Thanks for this tutorial..
Spilled the Beans
Thanks for this tutorial..
First Cup of Ubuntu
I'm trying to modify sudoers to allow a script to mount/umount windows shared folders without prompting for a password.
But even if i carefully read all the how-to, untill the last post, i still can't mount any resource from the shell without sudo command. Here's my sudoers:
As you can see, to avoid any typo, i made a copy/paste of the line for the user www-data (added by avantfax, and it's working of course) and modified the new line for the user maxi, but nothing: it doesn't work. When i try a reboot or a mount it still says i need to be root user for that command. Everything seems to be right, here's the output for "sudo -l":Code:# /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # See the man page for details on how to write a sudoers file. # Defaults env_reset # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL # Uncomment to allow members of group sudo to not need a password # (Note that later entries override this, so you might need to move # it further down) # %sudo ALL=NOPASSWD: ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL www-data ALL= NOPASSWD: /sbin/reboot, /sbin/halt, /usr/sbin/faxdeluser -f *, /usr/sbin/faxadduser -f * -u * -p * * #personalization maxi ALL= NOPASSWD: /sbin/reboot, /sbin/halt, /bin/mount #end personalization
and of course i've even verified the path (which mount) and the user (echo $USER).Code:Matching Defaults entries for maxi on this host: env_reset User maxi may run the following commands on this host: (ALL) ALL (root) NOPASSWD: /sbin/reboot, (root) /sbin/halt, (root) /bin/mount
At this point i'm lost and don't know what to do more
Any suggestion?
First Cup of Ubuntu
Re: HowTO: Sudoers Configuration
I've been through this thread ant can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user
The only to achieve this is to give "canar" user root permission in sudoers, see below:
Host_Alias LAB = linuxbox
User_Alias LABTRUSTED = canar
Cmnd_Alias LABADMIN = /bin/bash, /bin/su, /bin
LABTRUSTED LAB=(ALL) NOPASSWD: LABADMIN
And run any command:
canar@linuxbox$ sudo -i -u duck 'id'
But basically, this is a huge security hole since canar can run whatever he wants as anyone (including root)
I want to restrict canar user to be able to login as duck user (or as anyone from a given group) without providing root access
Any help would be welcome!
~canar
Last edited by canar; April 5th, 2012 at 09:25 PM.
5 Cups of Ubuntu
Is it possible to add a command on sudoers with specific parameters?
for instance i would like to add iptables command with parameters
-L -t nat -xvn to be executed for the user "testuser". I tried on visudo the following but it did not work:
Got a syntax error. Any ideas if it is possible to add commands with arguments/parameters?Code:testusr ALL=(ALL)NOPASSWD:/sbin/iptables -L -t nat -xvn
thanks
First Cup of Ubuntu
Hello,
I have summarized the steps I had gone through in order to successfully add a set of rules to the sudoers configuration. You can see it right here. Enjoy!
First Cup of Ubuntu
Hi,
I am trying to give sudo login access(without having to enter password) to 'user1' so that it can login as 'user2' and run scripts, commands etc. I have made below entry in sudoers file
user1 ALL = (user2) NOPASSWD: ALL
This doesn't work and I still get prompted for password when I do(as user1)
sudo su - user2
But when I change sudoers file to:
user1 ALL = (ALL) NOPASSWD: ALL
it works. However, this also allows 'user1' to sudo login as super user without password, which I don't want. Can someone help me fix this.
Thanks.
First Cup of Ubuntu
I have joined my ubuntu desktop to my Server 2003 AD windows domain and I can successfully log in with domain credentials.
However domain users, and domain admins can not access sudo commands even with the following in the /etc/sudoer file
I followed sever guides and all of them show the following as acceptable code for giving domain admin/users sudo ability.
Any ideas?
Code:# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL %clbei\\domain^admins ALL=(ALL) ALL %clbei\\domain^users ALL=(ALL) ALL
i [ˈbut͡swaf]
What's the output if you run 'id' on the domain user account?Originally Posted by CLWSI
eg:
RegardsCode:id clbei\\ibuclaw
First Cup of Ubuntu
I ran the command several ways, all with the same type of result. It appears to pull my user groups correctly from the DC.
Please advise and thank you!Code:uid=1587545172(jasonladmin) gid=1587544577(domain^users) groups=1587544577(domain^users),1587545199(certsvc_dcom_access),1587545333(tatemusers),1587545394(vpn^users),1587546501(sqlserver2005mssqluser$moe$tcm),1587544576(domain^admins),1587545212(wo_po),1587545213(front),1587546508(sqlserver2005sqlbrowseruser$moe),1587546510(sqlserver2005mssqluser$moe$mssqlserver),1587544582(schema^admins),1587544583(enterprise^admins),1587545500(exchange^public^folder^administrators),1587545721(tcm),1587545190(exchange^organization^administrators),1587545191(exchange^recipient^administrators),1587545192(exchange^view-only^administrators) jasonladmin@schemp:~$
Last edited by CLWSI; January 9th, 2013 at 04:23 PM.
First Cup of Ubuntu
I'm coming back to this tutorial for the third time already. Thanks, it's great. You made me make an account on the forums
Adv Reply
Bookmarks