LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-13-2009, 02:16 AM   #1
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,461
Blog Entries: 6

Rep: Reputation: 51
Sudo Doubt?


I have a RHEL Machine on which I want a user be allowed to run a command through sudo.When I tried attempting :

Code:
ryder  localhost=(ALL) /bin/ls
It dint work.

But when I tried :
Code:
ryder ALL=/bin/ls
It worked !!

Why so? Since I am on the same machine why the former entry dint work.

How Can I specify NOPASSWD entry correct format?

Last edited by your_shadow03; 05-13-2009 at 02:56 AM.
 
Old 05-13-2009, 01:23 PM   #2
jphilput
Member
 
Registered: Nov 2007
Posts: 58

Rep: Reputation: 15
I'm not 100% certain on why it didn't work, rather than giving you a syntax error when you used

Code:
ryder  localhost=(ALL) /bin/ls
I think that the reason it failed is this, the line that you entered, told localhost that the user ryder as allowed to run the command (ALL) /bin/ls. It may have thought this becasue the correct syntax for specifying a machine and a command would be

Code:
ryder localhost=/bin/ls
Now that you have it working, all you need to do to allow the NOPASSWD option is to enter a line like this:

Code:
ryder ALL=    NOPASSWD: /bin/ls
That will allow the user ryder to run /bin/ls as root without a password. no other commands will be allowed to be run as via sudo for this user.

Last edited by jphilput; 05-13-2009 at 01:24 PM.
 
Old 05-13-2009, 01:43 PM   #3
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Actually, there are two syntaxes for specifying who can do what where:

Code:
user MACHINE=COMMANDS
and

Code:
user MACHINE=(asUSER) COMMANDS
In the first, the commands will always run as root. In the second, the asUSER is a list of users that the user can run the command as (separated by commas) or ALL for all users. This allows you to do things like:

Code:
sudo -u anotheruser ls
Now, on to why localhost didn't work. The sudo command looks at the output of hostname and compares that to what is in the sudoers file (ok, it doesn't actually run the hostname command, but the info it gets is the same). You have specified the hostname in the sudoers file as localhost and this isn't the same for sudo. Remember, the reason for being able to specify specific machines it so that you can limit which machines a person can run specific commands on in situations where the same file is being shared between multiple machines. If sudoers allowed localhost in the config, it would really be the same as putting "ALL" since every machine is localhost to itself.

My guess is the error you got was something like:
Code:
ryder is not allowed to run sudo on ryder-computer.  This incident will be reported.
If you want to be able to run the /bin/ls command as any user on any computer then put

Code:
ryder ALL=(ALL) /bin/ls
HTH

Forrest

Last edited by forrestt; 05-13-2009 at 01:45 PM.
 
Old 05-13-2009, 02:08 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by forrestt
My guess is the error you got was something like:
Code:
ryder is not allowed to run sudo on ryder-computer.  This incident will be reported.
@your_shadow03: This speaks to the "why?" part of your query. You're going to want to check /var/log/secure for clues.
 
Old 05-13-2009, 02:36 PM   #5
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
I'm sorry, I forgot about giving an answer for the no password question. You want:

Code:
ryder ALL=(ALL) NOPASSWD: /bin/ls
HTH

Forrest
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 08:12 PM
sudo blkid vs. sudo fdisk -l problems alienexplorers Linux - Newbie 1 01-13-2009 01:35 AM
LXer: sudo, or not sudo: that is the question LXer Syndicated Linux News 0 02-07-2008 06:40 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM


All times are GMT -5. The time now is 06:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration