Results 1 to 8 of 8

Thread: /etc/sudoers Has No Effect

  1. #1
    Join Date
    Mar 2009
    Beans
    927
    Distro
    Ubuntu 12.04 Precise Pangolin

    Question /etc/sudoers Has No Effect

    In a nutshell: sudoers is not designed to use 127.0.0.1

    Old, broken sudoers:
    Code:
    # Defaults
    Defaults	editor=/usr/bin/nano
    Defaults	env_reset
    #Defaults	timestamp_timeout=0
    
    # Aliases
    Cmnd_Alias	SHUTDOWN = /usr/sbin/shutdown, /usr/sbin/poweroff,\
    		/usr/sbin/halt, /usr/sbin/fasthalt, /usr/sbin/reboot,\
    		/usr/sbin/fastboot
    
    # Rules
    root	ALL=(ALL)	ALL
    %admin	ALL=(ALL)	ALL
    %admin	localhost=(ALL)	NOPASSWD: ALL
    ALL	localhost=(ALL)	NOPASSWD: SHUTDOWN
    %admin	All=(ALL)	NOPASSWD: /usr/local/bin/set-xsplash-background
    New, fixed sudoers:
    Code:
    Defaults	env_reset,pwfeedback,editor=/usr/bin/nano,timestamp_timeout=0
    
    # Rules
    root	ALL=(ALL)	ALL
    %admin	ALL=(ALL)	NOPASSWD: ALL
    Thanks, all, for your time.
    Last edited by Penguin Guy; July 30th, 2010 at 11:51 PM.

  2. #2
    Join Date
    Mar 2009
    Beans
    927
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: /etc/sudoers Has No Effect

    I've messed around a bit, but I still can't get it to work.
    Last edited by Penguin Guy; July 22nd, 2010 at 07:18 PM.

  3. #3
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: /etc/sudoers Has No Effect

    You are having conflicts as you are listing your user more then once.

    You have two lines of %admin and once for ALL

    Usually last match in sudoers wins.

    Solution : Create a new group, shutdown, see man sudoers and alises

    http://www.sudo.ws/sudo/man/sudoers.html
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  4. #4
    Join Date
    Apr 2009
    Location
    Midwest, U.S.A.
    Beans
    1,209
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: /etc/sudoers Has No Effect

    What is the output of:
    Code:
    sudo visudo -c
    Laptop: Dell Inspiron 8200 - Fedora 13 - Goddard
    Desktop: Self-Built - [Ku, Lu, Xu, U]buntu - Lucid 10.04.3 (LTS)
    Linux User: 498249 / Ubuntu User: 29241

  5. #5
    Join Date
    Mar 2009
    Beans
    927
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: /etc/sudoers Has No Effect

    Quote Originally Posted by bodhi.zazen View Post
    Usually last match in sudoers wins.
    Code:
    NOPASSWD: /usr/local/bin/set-xsplash-background
    Surely, by that logic, I should be able to run set-xsplash-background with no password?


    The syntax is fine:
    Code:
    # visudo -c
    /etc/sudoers: parsed OK

  6. #6
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: /etc/sudoers Has No Effect

    Quote Originally Posted by Penguin Guy View Post
    Code:
    NOPASSWD: /usr/local/bin/set-xsplash-background
    Surely, by that logic, I should be able to run set-xsplash-background with no password?
    I am not sure what you are asking. My point is that you have conflicts in your configuration and the result of such conflicts is often unpredictable behavior.

    If a user is listed by name and group membership(s) and %admin is listed twice you are going to have issues.

    Clean up your syntax , eliminate duplicates, use aliases as shown in the man page and try again.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  7. #7
    Join Date
    Mar 2009
    Beans
    927
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: /etc/sudoers Has No Effect

    Quote Originally Posted by bodhi.zazen View Post
    I am not sure what you are asking. My point is that you have conflicts in your configuration and the result of such conflicts is often unpredictable behavior.

    If a user is listed by name and group membership(s) and %admin is listed twice you are going to have issues.

    Clean up your syntax , eliminate duplicates, use aliases as shown in the man page and try again.
    I've read the man page, guides, examples, but am still completely clueless how to fix the problem. I just can't see how an alias is going to work. And anyway, I didn't think duplicates mattered?

    I tried:
    Code:
    %admin	ALL=(ALL)	ALL, NOPASSWD: /usr/local/bin/set-xsplash-background
    But that blocked everyone from sudo.
    Last edited by Penguin Guy; July 23rd, 2010 at 06:50 PM.

  8. #8
    Join Date
    Mar 2009
    Beans
    927
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: /etc/sudoers Has No Effect

    Ah, from a recent answer on superuser it looks like sudoers is not designed to give privelages to specific Hosts/IPs. I've had to dramatically simplify my sudoers file because of that. It's quite insecure, but hey.
    Last edited by Penguin Guy; July 30th, 2010 at 11:55 PM.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •