LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-08-2012, 09:09 AM   #1
tezarin
Member
 
Registered: Nov 2007
Posts: 133

Rep: Reputation: 0
How to remove a user from Sudoer list?


Hi,

I added a user to the sudoer list by running command below and now I need to undo that. Can someone please let me know how I can do that?

This is the command I ran:
Code:
echo 'username ALL=(ALL) ALL' >> /etc/sudoers
Thank you
 
Old 03-08-2012, 09:16 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
just edit the file as root and delete the line however you see fit.
 
Old 03-08-2012, 09:18 AM   #3
-Fay-
LQ Newbie
 
Registered: Mar 2012
Posts: 15

Rep: Reputation: 0
login as root, or su and run
Code:
visudo
after that just comment out the line with the user in it, or remove the line entirely.
 
Old 03-08-2012, 09:22 AM   #4
devUnix
Member
 
Registered: Oct 2010
Location: Bengaluru, India
Distribution: RHEL 5.1 on My PC, & SunOS / Sun Solaris, RHEL, SuSe, Debian, FreeBSD and other Linux flavors @ Work
Posts: 576

Rep: Reputation: 48
It's never a good practice nor a recommended method to directly edit the "/etc/sudoers" file.

Always use "visudo" command to edit the file as "root". In your case, that user name will be at the bottom of the file. So, issue the command:

Code:
su -
visudo
where the first command is to become "root" and the second command is for editing the file in question.

Code:
Hit: Shift and G
to go to the last line and then hit:

Code:
 dd
to delete that line. Next Hit:

Code:
 Shift and :wq
to write/save and quit.
 
Old 03-08-2012, 09:24 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Pfft, editing it directly is fine.
 
Old 03-08-2012, 09:30 AM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,131
Blog Entries: 2

Rep: Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833Reputation: 4833
Quote:
Originally Posted by acid_kewpie View Post
Pfft, editing it directly is fine.
No, it is not. On systems without usable root account, for example Ubuntu, making a mistake in the sudoers file will make sudo unusable. We know how to fix that (using a live system), but someone who has to ask how to delete an user from that file most likely will not. So telling him to use visudo, which checks the file for errors after editing it, is the way to go.
 
Old 03-08-2012, 09:34 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Quote:
Originally Posted by TobiSGD View Post
No, it is not. On systems without usable root account, for example Ubuntu, making a mistake in the sudoers file will make sudo unusable. We know how to fix that (using a live system), but someone who has to ask how to delete an user from that file most likely will not. So telling him to use visudo, which checks the file for errors after editing it, is the way to go.
OK, from that perspective sure. visudo generally seems to be arbitrarily fluff though, but yeah you can clearly lock yourself out if you're clumsy.
 
Old 03-08-2012, 09:35 AM   #8
devUnix
Member
 
Registered: Oct 2010
Location: Bengaluru, India
Distribution: RHEL 5.1 on My PC, & SunOS / Sun Solaris, RHEL, SuSe, Debian, FreeBSD and other Linux flavors @ Work
Posts: 576

Rep: Reputation: 48
Quote:
Originally Posted by TobiSGD View Post
to use visudo, which checks the file for errors after editing it, is the way to go.
Thanks, Guru, to confirm it!
 
Old 03-08-2012, 09:55 AM   #9
tezarin
Member
 
Registered: Nov 2007
Posts: 133

Original Poster
Rep: Reputation: 0
Thanks everyone for the great replies.

I ran the command
Code:
visudo
and noticed the username I added has showed up two times. Now I don't want to change whatever previledges he had before. If he had the ability to sudo before, I would not like to change that. But I can't tell is the first line with his username on it (toward the top) was already in there or it was added after I added him. Can you tell?

Code:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

Runas_Alias     DB = mysql

username        ALL = (DB) NOPASSWD: ALL

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

username ALL=(ALL) ALL
~
Thank you in advance

Last edited by tezarin; 03-08-2012 at 09:59 AM.
 
Old 03-08-2012, 09:58 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
well with the # at the start of the line, it's commented out, so it's not relevant for how sudo is actively working.
 
Old 03-08-2012, 10:00 AM   #11
tezarin
Member
 
Registered: Nov 2007
Posts: 133

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by acid_kewpie View Post
well with the # at the start of the line, it's commented out, so it's not relevant for how sudo is actively working.
My mistake, I just commente out both just to be sure. Let me eidt my post. They're both commented in. Is the last line the one i added meaning the one at the top was already there?
 
Old 03-08-2012, 10:02 AM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
well we've no idea when each line was added, but that top line means they can sudo to run things as the mysql user only, not root. And do it without verifying their own password.
 
Old 03-08-2012, 10:08 AM   #13
tezarin
Member
 
Registered: Nov 2007
Posts: 133

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by acid_kewpie View Post
well we've no idea when each line was added, but that top line means they can sudo to run things as the mysql user only, not root. And do it without verifying their own password.
Doesn't running the command (in my first post) automatically add the user to the end of the list?
 
Old 03-08-2012, 10:09 AM   #14
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
your command is a very boring command. it's doesn't do anything clever, just adds a line of text to a file. It doesn't work at any level of awareness of sudo etc., just text manipulation.
 
Old 03-08-2012, 10:18 AM   #15
tezarin
Member
 
Registered: Nov 2007
Posts: 133

Original Poster
Rep: Reputation: 0
You're right. I will go ahead and comment out the username in both places just to be safe. Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sudoer list Pedroski Fedora 5 09-15-2011 01:55 PM
sudoer list: Fedora 13 ciao303 Linux - Newbie 4 08-11-2010 04:06 AM
Add user to sudoer list but cannot use root commands vitalstrike82 Slackware 3 12-31-2008 08:27 AM
How to make a user a sudoer snakeapple Slackware 14 11-20-2008 12:37 PM
List and remove rpms linuxturtle Linux - General 3 09-24-2003 02:01 AM


All times are GMT -5. The time now is 07:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration