Table of Contents
If you want to send us your comments, please do so. Thanks
More on comments
sudo
Advice: Use all uppercase for ALIASES in /etc/sudoers which has to be edited with visudo
For normal users, users not being root, when using commands mentioned in visudo they have to be preceded by sudo
man pages
- man 5 sudoers
Defaults
- Defaults editor=/bin/nano
- Defaults env_reset # Commands are executed with a new, minimal, environment
- Defaults mail_badpass # Send an e=mail on a failed password attempt
- Defaults secure_path=“/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”
- Defaults timestamp_timeout=120 # After this time the sudoer has to enter his password again
See also man 5 sudoers
An other editor
sudo EDITOR=gedit visudo
Meanings
USER ALL=(ALL:ALL) NOPASSWD:ALL user hostname= (owner: group) Can be omitted: Commands including options
%GROUPNAME means group
Implementing sudo
- Edit /etc/sudoers with visudo
- Note that these
',' ':' '=' '\'
characters must be escaped with a '\' if they are used in command arguments
- When using sudo, use alias expansion (otherwise sudo ignores your aliases)
alias sudo='sudo '
- Wildcards are allowed. This works: user ALL=(root:ALL) NOPASSWD:/bin/mount * *
- New and changed entries become active only after visudo is closed
- In paths make sure the tailing / is not there. Or the same as in the command as in visudo
Examples
Allow members of group sudo to execute any command on any host
%sudo ALL=(ALL:ALL) ALL
Open a truecrypt container
How to open a truecrypt container without entering the user or root password.
As root do
visudo
Add to the “User privilege specification”
user Hostname=(root:ALL) NOPASSWD:/usr/bin/truecrypt
Close visudo
Issues
Security
When added to visudo
user hostname=(root:ALL) NOPASSWD:/bin/chown -R user\:user /var/backups/user
this does not work when used. Problably because of security reasons.
When
user ALL=(ALL:ALL) ALL
is enabled / added to visudo and
sudo /bin/chown -R user\:user /var/backups/user
is executed the ownership is changed. Reason for the difference is not known by us so far
This works
user ALL=(root:ALL) NOPASSWD:/bin/chown *\:* *
Recover from broken /etc/sudoers
Login as root and do
visudo
and fix /etc/sudoers
If you can not login as root, use a live cd to edit /etc/sudoers
Becoming root
sudo su - # In the root environment sudo -s > /dev/null
Useful links
Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy
RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2024 Webevaluation.nl and the authors
Changes reserved.