LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-14-2011, 03:51 PM   #1
zimbot
Member
 
Registered: Nov 2005
Location: cincinnati , ohio . USA
Distribution: ubuntu , Opensuse , CentOS
Posts: 122

Rep: Reputation: 17
add user to sudoers


Friends.
I have Opensuse 11.1 64
I wish to have a limited user be able to do some sudo commands without having to enter ( without having to know ) the root psswd.

specifically 1 cmnd

sudo umount media/restore.

here is the thing. I have a script that makes for easy peasy restore from a LTO4 data tape to an attached usb drive
that drive will be named 'restore' and it auto mounts under
/media/restore
at the end I would like to unmount the usb drive

I have looked at
http://www.susegeek.com/security/how...y-in-opensuse/

i must be missing something . currently using the yast tool.
I am cool with visudo,
in fact i would be ok with letting the user { usr = dog }
being able to sudo *Anything --all-- *
since this will happen via a script.
and the risk seems less thna telling them what root psswd is.

thanks!
 
Old 12-14-2011, 04:24 PM   #2
andywebsdale
Member
 
Registered: Jan 2005
Location: Lewisham,London,UK
Distribution: Debian Wheezy AMD64
Posts: 87
Blog Entries: 2

Rep: Reputation: 23
Here's what's in my /etc/sudoers file
Quote:
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults !authenticate
# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
This works for me, but I'm not sure if its best security practice or not
Have a look at your existing file - there may be an existing group defined already, like the sudo group in here(might be called "wheel") - if there is, you just have to make the user a member of that group
 
Old 12-14-2011, 07:41 PM   #3
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
It's really very simple once you see a few examples.

For your task, just add this line (by using visudo):
Code:
dog  (ALL)=/bin/umount /media/restore
Commands in the sudoers file MUST begin with an absolute path. I don't know if that was part of your problem or not. It gave me grief once or twice.

Also, if you have scripted common tasks, you can give users permission to run those scripts as root--so that you don't have to give sudo permissions for each individual command.

EDIT:
Just to clarify, this will give user dog the ability to execute (as root) "sudo umount /media/resotre" and only that command. andywebsdale's solution would tackle the other option: allowing dog to execute any command.

Also, as a side-note, the user does not have to enter the path for umount to execute it (like was done in the sudoers file) as long as dog's command ultimately points to /bin/mount (after path expansion for instance).

Last edited by Dark_Helmet; 12-14-2011 at 07:48 PM.
 
Old 12-15-2011, 08:36 AM   #4
zimbot
Member
 
Registered: Nov 2005
Location: cincinnati , ohio . USA
Distribution: ubuntu , Opensuse , CentOS
Posts: 122

Original Poster
Rep: Reputation: 17
1st thanks to all for all the advice.
I have not tried any of this yet - i wish to ask just a bit more before i "dig in"

might it be true that i could grant the user dog full sudo ability.
meaning: they can sudo *any cmd* with out being prompted for a root password.
( and since this cmnd would happen within a script -- still hidden to the casual usr dog )

IF i from a term do a visudo
and add the below line

1
# User privilege specification
dog ALL=(ALL:ALL) ALL

or
2
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

and then i have to add usr dog to a group sudo.
I suppose that is like adding a usr to any group.

I think i like the "wider open door" approach

thanks much!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
'user' not in the sudoers file thomas2004ch Linux - Software 6 05-24-2011 10:20 AM
How Do I Add Myself To The Sudoers Group? Mark7 Fedora 8 04-29-2011 06:07 PM
[SOLVED] Is it necessary to add root to sudoers? Mr. Alex Linux - Newbie 5 01-08-2011 12:50 PM
How do I add myself to the sudoers list? Cultist Debian 6 07-26-2010 06:31 PM
User not in the sudoers file ersek Linux - Newbie 10 06-09-2009 12:35 PM


All times are GMT -5. The time now is 04:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration