sudoers mistake
James Dugger
james.dugger at gmail.com
Sat Jul 6 09:22:08 MST 2013
A few questions:
-What distro are you using?
-Do you have more than one user account created on the system?
-Is your computer/system (the one you are doing this on) for testing only
or is this a work/home used computer /system?
The reason that I ask is that it is good practice to test changes to a
system that is not critical to your daily uses. This is especially true for
Ubuntu where by default the root account is locked. If you don't have a
test system and you are using your daily useable system, then you should be
testing these changes with a test user account not your only actual user
account.
As to the reason that sudo still works without a password, I am not
entirely sure but my guess is that the '#' in the /etc/group is being
ignored. Usually you remove the user from the group either by:
gpasswd -d username group
or
editing the /etc/group and deleting the user from the sudo group.
Caution: I would test this out with a test user rather than your personal
user account if you are the only user on the system and root account has
been disabled.
On Sat, Jul 6, 2013 at 7:28 AM, Michael Havens <bmike1 at gmail.com> wrote:
> Okay, so I have <user> added to group sudo in /etc/group.
> tape:x:26:
> sudo:x:27:bmike1
> audio:x:29:pulse
>
> I have the lines:
>
> # Allow members of group sudo to execute any command
> #sudo ALL=(ALL:ALL) ALL
> %sudo ALL=(ALL) NOPASSWD: ALL
>
> in /etc/sudoers and as a result sudo no longer requires a password for my
> user. I then figured I would test this so I commented out my user in
> /etc/group (sudo:x:27:#<user>) and then opened a new terminal and typed in
> 'sudo visudo' fully expecting it to ask for a password but no password was
> requested. So what's up?
> :-)~MIKE~(-:
>
>
> On Fri, Jul 5, 2013 at 11:08 PM, James Dugger <james.dugger at gmail.com>wrote:
>
>> Either create a new group or use an exiting group that is not being used.
>> and then add the group to the sido script. so for a new group:
>>
>> 1. Add a new group to /etc/group with the following command:
>>
>> groupadd groupname (where groupname is a single word)
>>
>> 2. Open the /etc/group file and add your username to your new group as
>> discussed before.
>>
>> 3. Open the sudo script file with visudo and add the groupname following
>> stanza to the file:
>>
>> %groupname ALL=(ALL) NOPASSWD: ALL
>>
>> This is basically the same thing. If you are the only user or admin on
>> your system than this is overkill and you could just use the %sudo group
>> stanza as discussed before. However if you are planning or have serveral
>> administrators that will have different permissions than it would be best
>> to re-think not using passwords.
>>
>>
>>
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
James
*Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130706/ce34a57b/attachment.html>
More information about the PLUG-discuss
mailing list