Re: sudoers mistake

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Havens
Date:  
To: Main PLUG discussion list
Subject: Re: sudoers mistake
What do I run? I run an ubuntu derivative, Mint.
I only created one account on this computer (if I remember right).
this is a home used system. I only have one computer I can do this with so
I am stuck with testing on it.
I don't think root's account has been locked in mint as I can 'su root'
<password> and I am super user. Am I assuming correctly?
:-)~MIKE~(-:


On Sat, Jul 6, 2013 at 9:22 AM, James Dugger <> wrote:

> A few questions:
>
> -What distro are you using?
> -Do you have more than one user account created on the system?
> -Is your computer/system (the one you are doing this on) for testing only
> or is this a work/home used computer /system?
>
> The reason that I ask is that it is good practice to test changes to a
> system that is not critical to your daily uses. This is especially true for
> Ubuntu where by default the root account is locked. If you don't have a
> test system and you are using your daily useable system, then you should be
> testing these changes with a test user account not your only actual user
> account.
>
> As to the reason that sudo still works without a password, I am not
> entirely sure but my guess is that the '#' in the /etc/group is being
> ignored. Usually you remove the user from the group either by:
>
>     gpasswd -d username group

>
> or
>
> editing the /etc/group and deleting the user from the sudo group.
>
> Caution: I would test this out with a test user rather than your personal
> user account if you are the only user on the system and root account has
> been disabled.
>
>
>
> On Sat, Jul 6, 2013 at 7:28 AM, Michael Havens <> wrote:
>
>> Okay, so I have <user> added to group sudo in /etc/group.
>> tape:x:26:
>> sudo:x:27:bmike1
>> audio:x:29:pulse
>>
>> I have the lines:
>>
>> # Allow members of group sudo to execute any command
>> #sudo ALL=(ALL:ALL) ALL
>> %sudo ALL=(ALL) NOPASSWD: ALL
>>
>> in /etc/sudoers and as a result sudo no longer requires a password for my
>> user. I then figured I would test this so I commented out my user in
>> /etc/group (sudo:x:27:#<user>) and then opened a new terminal and typed in
>> 'sudo visudo' fully expecting it to ask for a password but no password was
>> requested. So what's up?
>> :-)~MIKE~(-:
>>
>>
>> On Fri, Jul 5, 2013 at 11:08 PM, James Dugger <>wrote:
>>
>>> Either create a new group or use an exiting group that is not being
>>> used. and then add the group to the sido script. so for a new group:
>>>
>>> 1. Add a new group to /etc/group with the following command:
>>>
>>>     groupadd groupname (where groupname is a single word)

>>>
>>> 2. Open the /etc/group file and add your username to your new group as
>>> discussed before.
>>>
>>> 3. Open the sudo script file with visudo and add the groupname
>>> following stanza to the file:
>>>
>>> %groupname ALL=(ALL) NOPASSWD: ALL
>>>
>>> This is basically the same thing. If you are the only user or admin on
>>> your system than this is overkill and you could just use the %sudo group
>>> stanza as discussed before. However if you are planning or have serveral
>>> administrators that will have different permissions than it would be best
>>> to re-think not using passwords.
>>>
>>>
>>>
>>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> James
>
> *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss