sudoers mistake
Michael Havens
bmike1 at gmail.com
Sat Jul 6 07:28:30 MST 2013
Okay, so I have <user> added to group sudo in /etc/group.
tape:x:26:
sudo:x:27:bmike1
audio:x:29:pulse
I have the lines:
# Allow members of group sudo to execute any command
#sudo ALL=(ALL:ALL) ALL
%sudo ALL=(ALL) NOPASSWD: ALL
in /etc/sudoers and as a result sudo no longer requires a password for my
user. I then figured I would test this so I commented out my user in
/etc/group (sudo:x:27:#<user>) and then opened a new terminal and typed in
'sudo visudo' fully expecting it to ask for a password but no password was
requested. So what's up?
:-)~MIKE~(-:
On Fri, Jul 5, 2013 at 11:08 PM, James Dugger <james.dugger at gmail.com>wrote:
> Either create a new group or use an exiting group that is not being used.
> and then add the group to the sido script. so for a new group:
>
> 1. Add a new group to /etc/group with the following command:
>
> groupadd groupname (where groupname is a single word)
>
> 2. Open the /etc/group file and add your username to your new group as
> discussed before.
>
> 3. Open the sudo script file with visudo and add the groupname following
> stanza to the file:
>
> %groupname ALL=(ALL) NOPASSWD: ALL
>
> This is basically the same thing. If you are the only user or admin on
> your system than this is overkill and you could just use the %sudo group
> stanza as discussed before. However if you are planning or have serveral
> administrators that will have different permissions than it would be best
> to re-think not using passwords.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130706/18ab12cb/attachment.html>
More information about the PLUG-discuss
mailing list