you know there appears the text :

# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
  
when I invoke visudo. could this have something to do with this present challenge?
:-)~MIKE~(-:


On Sat, Jul 6, 2013 at 9:53 AM, Michael Havens <bmike1@gmail.com> wrote:
well I just 'vi /etc/group' and deleted <user>. Then <cnt><alt>T, sudo visudo  but it didn't ask for a pass word.
:-)~MIKE~(-:


On Sat, Jul 6, 2013 at 9:42 AM, Michael Havens <bmike1@gmail.com> wrote:
What do I run? I run an ubuntu derivative, Mint.
I only created one account on this computer (if I remember right).
this is a home used system. I only have one computer I can do this with so I am stuck with testing on it.
I don't think root's account has been locked in mint as I can 'su root' <password> and I am super user. Am I assuming correctly?
:-)~MIKE~(-:


On Sat, Jul 6, 2013 at 9:22 AM, James Dugger <james.dugger@gmail.com> wrote:
A few questions:

-What distro  are you using?
-Do you have more than one user account created on the system?
-Is your computer/system (the one you are doing this on) for testing only or is this a work/home used computer /system?

The reason that I ask is that it is good practice to test changes to a system that is not critical to your daily uses. This is especially true for Ubuntu where by default the root account is locked.  If you don't have a test system and you are using your daily useable system, then you should be testing these changes with a test user account not your only actual user account.

As to the reason that sudo still works without a password, I am not entirely sure but my guess is that the '#' in the /etc/group is being ignored.  Usually you remove the user from the group either by:

    gpasswd -d username group

or 

  editing the /etc/group and deleting the user from the sudo group.

Caution:  I would test this out with a test user rather than your personal user account if you are the only user on the system and root account has been disabled.



On Sat, Jul 6, 2013 at 7:28 AM, Michael Havens <bmike1@gmail.com> wrote:
Okay, so I have <user> added to group sudo in /etc/group.
tape:x:26:
sudo:x:27:bmike1
audio:x:29:pulse

I have the lines:

# Allow members of group sudo to execute any command
#sudo   ALL=(ALL:ALL) ALL
%sudo ALL=(ALL)  NOPASSWD:  ALL

in /etc/sudoers and as a result sudo no longer requires a password for my user. I then figured I would test this so I commented out my user in /etc/group (sudo:x:27:#<user>) and then opened a new terminal and typed in  'sudo visudo' fully expecting it to ask for a password but no password was requested. So what's up?
:-)~MIKE~(-:


On Fri, Jul 5, 2013 at 11:08 PM, James Dugger <james.dugger@gmail.com> wrote:
Either create a new group or use an exiting group that is not being used.  and then add the group to the sido script.  so for a new group:

1.  Add a new group to /etc/group with the following command:

    groupadd groupname (where groupname is a single word)

2.  Open the /etc/group file and add your username to your new group as discussed before.

3.  Open the sudo script file with visudo and add the groupname following stanza to the file:

%groupname ALL=(ALL) NOPASSWD:  ALL 

This is basically the same thing.  If you are the only user or admin on your system than this is overkill and you could just use the %sudo group stanza as discussed before.  However if you are planning or have serveral administrators that will have different permissions than it would be best to re-think not using passwords.  




---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
James

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss