LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-27-2015, 08:17 AM   #1
NerdGZ
LQ Newbie
 
Registered: Feb 2014
Posts: 12

Rep: Reputation: Disabled
become a root wiht public key access


Hello Everyone,

I have a question about how to give sudo privileges to a user that log in via public key without password.

I created a normal user and I added this user to the "visudo" folder with ALL privileges.

when the user is logged in the system via public key and the user wants to become a root, a password is requested but i don't want to type the password.

Also to add the public key to the root it is not possible because i track the user log in in the system and if they log via root i cannot do that.

Thank you in advance.
 
Old 02-27-2015, 08:25 AM   #2
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,008

Rep: Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621
Why do you not want them to type the password? If you man sudo I think it will tell you how to use the "nopasswd" option (I think that is the name) if you need it.
 
Old 02-27-2015, 09:32 AM   #3
NerdGZ
LQ Newbie
 
Registered: Feb 2014
Posts: 12

Original Poster
Rep: Reputation: Disabled
Hi,

Well if you already connect via public key and then you need to write a password it sounds strange to me, also i cannot disable the connection via password because some other users are already using that.

it works if i add on the "visudo" file %group ALL=(ALL) NOPASSWD: ALL

Also i needed to disable the password for the user. passwd -l username

Thanks a lot!!
 
Old 02-27-2015, 10:01 AM   #4
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,008

Rep: Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621
Quote:
Originally Posted by NerdGZ View Post
Hi,

Well if you already connect via public key and then you need to write a password it sounds strange to me...
Why? It seems strange to me not to ask for a password when running something as root.
 
Old 02-27-2015, 10:29 AM   #5
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 5,028

Rep: Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845
this worx for me:
Code:
[schneidz@mom ~]$ sudo cat /etc/sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
## 
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using 
## wildcards for entire domains) or IP addresses instead.
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear. 
#         You have to run "ssh -t hostname sudo <cmd>".
#
Defaults    requiretty

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on 
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## 	user	MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere 
root	ALL=(ALL) 	ALL

## Allows members of the 'sys' group to run networking, software, 
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
#%wheel	ALL=(ALL)	ALL

## Same thing without a password
 %wheel	ALL=(ALL)	NOPASSWD: ALL

## Allows members of the users group to mount and unmount the 
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
[schneidz@mom ~]$ groups
schneidz wheel
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Public key authentication works for root not for users sanjay87 Linux - Server 6 03-08-2012 12:49 AM
SSH skips public key authentication for a key, but works with another key simopal6 Linux - General 1 07-06-2011 09:33 AM
[SOLVED] ssh public key login doesn't work as root user confconf Fedora 6 04-06-2011 04:08 PM
ssh public key auth without root acces possible ? mrbiomathe Linux - Newbie 2 11-29-2009 03:11 PM
SSH access method: public-key + password together.... MCD555 Linux - Security 4 05-27-2009 03:46 AM


All times are GMT -5. The time now is 10:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration