Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 51

Thread: HowTO: Sudoers Configuration

  1. #21
    Join Date
    Feb 2007
    Location
    Romania
    Beans
    Hidden!

    Re: HowTO: Sudoers Configuration

    Quote Originally Posted by jarrah-95 View Post
    i have just actadently blocked all access to sudo exept for apt-get this whould have been alright for what i wanted to use update manager too and i also forgot to make a sudo user that can edit these things
    is there any way out of this
    thanks
    d'oh.


    Boot in recovery mode and edit the file:
    http://www.psychocats.net/ubuntu/fixsudo

  2. #22
    Join Date
    Dec 2008
    Beans
    Hidden!

    Re: HowTO: Sudoers Configuration

    thanks sisco311 your a life svaer

  3. #23
    Join Date
    May 2006
    Beans
    33

    Re: HowTO: Sudoers Configuration - allow chmod in specific path?

    Thanks for the ACLs suggestion. In the meantime, I had found a simple workaround. In case it helps someone else:

    I put the wanted chmod and chown lines into a shell script which is root:root and suid (4755/-rwsr-xr-x).

    So users can run it to fix the permissions and ownership where I want, but cannot change the script to mess elsewhere in the system. Of course, the correct fix would be to find out why we get files in there with wrong permissions in the first place...

  4. #24
    Join Date
    Feb 2007
    Location
    Romania
    Beans
    Hidden!

    Re: HowTO: Sudoers Configuration - allow chmod in specific path?

    Quote Originally Posted by rduke15 View Post
    Thanks for the ACLs suggestion. In the meantime, I had found a simple workaround. In case it helps someone else:

    I put the wanted chmod and chown lines into a shell script which is root:root and suid (4755/-rwsr-xr-x).

    So users can run it to fix the permissions and ownership where I want, but cannot change the script to mess elsewhere in the system. Of course, the correct fix would be to find out why we get files in there with wrong permissions in the first place...
    When a user creates a file the file inherits the users primary group ID. Setting the setgid permission on a directory causes new files and subdirectories created within it to inherit its group ID, rather than the primary group ID of the user who created the file.

    i.e.
    Code:
    [sisco@acme xtmp]$ id sisco
    uid=1000(sisco) gid=100(users) groups=100(users),6(disk),7(lp),10(wheel),91(video),92(audio),93(optical)
    [sisco@acme xtmp]$ > file1
    [sisco@acme xtmp]$ ls -al file1 
    -rw-r--r-- 1 sisco users 0 2009-06-29 09:52 file1
    [sisco@acme xtmp]$ mkdir dir1
    [sisco@acme xtmp]$ > dir1/file2
    [sisco@acme xtmp]$ ls -al dir1
    total 8
    drwxr-xr-x 2 sisco users 4096 2009-06-29 09:53 .
    drwxr-xr-x 4 sisco users 4096 2009-06-29 09:52 ..
    -rw-r--r-- 1 sisco users    0 2009-06-29 09:53 file2
    [sisco@acme xtmp]$ chmod g+s dir1
    [sisco@acme xtmp]$ chgrp audio dir1/
    [sisco@acme xtmp]$ ls -al dir1
    total 8
    drwxr-sr-x 2 sisco audio 4096 2009-06-29 09:53 .
    drwxr-xr-x 4 sisco users 4096 2009-06-29 09:52 ..
    -rw-r--r-- 1 sisco users    0 2009-06-29 09:53 file2
    [sisco@acme xtmp]$ > dir1/file3
    [sisco@acme xtmp]$ ls -al dir1/
    total 8
    drwxr-sr-x 2 sisco audio 4096 2009-06-29 09:54 .
    drwxr-xr-x 4 sisco users 4096 2009-06-29 09:52 ..
    -rw-r--r-- 1 sisco users    0 2009-06-29 09:53 file2
    -rw-r--r-- 1 sisco audio    0 2009-06-29 09:54 file3

  5. #25
    Join Date
    Apr 2008
    Beans
    18

    Re: HowTO: Sudoers Configuration

    Excellent, and very well stated. My immediate problem has been solved, thanks to another respondent, but I've bookmarked this for future reference after I'm more familiar with the lingo.

  6. #26
    Join Date
    Jun 2007
    Location
    /home/London
    Beans
    297

    Re: HowTO: Sudoers Configuration

    Thank you this is an excellent tutorial

    Just to be clear, you still have to type sudo but it won't ask you for the password anymore
    "I refuse to answer that question on the grounds that I don't know the answer" - Douglas Adams
    "The world is your lobster" - Arthur Daley


    http://twitter.com/junkbit

  7. #27
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: HowTO: Sudoers Configuration

    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests / username changes by PM, thanks. |
    [SIGPIC][/SIGPIC]

  8. #28
    Join Date
    Jan 2008
    Beans
    4,757

    Re: HowTO: Sudoers Configuration

    Thanks bapoumba.

    I suppose this will give me a reason to update / refactor a few bits and pieces of the guide then for Lucid.

  9. #29
    Join Date
    Mar 2009
    Beans
    927
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HowTO: Sudoers Configuration

    Nice How-To! I've used sudoers before but never fully understood it. The host-restriction tip is helpful, but instead of making an alias Host_Alias HOST = jaunty and using HOST=, can't you just use localhost=?

  10. #30
    Join Date
    Jan 2008
    Beans
    4,757

    Re: HowTO: Sudoers Configuration

    Quote Originally Posted by Penguin Guy View Post
    Nice How-To! I've used sudoers before but never fully understood it. The host-restriction tip is helpful, but instead of making an alias Host_Alias HOST = jaunty and using HOST=, can't you just use localhost=?
    Unless you've specified explicitly in /etc/hostname, localhost is not the hostname, localhost is just the alias to 127.0.0.1.

    So no, that won't work.

    Regards
    Last edited by ibuclaw; May 1st, 2010 at 08:16 PM.

Page 3 of 6 FirstFirst 12345 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •