Re: sudoers

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Havens
Date:  
To: Main PLUG discussion list
Subject: Re: sudoers
thanks.... I think I am grasping it!

:-)~MIKE~(-:


On Mon, Jul 14, 2014 at 9:48 PM, James Dugger <>
wrote:

> Michael,
>
> The following line:
>
>      %sudo ALL=(ALL)  NOPASSWD:  ALL

>
> literally means:
>
>       ALL users in the sudo group can execute ALL commands as ALL users
> from ALL places without a password.

>
> Without any lines after this. The only thing that you would need to do is
> add users to the sudo group (/etc/group). Thus the line:
>
>      $ sudo useradd -G sudo <user>

>
> The %sudo portion of the stanza tells Linux to look in the /etc/group file
> for a line starting with "sudo" and include any users listed on that line
> in the sudo group. This way you don't have to add them individually as
> separate lines in the sudoers file. For example lets say you have 3 users
> (john, jane, sam) that you want to have sudo rights w/o a password. It
> could be done in one of two ways:
>
> 1st- in sudoers
>
>      jane ALL=(ALL)  NOPASSWD:  ALL
>      john ALL=(ALL)  NOPASSWD:  ALL
>      sam ALL=(ALL)  NOPASSWD:  ALL

>
> or
>
> 2nd - in sudoers and /etc/group
>
>      %sudo ALL=(ALL)  NOPASSWD:  ALL

>
> in /etc/group
>
>      sudo:x:##:john,jane,sam

>
> Both work but programmatically the 2nd option eliminates redundant code
> when writing scripts and allows the use of additional shell commands (and
> arguably more simple ones) to be used to maintain file changes (i.e. sudo
> useradd -a -G sudo <user>). When scripting it is easier add the use of
> usermod and useradd to a script than to use commands like sed -i and then
> having to escape special characters like "%, (, and )" when making changes
> or updates.
>
>
>
> On Mon, Jul 14, 2014 at 7:48 PM, Michael Havens <> wrote:
>
>> I was wondering: these are the instructions I was given to make it so I
>> don't need to input my password after I sudo.
>> ---
>> sudo visudo
>> <password>
>>
>> comment out the line:
>>
>> %sudo ALL=(ALL:ALL) ALL
>>
>> and add a new line below it like this:
>>
>> %sudo ALL=(ALL) NOPASSWD: ALL
>>
>> sudo useradd -G sudo <user>
>> ---
>> I was thinking that with the script being like that I probably don't need
>> the last line because the way it is I am telling it no one needs a password
>> with sudo. It would probably be more secure to have:
>>
>> %sudo ALL=(ALL) NOPASSWD: <desired users>
>>
>> is that correct? If I had multiple users who I wanted to not use a
>> password would I separate the users with a space or comma? If I only wanted
>> one user to be able to sudo it would be:
>>
>> %sudo <user>=(ALL) NOPASSWD: <user>
>>
>> what is the point of th ALL surrounded by parentheses?
>> :-)~MIKE~(-:
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> James
>
> *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss