LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Confusion about sudo (https://www.linuxquestions.org/questions/linux-newbie-8/confusion-about-sudo-834247/)

redvelo 09-24-2010 08:31 AM
Confusion about sudo
 
Hello,

After adding what I thought were the correct entries in /etc/sudoers so I'd be able to run commands without needing to sudo them, I keep having to. My sudoers file entries look like this:

Code:
## Allow root to run any commands anywhere
root    ALL=(ALL)      ALL
user_me ALL=(ALL)    ALL

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)      ALL
user_me ALL=(ALL)    ALL

## Same thing without a password
%wheel  ALL=(ALL)      NOPASSWD: ALL
user_me ALL=(ALL)    NOPASSWD: ALL
I have also confirmed that I'm a member of the wheel group in /etc/group:

Code:
wheel:x:10:root,user_me
And yet, I still have to sudo to do pretty much anything.

I appreciate any suggestions.

malekmustaq 09-24-2010 08:43 AM
redvelo,

Just continue sudo without password. If you want to work in terminal without need of sudoing just sudo to root and work:

redvelo@host--$ sudo -i (or 'sudo -su')
Password: <Enter>

you continue executing everything as superuser.

If at all you really need to avoid sudoing you can activate 'root' account and login as 'root', by that no more sudoing is necessary.

What you are doing is truly dangerous according to current standards of defensive security. But I believe you know what you are doing.

redvelo 09-24-2010 10:17 AM
Thanks for the info, malekmustaq.

I'd really rather not be root for anything on the server, so I thought that adding myself to the wheel group would allow me to run things as root without actually being root, but maybe I misunderstand?

Thannks again.

malekmustaq 09-24-2010 10:50 AM
redvelo,

Just in case you forgot to re-edit psswd and sudoer files: If you don't need it anymore you may remove your membership to GID "wheels", your entry to sudoer ALL is enough.

Good luck and enjoy.

nuwen52 09-24-2010 11:09 AM
The only entries I think you should need is this:

Code:
user_me        ALL=(ALL)      NOPASSWD: ALL
%wheel  ALL=(ALL)      ALL
The other entries might just be confusing things. The leading "%" means "group" (I'm pretty sure about that). So, what this does is set you to not needing a password and all users in the wheel group will need a password. You can set them to no password also, but I would not recommend it. Actually, I don't recommend you not needing a password either, but there are cases where that could be useful. General rule for me is to limit "NOPASSWD" to as few people as possible, if it is needed at all.

redvelo 09-24-2010 11:22 AM
Thanks nuwen52 & malekmustaq,

I went ahead and tried something. I've removed myself totally from sudoers. But, it seems that being a member of the wheel group covers me for being able to sudo all commands by virtue of this line in sudoers? In other words, being a member of wheel makes it unnecessary for me to be specified at all in sudoers.

Code:
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)      ALL
Is that correct?

Thanks again.

nuwen52 09-24-2010 11:25 AM
That should allow all users in the wheel group to run programs with sudo, and they will need a password. And, since you are a member of wheel, this will work. So, the short answer, is yes. Personally, I would go with the single entry for just you. But, that's up to you.

redvelo 09-24-2010 11:29 AM
Great, thanks for the clarification.


All times are GMT -5. The time now is 09:23 PM.