sudoers

Michael Havens bmike1 at gmail.com
Mon Jul 14 23:40:15 MST 2014 

thanks.... I think I am grasping it!

:-)~MIKE~(-:


On Mon, Jul 14, 2014 at 9:48 PM, James Dugger <james.dugger at gmail.com>
wrote:

> Michael,
>
> The following line:
>
>      %sudo ALL=(ALL)  NOPASSWD:  ALL
>
> literally means:
>
>       ALL users in the sudo group can execute ALL commands as ALL users
> from ALL places without a password.
>
> Without any lines after this.  The only thing that you would need to do is
> add users to the sudo group (/etc/group).  Thus the line:
>
>      $ sudo useradd -G sudo <user>
>
> The %sudo portion of the stanza tells Linux to look in the /etc/group file
> for a line starting with "sudo" and include any users listed on that line
> in the sudo group.  This way you don't have to add them individually as
> separate lines in the sudoers file. For example lets say you have 3 users
> (john, jane, sam) that you want to have sudo rights w/o a password. It
> could be done in one of two ways:
>
> 1st- in sudoers
>
>      jane ALL=(ALL)  NOPASSWD:  ALL
>      john ALL=(ALL)  NOPASSWD:  ALL
>      sam ALL=(ALL)  NOPASSWD:  ALL
>
> or
>
> 2nd - in sudoers and /etc/group
>
>      %sudo ALL=(ALL)  NOPASSWD:  ALL
>
> in /etc/group
>
>      sudo:x:##:john,jane,sam
>
> Both work but programmatically the 2nd option eliminates redundant code
> when writing scripts and allows the use of additional shell commands (and
> arguably more simple ones) to be used to maintain file changes (i.e. sudo
> useradd -a -G sudo <user>).  When scripting it is easier add the use of
> usermod and useradd to a script than to use commands like sed -i and then
> having to escape special characters like "%, (,  and )" when making changes
> or updates.
>
>
>
> On Mon, Jul 14, 2014 at 7:48 PM, Michael Havens <bmike1 at gmail.com> wrote:
>
>> I was wondering: these are the instructions I was given to make it so I
>> don't need to input my password after I sudo.
>> ---
>> sudo visudo
>> <password>
>>
>> comment out the line:
>>
>>   %sudo ALL=(ALL:ALL) ALL
>>
>> and add a new line below it like this:
>>
>>   %sudo ALL=(ALL)  NOPASSWD:  ALL
>>
>>   sudo useradd -G sudo <user>
>> ---
>> I was thinking that with the script being like that I probably don't need
>> the last line because the way it is I am telling it no one needs a password
>> with sudo. It would probably be more secure to have:
>>
>>   %sudo ALL=(ALL)  NOPASSWD:  <desired users>
>>
>> is that correct? If I had multiple users who I wanted to not use a
>> password would I separate the users with a space or comma? If I only wanted
>> one user to be able to sudo  it would be:
>>
>>   %sudo <user>=(ALL)  NOPASSWD:  <user>
>>
>> what is the point of th ALL surrounded by parentheses?
>> :-)~MIKE~(-:
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> James
>
> *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>*
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140714/a72e9e94/attachment.html>

More information about the PLUG-discuss mailing list