LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-12-2015, 01:39 PM   #1
linuxmantra
Member
 
Registered: Dec 2013
Posts: 104

Rep: Reputation: Disabled
sudo


I need to give sudo access to su to root to a normal user. I enetered following lines on sudoers file

txqz ALL=NOPASSWD:/bin/su - root

When I do following, I can easily switch to root user.
[root@lab-serve ~]# su - txqz
[txqz@lab-serve ~]$ sudo su - root
[root@lab-serve ~]#

BUT...When I do followig, I got the error as shown below.
[root@lab-serve ~]# su - txqz
[txqz@lab-serve ~]$ sudo su -
[sudo] password for txqz:

Any suggestion.What's the reason for this??

Last edited by linuxmantra; 10-12-2015 at 01:41 PM.
 
Old 10-12-2015, 04:48 PM   #2
ondoho
Senior Member
 
Registered: Dec 2013
Posts: 4,176

Rep: Reputation: 837Reputation: 837Reputation: 837Reputation: 837Reputation: 837Reputation: 837Reputation: 837
the system is doing what you told it to.

how about you shorten the entry in sudoers to
Code:
txqz ALL=NOPASSWD:/bin/su
 
Old 10-12-2015, 05:04 PM   #3
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,200

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
ondoho is right, computers are stupid, they do exactly what they are told, nothing more, nothing less, the trick is understanding what it is you want it to do and how to get it to do that.

your example only allows

Code:
$ su - root
what you wanted was ohndo's example, which allows any permutation of the su command
 
Old 10-13-2015, 03:38 PM   #4
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 302
Blog Entries: 7

Rep: Reputation: 44
Quote:
Originally Posted by ondoho View Post
the system is doing what you told it to.

how about you shorten the entry in sudoers to
Code:
txqz ALL=NOPASSWD:/bin/su
I agree with both ondoho and frieza, you need to change your script so that root is not the only one mentioned. The variable that ondoho gave you will basically give global permissions, there is no need for anything else I think.

Cheers,
Nbiser
 
Old 10-13-2015, 05:15 PM   #5
markhahn
LQ Newbie
 
Registered: Jan 2011
Posts: 14

Rep: Reputation: 4
But isn't using sudo to permit open su is kind of defeating the whole point of sudo?

Is it true that you can't have txqz do "sudo -u victim /bin/whatever" commands directly?
If you're willing to give up the value adds of sudo, then why not just allow txqz to "sudo bash", perhaps with something like:

Cmnd_Alias SHELLS = /usr/bin/bash
txqz ALL=(ALL) NOPASSWD: SHELLS

regards, mark hahn.
 
1 members found this post helpful.
Old 10-13-2015, 05:19 PM   #6
Emerson
LQ Guru
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 5,872

Rep: Reputation: Disabled
Plain sudo -i will make you root.
 
Old 10-13-2015, 08:20 PM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Quote:
But isn't using sudo to permit open su is kind of defeating the whole point of sudo?
In the general case yes; I blame Ubuntu for encouraging that.

If you have multiple admins on the same box, it can be handy in order to have sudo log who actually ran which cmds, although in that case you should consider having the logs sent to another secure box to prevent alteration...
 
1 members found this post helpful.
Old 10-13-2015, 08:41 PM   #8
Randicus Draco Albus
Senior Member
 
Registered: May 2011
Location: Hiding somewhere on planet Earth.
Distribution: OpenBSD
Posts: 1,644
Blog Entries: 8

Rep: Reputation: 577Reputation: 577Reputation: 577Reputation: 577Reputation: 577Reputation: 577
Quote:
Originally Posted by markhahn View Post
But isn't using sudo to permit open su is kind of defeating the whole point of sudo?
Yes, but ...
Quote:
chrism01
In the general case yes; I blame Ubuntu for encouraging that.
The problem is many people believe they are supposed to use sudo, but do not "bother" to research what sudo is and what it was designed to do. One example of potential use is:
Quote:
If you have multiple admins on the same box, it can be handy in order to have sudo log who actually ran which cmds
Unfortunately, Ubuntu and its derivatives have encouraged many people to believe that sudo is supposed to replace root log-in. Personally, I believe removing the need for a password to access root defeats the purpose of having root, but that is a different topic of discussion.
 
Old 10-14-2015, 01:22 AM   #9
markhahn
LQ Newbie
 
Registered: Jan 2011
Posts: 14

Rep: Reputation: 4
using sudo wrong is always relevant to using sudo!

IMO, security bad-practice is always relevant to point out...
 
Old 10-14-2015, 01:35 AM   #10
Randicus Draco Albus
Senior Member
 
Registered: May 2011
Location: Hiding somewhere on planet Earth.
Distribution: OpenBSD
Posts: 1,644
Blog Entries: 8

Rep: Reputation: 577Reputation: 577Reputation: 577Reputation: 577Reputation: 577Reputation: 577
I thought I was agreeing with you.
 
Old 10-14-2015, 11:51 AM   #11
pwl256
LQ Newbie
 
Registered: Aug 2015
Posts: 1

Rep: Reputation: Disabled
I am not clear which linux distribution you have,
but in Red Hat based ones, you need to have the users in the 'wheel' group
and then this goes away
 
Old 10-14-2015, 01:37 PM   #12
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,825

Rep: Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408
"su -" ( the shortcut to "su -l root" )
and
"su"

do two very different things

you really do not want them the same

and WHY would you want to use sudo to use su ????
 
Old 10-14-2015, 01:41 PM   #13
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,200

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
john vv has a point,

Code:
$ sudo -i
gives you an interactive shell as root
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo: effective uid is not 0, is sudo installed setuid root? awladnas Linux - Newbie 10 08-30-2014 07:03 PM
Question about the sudo command, specifically how to have sudo act as if user is root slacker_ Linux - Newbie 17 09-22-2013 04:48 PM
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
Unable to redirect all sudo messages to /var/log/sudo driftwood Linux - Server 2 10-18-2012 05:34 AM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM


All times are GMT -5. The time now is 10:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration