir="ltr"><<a href="mailto:james.dugger@gmail.com" target="_blank">james.dugger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">A few questions:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">-What distro are you using?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
-Do you have more than one user account created on the system?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">-Is your computer/system (the one you are doing this on) for testing only or is this a work/home used computer /system?</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
The reason that I ask is that it is good practice to test changes to a system that is not critical to your daily uses. This is especially true for Ubuntu where by default the root account is locked. If you don't have a test system and you are using your daily useable system, then you should be testing these changes with a test user account not your only actual user account.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
As to the reason that sudo still works without a password, I am not entirely sure but my guess is that the '#' in the /etc/group is being ignored. Usually you remove the user from the group either by:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"> gpasswd -d username group</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">or </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"> editing the /etc/group and deleting the user from the sudo group.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">Caution: I would test this out with a test user rather than your personal user account if you are the only user on the system and root account has been disabled.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div>On Sat, Jul 6, 2013 at 7:28 AM, Michael Havens <span dir="ltr"><<a href="mailto:bmike1@gmail.com" target="_blank">bmike1@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Okay, so I have <user> added to group sudo in /etc/group.<div><div><div>tape:x:26:</div>
<div>sudo:x:27:bmike1</div>
</div><div>audio:x:29:pulse</div><div><br></div><div><div>I have the lines:</div><div><div><br></div><div># Allow members of group sudo to execute any command</div>
</div><div>#sudo ALL=(ALL:ALL) ALL</div><div>%sudo ALL=(ALL) NOPASSWD: ALL</div><div><br></div><div>in /etc/sudoers and as a result sudo no longer requires a password for my user. I then figured I would test this so I commented out my user in /etc/group (sudo:x:27:#<user>) and then opened a new terminal and typed in 'sudo visudo' fully expecting it to ask for a password but no password was requested. So what's up?</div>
<div>:-)~MIKE~(-:</div><div>
<br><br><div class="gmail_quote">On Fri, Jul 5, 2013 at 11:08 PM, James Dugger <span dir="ltr"><<a href="mailto:james.dugger@gmail.com" target="_blank">james.dugger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-size:small;display:inline">Either create a new group or use an exiting group that is not being used. and then add the group to the sido script. so for a new group:</div>
<div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">1. Add a new group to /etc/group with the following command:</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="display:inline"> groupadd groupname (where groupname is a single word)</div></div><div>
<div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">2. Open the /etc/group file and add your username to your new group as discussed before.</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">3. Open the sudo script file with visudo and add the groupname following stanza to the file:</div>
</div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">%groupname ALL=(ALL) NOPASSWD: ALL </div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
This is basically the same thing. If you are the only user or admin on your system than this is overkill and you could just use the %sudo group stanza as discussed before. However if you are planning or have serveral administrators that will have different permissions than it would be best to re-think not using passwords. </div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(11,83,148)">
<br></div></div><div><br></div></div></blockquote></div></div></div></div>
<br></div></div><div>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></div></blockquote></div><span><font color="#888888"><br><br clear="all">
<div><br></div>-- <br><div dir="ltr">
<font color="#0b5394">James</font><div><br><span style="color:rgb(255,255,255)"><span style="background-color:rgb(11,83,148)"><b><a href="http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/" target="_blank"><span style="background-color:rgb(255,255,255)"><span></span><span style="color:rgb(11,83,148)">Linkedin<span></span></span></span></a></b></span></span><br>
</div></div>
</font></span></div>
<br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br></div></div></div>
</blockquote></div><br>
</div></div><br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<font color="#0b5394">James</font><div><br><span style="color:rgb(255,255,255)"><span style="background-color:rgb(11,83,148)"><b><a href="http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/" target="_blank"><span style="background-color:rgb(255,255,255)"><span></span><span style="color:rgb(11,83,148)">Linkedin<span></span></span></span></a></b></span></span><br>
</div></div>
</div>
</div></div><br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br></blockquote></div><br></div>