On Thu, Sep 9, 2010 at 10:44 PM, JD <jd1008@xxxxxxxxx> wrote: > > On 09/09/2010 07:38 PM, Tom H wrote: >> On Thu, Sep 9, 2010 at 9:59 PM, JD<jd1008@xxxxxxxxx> wrote: >>> I tried it and I confirm that sudo is broken if >>> the NOPASSWD: is followed by a list of commands. >>> sudo will only allow the user to sudo the specified >>> commands without a password. >>> All other commands are blocked. >>> >>> I think you should open a bug at bugzilla.redhat.com >> sudo will only allow what you specify "/etc/sudoers". If you only >> specify "rajan ALL=(ALL) NOPASSWD: HIBERNATE", rajan will only be able >> to use sudo to run a command in the HIBERNATE command alias. If rajan >> wants to use sudo to run other commands (with or without a password), >> he needs to add "rajan ALL=(ALL) ALL" to "/etc/sudoers". > Two entries to achieve that? > That's lame! You might find it lame but I'm used to a multi-user environment where we don't give everyone the same privileges and where we use User_Alias, Runas_Alias, Host_Alias, Cmnd_Alias to grant privileges and we use multiple lines in sudoers instead of having what might be a restricted case like "rajan ALL=(ALL) NOPASSWD: HIBERNATE, PASSWD: ALL". -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
