Re: somewhat OT: sudo question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 09/09/2010 06:46 PM, Ranjan Maitra wrote:
> On Thu, 9 Sep 2010 20:13:04 -0500 JD<jd1008@xxxxxxxxx>  wrote:
>
>>
>> On 09/09/2010 05:32 PM, Ranjan Maitra wrote:
>>> On Thu, 9 Sep 2010 14:18:43 -0500 kalinix
>>> <calin.kalinix.cosma@xxxxxxxxx>   wrote:
>>>
>>>> On Thu, 2010-09-09 at 14:12 -0500, Ranjan Maitra wrote:
>>>>
>>>>
>>>> On Thu, 9 Sep 2010 13:59:18 -0500 JD<jd1008@xxxxxxxxx<mailto:jd1008@xxxxxxxxx>>   wrote:
>>>>
>>>>> On 09/09/2010 11:41 AM, Ranjan Maitra wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I would like to set up sudo permissions for myself (let us say) such
>>>>>> that I do not need password for /usr/sbin/pm-hibernate
>>>>>> or /usr/sbin/pm-suspend but need it for everything else. Anyone know
>>>>>> off-hand how this can be done by adding lines in the /etc/sudoers file?
>>>>>>
>>>>>> Many thanks and best wishes,
>>>>>> Ranjan
>>>>> Append a line like the following to /etc/sudoers
>>>>>
>>>>> ranjan      ALL=(ALL)       NOPASSWD: ALL
>>>> Sorry, maybe I was not clear. I wanted to have the ability to use sudo
>>>> without password for the above two commands, but use sudo with password
>>>> (required) for everything else.
>>>>
>>>> Will it be enough to type the two commands with a comma separator after
>>>> the NOPASSWD: (and instead of the ALL)? I guess I could try this, but
>>>> wanted to be sure.
>>>>
>>>> Ranjan
>>>>
>>>>
>>>>> --
>>>>> users mailing list
>>>>> users@xxxxxxxxxxxxxxxxxxxxxxx<mailto:users@xxxxxxxxxxxxxxxxxxxxxxx>
>>>>> To unsubscribe or change subscription options:
>>>>> https://admin.fedoraproject.org/mailman/listinfo/users
>>>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>
>>>>
>>>> In aliases section:
>>>>
>>>>
>>>> Cmnd_Alias HIBERNATE = /usr/sbin/pm-hibernate, /usr/sbin/pm-suspend
>>>>
>>>>
>>>> in the main part:
>>>>
>>>> rajan ALL=(ALL)    NOPASSWD: HIBERNATE
>>>>
>>>>
>>>> This should do the trick in the way that you will be able to run any command (ALL) and you will be asked for the password, except for commands that are defined under the HIBERNATE alias.
>>> Hi, I have been unable to get this to work. If I do exactly as above,
>>> or even forgo the alias and specifically write
>>>
>>> maitra	ALL=(ALL) NOPASSWD:/usr/sbin/pm-hibernate,/usr/sbin/pm-suspend
>>>
>>> in the main part, nothing works under sudo. Specifically, even a simple
>>> command as sudo yum update yields:
>>>
>>> Sorry, user maitra is not allowed to execute '/usr/bin/yum update' as root on (name of machine).
>>>
>>> What is wrong here?
>>>
>>> Of course,
>>> maitra	ALL=(ALL) ALL
>>>
>>> works just fine, but of course, asks me for my password for every sudo command.
>>>
>>>> Fact is that once you entered the password in sudo, it will be remembered for the rest of the session.
>>> Really, in my case, there seems to be a time window of around 5 minutes
>>> or so before it again asks for a password. I like this feature (which I
>>> thought was default everywhere, but I guess not).
>>>
>>> Thanks!
>>> Ranjan
>> You have a typo.
>> The entry in sudoers should be:
>> maitra    ALL=(ALL)      NOPASSWD: /usr/sbin/pm-hibernate,/usr/sbin/pm-suspend
>>
>> Notice the space after the colon :
> Sorry, no luck, same problem. I continue to have the same problem.
>
> Ranjan

I tried it and I confirm that sudo is broken if
the NOPASSWD: is followed by a list of commands.
sudo will only allow the user to sudo the specified
commands without a password.
All other commands are blocked.

I think you should open a bug at bugzilla.redhat.com


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux