Re: sudoers mistake

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: James Dugger
Date:  
To: Main PLUG discussion list
Subject: Re: sudoers mistake
Mike, the comment symbol in the sudo file is a '#' not a '%'. The % in the
sudo file flags the parser to read the attached trailing letters as a group.

Leave the line in /etc/group as you have it.

comment out the line:

      sudo ALL=(ALL:ALL) ALL


Like this:

      # sudo ALL=(ALL:ALL)  ALL


and add a new line below it like this:

      %sudo ALL=(ALL)  NOPASSWD:  ALL


and also remove the following line completely from visudo

      bmike1 ALL=(ALL:ALL) ALL




On Fri, Jul 5, 2013 at 9:07 PM, Michael Havens <> wrote:

> /etc/group
> ...
> floppy:x:25:
> tape:x:26:
> sudo:x:27:bmike1 <-relevant line
> audio:x:29:pulse
> dip:x:30:bmike1
> /etc/sudoers
> ...
> # Members of the admin group may gain root privileges
> %admin ALL=(ALL) ALL
>
> # Allow members of group sudo to execute any command
> %sudo ALL=(ALL:ALL) ALL
> <-relevant line
>
> # See sudoers(5) for more information on "#include" directives:
>
> Isn't the line that is commented out supposed to be that way,,,, wait a
> second! If I remember correctly the '%' is a comment symbol too. (if I
> rember right I was messing with a file that used % signs to comment out
> lines. I'll try removing it and see what happens.
> ,....
> Well I uncomented it and now the error is:
>
> $ sudo visudo
> bmike1 is not in the sudoers file. This incident will be reported. (I'm
> terrified! lol)
>
> So to me this is saying to put the line:
>
> bmike1 ALL=(ALL:ALL) ALL
>
> under the line:
>
> sudo ALL=(ALL:ALL) ALL
>
> so it looks like:
>
> # Allow members of group sudo to execute any command
> sudo ALL=(ALL:ALL) ALL
> <-relevant line
> bmike1 ALL=(ALL:ALL) ALL
> <-relevant line
>
>
> but you were saying I should just need to add my userid to the group sudo
> (which, as shown, is already done). So I am at a loss! What should I do.
>
> Also, would someone explain the difference between usin a pound symbol and
> a percent when commenting lines.
>
> :-)~MIKE~(-:
>
>
> On Fri, Jul 5, 2013 at 7:51 PM, James Dugger <>wrote:
>
>> Mike,
>>
>> Don't know if it was explained above but the % symbol infront of the
>> names in the sudo file is the reference for a group listed in the
>> /etc/group file. So the line
>>
>> %sudo ALL=(ALL:ALL) NOPASSWORD : ALL
>>
>> When uncommented (remove the # in front if it exists) tells Linux to
>> allow anyone in the sudo group access to ALL commands as root without a
>> password. All you have to do is make sure this line is uncommented using
>> visudo.
>>
>> Then you would edit the /etc/group and add your username to the 'sudo'
>> group line after the ':' on that line. If there is already another user
>> listed simply add a comma to the end of the previous name then a space and
>> add your username at the end (without a comma after your username).
>>
>> Caution: This gives any and all users that are part of the sudo group
>> complete root privileges without password requirements. If this is an
>> issue you can depending on your distro instead use the %wheel group listing
>> in the sudo file. If the %wheel stanza exists (same as the %sudo ...
>> above) and there is a group named wheel in /etc/group you could use this in
>> lieu of %sudo.
>>
>> Hope this helps.
>>
>>
>> On Fri, Jul 5, 2013 at 12:38 PM, Robert Holtzman <> wrote:
>>
>>> On Thu, Jul 04, 2013 at 04:48:42PM -0700, Michael Havens wrote:
>>> > regardless, how do I fix sudoers?
>>>
>>> By deleting the sudoers file and renaming the sudoers.bak file to
>>> sudoers. Uh, you *did* make a backup of the sudoers file...didn't you?
>>>
>>> --
>>> Bob Holtzman
>>> If you think you're getting free lunch,
>>> check the price of the beer.
>>> Key ID: 8D549279
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.10 (GNU/Linux)
>>>
>>> iEYEARECAAYFAlHXIKEACgkQv5BYD41UknldegCfT3gS7Xi65I3B50S0QtO+cqR6
>>> bigAnRZbTvl8BpOJsRBbqm4r7qRq5zbl
>>> =DWfp
>>> -----END PGP SIGNATURE-----
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> James
>>
>> *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>




--
James

*Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss