Michael,
The following line:
%sudo ALL=(ALL) NOPASSWD: ALL
literally means:
ALL users in the sudo group can execute ALL commands as ALL users from ALL places without a password.
Without any lines after this. The only thing that you would need to do is add users to the sudo group (/etc/group). Thus the line:
$ sudo useradd -G sudo <user>The %sudo portion of the stanza tells Linux to look in the /etc/group file for a line starting with "sudo" and include any users listed on that line in the sudo group. This way you don't have to add them individually as separate lines in the sudoers file. For example lets say you have 3 users (john, jane, sam) that you want to have sudo rights w/o a password. It could be done in one of two ways:
1st- in sudoersjane ALL=(ALL) NOPASSWD: ALLjohn ALL=(ALL) NOPASSWD: ALLsam ALL=(ALL) NOPASSWD: ALLor2nd - in sudoers and /etc/group%sudo ALL=(ALL) NOPASSWD: ALLin /etc/groupsudo:x:##:john,jane,samBoth work but programmatically the 2nd option eliminates redundant code when writing scripts and allows the use of additional shell commands (and arguably more simple ones) to be used to maintain file changes (i.e. sudo useradd -a -G sudo <user>). When scripting it is easier add the use of usermod and useradd to a script than to use commands like sed -i and then having to escape special characters like "%, (, and )" when making changes or updates.
On Mon, Jul 14, 2014 at 7:48 PM, Michael Havens <bmike1@gmail.com> wrote:
I was wondering: these are the instructions I was given to make it so I don't need to input my password after I sudo.---sudo visudo<password>comment out the line:%sudo ALL=(ALL:ALL) ALLand add a new line below it like this:%sudo ALL=(ALL) NOPASSWD: ALLsudo useradd -G sudo <user>---I was thinking that with the script being like that I probably don't need the last line because the way it is I am telling it no one needs a password with sudo. It would probably be more secure to have:%sudo ALL=(ALL) NOPASSWD: <desired users>is that correct? If I had multiple users who I wanted to not use a password would I separate the users with a space or comma? If I only wanted one user to be able to sudo it would be:%sudo <user>=(ALL) NOPASSWD: <user>what is the point of th ALL surrounded by parentheses?:-)~MIKE~(-:---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--James
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss