LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-18-2014, 05:44 AM   #1
DougBain
LQ Newbie
 
Registered: Oct 2014
Posts: 17

Rep: Reputation: Disabled
How does sudoers work?


Using visudo, I've set up (or thought I had) to allow an ordinary user to run wvdial (to connect to the internet via a dongle).

The relevant lines are:

# User privilege specification
root ALL=(ALL:ALL) ALL
dougb vpscb=/usr/bin/wvdial
irene vpcsb=/usr/bin/wvdial

As an ordinary user dougb can call 'sudo wvdial' and it works, but dougb is also administrator.
when irene (non-adminstrator) logs in and calls 'sudo wvdial' she gets the message that she doesn't have permission to run /usr/bin/wvdial.

What's wrong? What should the line for irene be?
 
Old 10-18-2014, 05:55 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,121

Rep: Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270
what does "dougb is also administrator" mean? If it has 0 uid it is root as well.
irene should try sudo /usr/bin/wvdial
 
Old 10-18-2014, 06:15 AM   #3
DougBain
LQ Newbie
 
Registered: Oct 2014
Posts: 17

Original Poster
Rep: Reputation: Disabled
Sorry,I meant that dougb had setup the OS and created the user 'irene'. In Linux Mint 17 MATE dougb is a user with administrator privileges, but has to enter his (user/root) password to carry out administrator tasks or 'su' in a terminal. The actual root password created by the system is never revealed even to an administrator.

The problem is that for irene,
sudo wvdial or
sudo /usr/bin/wvdial

get turned down with the error message
 
Old 10-18-2014, 07:46 AM   #4
TxLonghorn
Member
 
Registered: Feb 2004
Location: Austin Texas
Distribution: Mandrake 9.2
Posts: 569

Rep: Reputation: 183Reputation: 183
dougb can make irene a member of the sudo group

sudo usermod -aG sudo irene

Last edited by TxLonghorn; 10-18-2014 at 08:06 AM.
 
Old 10-18-2014, 08:19 AM   #5
GazL
Senior Member
 
Registered: May 2008
Posts: 4,084
Blog Entries: 1

Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
Assuming 'vpcsb' is the host and wvdial has to run as root.
Code:
irene vpcsb=(root) /usr/bin/wvdial
Unless you're sharing the sudoers file across multiple host machines, I'd suggest replacing the vpcsb= with 'ALL='. That way you won't get any nasty surprises if you ever change the hostname.

You might also want to consider adding NOPASSWD: in this case. So,
Code:
irene ALL=(root) NOPASSWD: /usr/bin/wvdial

Given that you've got multiple users you may even want to consider use of a user_alias:
Code:
User_Alias  WVDIALERS = dougb, irene
WVDIALERS ALL=(root) NOPASSWD: /usr/bin/wvdial
 
Old 10-18-2014, 11:23 AM   #6
DougBain
LQ Newbie
 
Registered: Oct 2014
Posts: 17

Original Poster
Rep: Reputation: Disabled
Thanks, TxLonghorn and GazL.

irene vpscb=(root) /usr/bin/wvdial I had already tried and got the usual refusal.

The WVDIALERS alias fitted my needs very well, so I tried that. Visudo didn't like NOPASSWD, regarding it as a syntax error; but without NOPASSWD: was OK; and it works fine.

Many thanks!
 
Old 10-19-2014, 07:09 AM   #7
wizard10000
LQ Newbie
 
Registered: Jun 2014
Location: midwestern us
Distribution: debian unstable
Posts: 17

Rep: Reputation: Disabled
Why would you not just add the users to the dialout group?
 
Old 10-19-2014, 08:12 AM   #8
DougBain
LQ Newbie
 
Registered: Oct 2014
Posts: 17

Original Poster
Rep: Reputation: Disabled
Pass?
Could you be more explicit?
 
Old 10-19-2014, 09:28 AM   #9
wizard10000
LQ Newbie
 
Registered: Jun 2014
Location: midwestern us
Distribution: debian unstable
Posts: 17

Rep: Reputation: Disabled
https://wiki.archlinux.org/index.php..._dialout_group

and -

http://forums.techguy.org/linux-unix...vdial-not.html

good luck!
 
Old 10-19-2014, 11:44 AM   #10
DougBain
LQ Newbie
 
Registered: Oct 2014
Posts: 17

Original Poster
Rep: Reputation: Disabled
wizard10000 - many thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora /etc/sudoers file and sudoers.d directory davejjj Linux - Newbie 2 10-21-2011 07:19 PM
[SOLVED] Sudoers will not work r2g2btru Linux - Server 8 06-01-2011 12:45 AM
Adding command privilege to /etc/sudoers doesn't work for some programs CJS Linux - General 9 05-13-2008 12:08 PM
grrrrrrrrrrrrrrrrrrrr sudoers wont work dave`2005 Linux - Newbie 4 03-12-2006 10:00 PM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 06:03 PM


All times are GMT -5. The time now is 10:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration