sudo - /opt/sudoers - password - Linux question


Forum: Other Help Topics
Topic: sudo - /opt/sudoers - password - Linux question
started by: john.martzouco

Posted by john.martzouco on Dec. 19 2007,14:21
I'm setting up a guest account on my machine and am removing the user's entry from /opt/sudoers.   I'm guessing that this is the way to remove a user's privileges for running sudo <command>.  It works... when I try to execute anything in console with the account, I get a friendly warning about being careful and a prompt for a password.

I've tried every password I can think of at the prompt, but have never been able to continue.  I've tried the password that I issued for the root account.  I've tried running sudo root and entering the same password to no avail.  I've tried other user accounts that I have set up with sudo privileges.

I have DSL 4.1 installed as multi-user.

Am I using the /opt/sudoer file properly? or should I have an entry in  there for the guest account with speciific pieces of information?

Much thanks,
John

Posted by mikshaw on Dec. 19 2007,15:54
Try the user's password.

An alternative to sudo would be su -c "some command"

Posted by lucky13 on Dec. 19 2007,16:05
Did you edit manually or with visudo?

Quote
CAVEATS

The sudoers file should always be edited by the visudo command which locks the file and does grammatical checking. It is imperative that sudoers be free of syntax errors since sudo will not run with a syntactically incorrect sudoers file.

When using netgroups of machines (as opposed to users), if you store fully qualified hostnames in the netgroup (as is usually the case), you either need to have the machine's hostname be fully qualified as returned by the hostname command or use the fqdn option in sudoers.
< http://www.gratisoft.us/sudo/man/sudoers.html#caveats >

Posted by ^thehatsrule^ on Dec. 19 2007,19:57
You mean /etc/sudoers ?
Did you try this under the 'dsl' user?
What kind of installation?

Afaik DSL doesn't have visudo set up properly... you can first do `export EDITOR=vi` for example.

Posted by john.martzouco on Dec. 19 2007,20:42
Yes, /etc/sudoers, sorry about that, still getting locations of things straight in my head.

No, I didn't know visudo existed.

When I used beaver, I removed the entire line for the user.  I just tried it with visudo (with the editor export) and it does act differently.  Now, I get the message that the 'user is not in sudo file'.  That's good.  And now I understand that I can su <user> to get the privileges in this session to work as a super-user... perfect!

Thanks for the link to the sudoers man page, I'll give it a good read.

Much thanks,
John

Posted by john.martzouco on Dec. 22 2007,00:46
This has been helpful.  visudo worked well (now I have to pay more attention to all those chapters about vi that I've been ignoring).

I'm trying to grant my guest user the priviliges to shut down the machine.  I've tried entering the next two lines into /etc/sudoers with visudo.  It reports that I have errors with the first one... so I thought I'd check with you guys to get a kickstart on setting this up.  I'm reading the man page, and it will be very helpful... much more helpful after I have one new entry that sheds light.

Here's what I've tried:

/etc/sudoers:
Code Sample

Cmnd_Alias      SHUTDOWN = /sbin/shutdown
guest       ALL = DUMPS, KILL, SHUTDOWN


Will this allow my user to shutdown via the desktop icon?  How close am I to having legitimate settings for the user named guest?

Thanks

Posted by curaga on Dec. 22 2007,09:49
I have never used vi since the first try, it felt so anti-userfriendly to me.. So I set the environment variable EDITOR to nano, and visudo will use nano instead (though this feature can be compiled out, not sure if it's in DSL)

Does your sudoers file also have DUMPS and KILL defined?

Posted by john.martzouco on Dec. 22 2007,11:03
Thanks curaga,

export EDITOR=beaver worked perfectly well too.

No, I only added the two lines to the default sudoers file; DUMPS and KILL are not in it.

Will that be all I need then, the 2 statements I used plus the DUMPS and KILL?

Posted by curaga on Dec. 22 2007,16:44
or take them out, so your last line comes
Quote
guest       ALL = SHUTDOWN

Posted by john.martzouco on Dec. 22 2007,18:13
That worked perfectly curaga.

In the end, it's two lines in sudoers:
Code Sample
Cmnd_Alias      SHUTDOWN = /usr/bin/exit.lua
...
guest       ALL = SHUTDOWN

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.