LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-24-2010, 09:31 AM   #1
redvelo
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Rep: Reputation: 0
Confusion about sudo


Hello,

After adding what I thought were the correct entries in /etc/sudoers so I'd be able to run commands without needing to sudo them, I keep having to. My sudoers file entries look like this:

Code:
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
user_me ALL=(ALL)     ALL

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL
user_me ALL=(ALL)     ALL

## Same thing without a password
%wheel  ALL=(ALL)       NOPASSWD: ALL
user_me ALL=(ALL)     NOPASSWD: ALL
I have also confirmed that I'm a member of the wheel group in /etc/group:

Code:
wheel:x:10:root,user_me
And yet, I still have to sudo to do pretty much anything.

I appreciate any suggestions.
 
Old 09-24-2010, 09:43 AM   #2
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,617

Rep: Reputation: 442Reputation: 442Reputation: 442Reputation: 442Reputation: 442
redvelo,

Just continue sudo without password. If you want to work in terminal without need of sudoing just sudo to root and work:

redvelo@host--$ sudo -i (or 'sudo -su')
Password: <Enter>

you continue executing everything as superuser.

If at all you really need to avoid sudoing you can activate 'root' account and login as 'root', by that no more sudoing is necessary.

What you are doing is truly dangerous according to current standards of defensive security. But I believe you know what you are doing.
 
Old 09-24-2010, 11:17 AM   #3
redvelo
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks for the info, malekmustaq.

I'd really rather not be root for anything on the server, so I thought that adding myself to the wheel group would allow me to run things as root without actually being root, but maybe I misunderstand?

Thannks again.
 
Old 09-24-2010, 11:50 AM   #4
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,617

Rep: Reputation: 442Reputation: 442Reputation: 442Reputation: 442Reputation: 442
redvelo,

Just in case you forgot to re-edit psswd and sudoer files: If you don't need it anymore you may remove your membership to GID "wheels", your entry to sudoer ALL is enough.

Good luck and enjoy.
 
Old 09-24-2010, 12:09 PM   #5
nuwen52
Member
 
Registered: Feb 2009
Distribution: Debian, CentOS 5, Gentoo, FreeBSD, Fedora, Mint, Slackware64
Posts: 208

Rep: Reputation: 46
The only entries I think you should need is this:

Code:
user_me        ALL=(ALL)       NOPASSWD: ALL
%wheel  ALL=(ALL)       ALL
The other entries might just be confusing things. The leading "%" means "group" (I'm pretty sure about that). So, what this does is set you to not needing a password and all users in the wheel group will need a password. You can set them to no password also, but I would not recommend it. Actually, I don't recommend you not needing a password either, but there are cases where that could be useful. General rule for me is to limit "NOPASSWD" to as few people as possible, if it is needed at all.
 
Old 09-24-2010, 12:22 PM   #6
redvelo
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks nuwen52 & malekmustaq,

I went ahead and tried something. I've removed myself totally from sudoers. But, it seems that being a member of the wheel group covers me for being able to sudo all commands by virtue of this line in sudoers? In other words, being a member of wheel makes it unnecessary for me to be specified at all in sudoers.

Code:
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL
Is that correct?

Thanks again.
 
Old 09-24-2010, 12:25 PM   #7
nuwen52
Member
 
Registered: Feb 2009
Distribution: Debian, CentOS 5, Gentoo, FreeBSD, Fedora, Mint, Slackware64
Posts: 208

Rep: Reputation: 46
That should allow all users in the wheel group to run programs with sudo, and they will need a password. And, since you are a member of wheel, this will work. So, the short answer, is yes. Personally, I would go with the single entry for just you. But, that's up to you.

Last edited by nuwen52; 09-24-2010 at 12:28 PM.
 
Old 09-24-2010, 12:29 PM   #8
redvelo
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Great, thanks for the clarification.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 08:12 PM
sudo blkid vs. sudo fdisk -l problems alienexplorers Linux - Newbie 1 01-13-2009 01:35 AM
LXer: sudo, or not sudo: that is the question LXer Syndicated Linux News 0 02-07-2008 06:40 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM


All times are GMT -5. The time now is 07:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration