LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-04-2008, 11:35 AM   #1
zeeple
Member
 
Registered: Sep 2006
Distribution: Fedora 8, RHEL 5
Posts: 62

Rep: Reputation: 15
Help with sudo and sudoers


My understanding of sudo is that it is used to allow you to perform a task as if you were the root user. So a file like this one:

-rw-r--r-- 1 root root 20 Dec 3 18:27 /etc/resolv.conf

which has rw permissions for root only, if I wanted to modify that file I would need to do something like:

$ sudo echo 'nameserver 10.0.0.1' > resolv.conf

After which I would be prompted for my creds and I would be allowed to overwrite the file even though my user has no explicit permissions to do so.

Similarly, if I want to be able to do this non-interactively, say in a php script through apache, I need to have a line similar to this one in the sudoers file:

apache ALL= NOPASSWD: /usr/sbin/netconfig, /bin/rm, /sbin/service, /bin/echo

This is my understanding anyway. The problem I am running into is that my php script is not working for the echo command. However, there are two undesirable work arounds I can do to make it work:

1. chown apache.apache /etc/resolv.conf

2. chmod 666 /etc/resolv.conf

I don't like either solution, even though I have tested them both and they do indeed mitigate the problem I am having. I would rather get the sudo command working as it should. Does anyone here have any suggestions?
 
Old 12-04-2008, 10:41 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
IMO the traditional Unix way to do this would be to change the group ownership of the file to apache leaving the user ownership as root. There is absolutely nothing wrong with this solution. Also, it is much better than setting NOPASSWD on any user account in the sudoers file. I agree that changing the permissions to 666 is not acceptable.
Code:
chgrp apache /etc/resolv.conf
 
Old 12-06-2008, 12:51 PM   #3
zeeple
Member
 
Registered: Sep 2006
Distribution: Fedora 8, RHEL 5
Posts: 62

Original Poster
Rep: Reputation: 15
Thanks for the tip, thats a very good way to go about it. What I decided to do in the end was rearrange the command that modifies the file. What I was doing was trying to sudo echo, which is clearly wrong since that is not a command that is restricted to root. Anyone can echo. However, my thinking was that if I echoed as root I'd be able to modify the file. This wasn't working so I did this instead, at the advice of someone over at the ubuntu forums:

echo 'nameserver 10.0.0.1' | sudo tee /etc/resolv.conf

I like your idea of changing the group ownership though.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Preventing Sudoers from doing sudo su DejaCpp Linux - Security 4 12-22-2007 05:47 AM
sudo not working, sudoers edited DIGITAL39 Linux - Newbie 2 12-18-2006 07:59 AM
Configuring SUDO for users, a.k.a. sudoers Micro420 Linux - Newbie 10 04-22-2006 12:12 AM
Sudo password for users, a.k.a. sudoers Micro420 SUSE / openSUSE 2 04-21-2006 10:23 PM
sudo and sudoers syntax mikemrh9 Linux - Security 7 06-04-2005 08:54 PM


All times are GMT -5. The time now is 04:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration