LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-19-2016, 12:03 AM   #1
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Rep: Reputation: Disabled
Sudoers configuration difficulty level


On a scale from 1-10 how difficult is it to configure the Sudoers file? I'm able to understand the man page for Sudoers, but I haven't read all the avaliable options,lists,flags,strings,integers yet, which I think are the values for the default entry.. What I'm confused with is though the difference between the assignment operator = vs +=? And what is a boolean context? And the difference between flags and arguments? And where in Visudo do the default entries go? How do i know what default type a value is? Is Sudo more secure than Linux systems without sudo?? Thanks whoever can help me! What would you say is harder learning the Sudoers or setting up an environment?

Last edited by bluesclues227; 04-19-2016 at 03:38 AM.
 
Old 04-19-2016, 01:25 AM   #2
Michael Uplawski
Member
 
Registered: Dec 2015
Distribution: Debian stretch/sid
Posts: 463
Blog Entries: 16

Rep: Reputation: 314Reputation: 314Reputation: 314Reputation: 314
I am sorry, but not all that you write makes immediate sense.

See here for some good explanations and even examples about the use of sudo and the sudoers-file:
https://www.garron.me/en/linux/visud...lt-editor.html
http://www.softpanorama.org/Access_c...examples.shtml
www.sudo.ws/sudo/sample.sudoers

Quote:
Originally Posted by bluesclues227 View Post
On a scale from 1-10 how difficult is it to configure the Sudoers file?
This question is addressed to people which have all their own experience and scale. Those numbers 1 to 10 correspond to nothing, initially. Our responses would not be helpful in the least.

Quote:
I'm able to understand the man page for Sudoers, but
In the following text, you more or less state that you haven't read it, anyway. If there were problems of comprehension or in the application of the information from the man-page, we could try to help out.

Quote:
What I'm confused with is though the difference between the parameter = vs +=?
If that is from the man-page, I have difficulties to locate +=. Can you give an example or some context?

Quote:
And what in a boolean context?
I do not understand the question. Is there a verb missing or have you mixed-up prepositions? Do you want to know, what is a boolean context? That is a situation which is determined by or produces itself a boolean outcome, that is, a value of either true or false.

Quote:
And the difference between flags and arguments?
Arguments provide values and control the principal functions of a program or command, while the influence of flags is very specifically defined for each program. They sometimes put the complete process in a specific “context” and have thus important consequences for the way it is executed. Sometimes, they are just there to fine-tune some aspects like visual appearance, sorting of results or concern other minor settings. In the sudoers man-page each available flag is explained. You can stick with what's said there.

Quote:
Is Sudo more secure than Linux systems without sudo??
This questions does not make sense. Is a car more secure with security belt than without? I guess not. But if you plan to use a security belt, better make sure, there is one in the first place.

Quote:
What would you say is harder learning the Sudoers or setting up an environment?
dto. What is an environment, to you?
 
Old 04-19-2016, 03:08 AM   #3
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Original Poster
Rep: Reputation: Disabled
Thanks for clearing that up about the flags/arguments in think I get it now... About the = vs += I apologize I made a typo which I have fixed, I meant assignment operator... An example would look like; Defaults env_keep += "DISPLAY HOME" .... As for how the statement "boolean context" was used in a sentence from man sudoers was "Flags are implicitly boolean and can be turned off via the '!' operator. Some integer,string, and list parameters may also be used in a boolean context to disable them." Sorry yes that was another typo I did mean "what is a boolean context" I now fixed it.. But yea anyway that sentence I did not understand, but I think I get it now if boolean means true or false? As for the environment I'm not talking about a shell environment, but instead the environment propagated to all child processes of the shell. I guess this might be an open ended question cuz I don't fully understand what all the variables in env do (when you type env in the command-line)...Therefore idk which variables in my environment I want to turn off,modify or keep.. Would init be considered as part of my environment? I definitely want to modify my init aswell..

Last edited by bluesclues227; 04-20-2016 at 02:59 AM.
 
Old 04-19-2016, 04:21 PM   #4
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Original Poster
Rep: Reputation: Disabled
If anyone else has anything to add to this before it gets bumped that would be great, like frosted corn flakes!
 
Old 04-20-2016, 02:08 AM   #5
Michael Uplawski
Member
 
Registered: Dec 2015
Distribution: Debian stretch/sid
Posts: 463
Blog Entries: 16

Rep: Reputation: 314Reputation: 314Reputation: 314Reputation: 314
I am responding again, but there is at this time little that I can add to my previous remarks. The responsibility is mine, however, as I feel that my response to this discussion renders it less attractive to other users who had maybe something else to contribute.

The difficulties that you have sometimes touch the basics and must be addressed before you consecrate time and effort for more complicated things. I would not say, that configuring sudo is such a complicated task, but this depends on everybody's individual background and inclinations. All I can try is dissect one by one some points that I can identify in your posts. Pay attention to the fact, that I am not a native English-speaker and might miss some subliminally transmitted information in what you write and try to be very exact in my expression, else this will end in chaos.

Quote:
Originally Posted by bluesclues227 View Post
About the = vs += I apologize I made a typo which I have fixed, I meant assignment operator... An example would look like; Defaults env_keep += "DISPLAY HOME" ....
For the time I ignore the origin and context of this example, but these operators are of such general nature, that I have no problem to explain them.
As you know, the equal sign does often times accomplish the assignment of a value to a variable. In programming and shell-operations this is always the case. And it will not surprise you, that after hitting return behind
Code:
user@machine:~$ export MyVar='something'
you can execute
Code:
user@machine:~$ echo $MyVar
and retrieve the value 'something'.
The other operator += does something quite similar: Either it just adds the value to an existing, already initialized variable (that already carries a value) or it does a concatenation of the existing and the new value, then assigns the result anew to a variable of the same name. The result is the same:
Code:
user@machine:~$ MyVar+=' else'
user@machine:~$ echo $MyVar
something else
You can say: It appends, then assigns. If this makes it easier for you, remember it this way.

Code:
But yea anyway that sentence I did not understand, but I think I get it now if boolean means true or false?
English is an awesome language, as is not obvious for the native speakers, nor for those who only use it sparsely. boolean is probably an adjective, like in the previous “boolean context”. But it can be a noun, too. When it is a noun, I can only understand it in the context of programming (or IT in general). There, it means a data-type. You wrote about integers. Integers, booleans and characters (strings, too) are just data-types and when aligned like this, in importance and significance each one is the equal of the other. Integers mean a type of numbers, booleans just something, meaning “true” or “false”. What means “true” and what means “false” is not imposed by the word “boolean”. As a diversity of values can be used “in a boolean context”, this generalization is quite important, when you discuss concepts rather than code or concrete examples.

Quote:
As for the environment I'm not talking about a shell environment, but instead the environment propagated to all child processes of the shell
.
You know... in this discussion you cross technological universes in a way that requires others to build spaceships or cook space-pizzas... After such a phrase, I cannot be sure to grasp the amount of understanding that is already present on your side. For fear of ridicule, I will just ignore the remark completely.

Quote:
Would init be considered as part of my environment? I definitely want to modify my init aswell..
dito. And what would be “init” for you?

Last edited by Michael Uplawski; 04-20-2016 at 10:55 AM. Reason: missing 'in a way' added
 
Old 04-20-2016, 04:41 AM   #6
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Original Poster
Rep: Reputation: Disabled
Thanks alot Michael for clearing that up, I had already Googled boolean before, and it comes up with all these math explanations that were confusing for me to understand. Just a simple true or false makes alot more sense. I feel this is a topic where nobody wants to help as there's quite alot that goes into the sudoers file... Ok so now I understand the difference between = and += thanks to you. It does say in my sudoers man pages "Lists have two additional assignment operators, += and -=" so it makes sense with what you said.. But I'm slightly confused with the entry: Defaults env_keep += "DISPLAY HOME" which is just an example from man sudoers. I don't understand why "DISPLAY HOME" is enclosed in quotes? In man sudoers it gives a brief explanation "Values may be enclosed in double quotes when they contain multiple words." So is DISPLAY HOME two values, or one value with multiple words? I thought it was two values making it a list hence why it uses the += operator, but since it's enclosed in quotes it seems to be one value with multiple words, and if it is only one value why does it use the += operator? You may have already explained why this is so, I probably just need to put more thought power into it. As for spaceships and space pizzas, I don't think that's above the scope lol. Cause in GNU/Linux everything is either a file or process, (so I been told) and basically I was just talking about shell variables which are restrained to the type of shell you're using, and environment variables which affect all child processes of the shell. Init is the very first process to start, and thus the main parent process in which enables all other processes to spawn. Naturally I would want to configure my init to control what I want to spawn... I don't even know why I asked if init is part of the environment cause it has to be, but I'm baffled why it's not labeled when you type env... Thanks again for your help though man!!!
 
Old 04-20-2016, 09:44 AM   #7
Michael Uplawski
Member
 
Registered: Dec 2015
Distribution: Debian stretch/sid
Posts: 463
Blog Entries: 16

Rep: Reputation: 314Reputation: 314Reputation: 314Reputation: 314
Quote:
Originally Posted by bluesclues227 View Post
"Values may be enclosed in double quotes when they contain multiple words." So is DISPLAY HOME two values, or one value with multiple words?
This question is not bad at all. But lists of values usually use a kind of item-separator and as far as I remember, the space-character is never chosen for that role, rather commas, semicolons and colons (like in the PATH-variable). So the quotes usually serve to keep two words together to create 1 single value. On the command-line you have two options to do alike, and this can help. You can assign a multi-word value with quotes:
Code:
MyVar="stuff like that"
or mask the spaces from the shell:
Code:
MyVar=stuff\ like\ that
The result is exactly the same in both cases and I venture that you can use the same syntax-variants in the sudoers-file.

Last edited by Michael Uplawski; 04-21-2016 at 01:57 AM.
 
Old 04-20-2016, 10:16 AM   #8
alberich
Member
 
Registered: Apr 2016
Location: Bavaria
Distribution: Slackware
Posts: 140

Rep: Reputation: Disabled
Go to terminal.

Issue "su" command and give root password.

Type "visudo", press Enter.

Find the following section:
Code:
## User privilege specification
##
root ALL=(ALL) ALL
Press "insert" key (at least I have to do it, so my editor Elvis will accept insetion of new text).

Append this with your correct user name you want to grant sudo rights:

Code:
veryniceuser ALL=(ALL) ALL
Press Escape, press ":", type "save /etc/sudoers", press Enter. (probably depends which text editor your distro uses for visudo. Saving the file could be different potentially.

Done.

If you like, you could also uncomment the section, where the right is granted to the group "sudo". Then probably/obviously the user in question has to be added to this group.

Code:
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL

Last edited by alberich; 04-20-2016 at 10:20 AM.
 
Old 04-20-2016, 10:25 AM   #9
alberich
Member
 
Registered: Apr 2016
Location: Bavaria
Distribution: Slackware
Posts: 140

Rep: Reputation: Disabled
Visudo seems to be mereley a script, that launches the "/etc/sudoers" file in a standard text editor, and allows saving of the file only when the syntax is met correctly.
 
Old 04-21-2016, 12:59 AM   #10
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Michael Uplawski View Post
This question is not bad at all. But lists of values usually use a kind of item-separator and as far as I remember, the space-character is never chosen for that role, rather commas, semicolons and colons (like in the PATH-variable). So the quotes usually serve to keep two words together to create 1 single value. On the command-line you have two options to do alike, and this can help. You can assign a multi-word variable with quotes:
Code:
MyVar="stuff like that"
or mask the spaces from the shell:
Code:
MyVar=stuff\ like\ that
The result is exactly the same in both cases and I venture that you can use the same syntax-variants in the sudoers-file.
So I think it's just 2 values, which need each other to work, and probably why it's just considered 1 value.. I hope my reasoning serves me correct... But you cleared some stuff up for me nevertheless thanks once again bro!

Last edited by bluesclues227; 04-21-2016 at 01:00 AM.
 
Old 04-21-2016, 01:02 AM   #11
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by alberich View Post
Go to terminal.

Issue "su" command and give root password.

Type "visudo", press Enter.

Find the following section:
Code:
## User privilege specification
##
root ALL=(ALL) ALL
Press "insert" key (at least I have to do it, so my editor Elvis will accept insetion of new text).

Append this with your correct user name you want to grant sudo rights:

Code:
veryniceuser ALL=(ALL) ALL
Press Escape, press ":", type "save /etc/sudoers", press Enter. (probably depends which text editor your distro uses for visudo. Saving the file could be different potentially.

Done.

If you like, you could also uncomment the section, where the right is granted to the group "sudo". Then probably/obviously the user in question has to be added to this group.

Code:
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
I kinda already knew this, I just haven't experimented with it yet.. I'm already thinking about how many commands there are,where I can find those commands,which commands should I restrict and make aliases for,how many groups and users I need to do this etc...

Last edited by bluesclues227; 04-21-2016 at 01:04 AM.
 
Old 04-21-2016, 02:00 AM   #12
Michael Uplawski
Member
 
Registered: Dec 2015
Distribution: Debian stretch/sid
Posts: 463
Blog Entries: 16

Rep: Reputation: 314Reputation: 314Reputation: 314Reputation: 314
Quote:
Originally Posted by bluesclues227 View Post
So I think it's just 2 values, which need each other to work, and probably why it's just considered 1 value.. I hope my reasoning serves me correct... But you cleared some stuff up for me nevertheless thanks once again bro!
Sorry, I made a type in my post, it should read “assign a multi-word value”. The motivation for masking spaces or using quote-marks is to make 1 value from several words. But as regards the effect of a mere '+=' operator, you are probably right, else there should be a separating symbol of a kind between the values.
 
Old 04-21-2016, 02:16 AM   #13
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Michael Uplawski View Post
Sorry, I made a type in my post, it should read “assign a multi-word value”. The motivation for masking spaces or using quote-marks is to make 1 value from several words. But as regards the effect of a mere '+=' operator, you are probably right, else there should be a separating symbol of a kind between the values.
Ahh okay got it, good stuff man thanks again!
 
Old 04-21-2016, 02:24 AM   #14
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,196
Blog Entries: 3

Rep: Reputation: 993Reputation: 993Reputation: 993Reputation: 993Reputation: 993Reputation: 993Reputation: 993Reputation: 993
If you want an in-depth coverage of sudoers, then the Michael W Lucas book Sudo Mastery: User Access Control for Real People from 2013 is very useful. It's a little terse but then the advantage of that is that it is very informative. It covers pretty much all aspects of configuring or using sudo.
 
Old 04-21-2016, 02:35 AM   #15
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
If you want an in-depth coverage of sudoers, then the Michael W Lucas book Sudo Mastery: User Access Control for Real People from 2013 is very useful. It's a little terse but then the advantage of that is that it is very informative. It covers pretty much all aspects of configuring or using sudo.
Sweet I've watched a YouTube video of Michael Lucas about BSD... Do you know if that book is geared solely towards sys admins? Cause I realize computer networks for a company would need less permission restrictions, than someone who just wants to lock down his own personal laptop..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudoers configuration hmadhi Linux - Security 1 11-21-2011 04:34 PM
Difficulty level of lpi101 vinaytp Linux - Newbie 2 09-27-2011 11:37 PM
sudoers configuration problem xcoldfyrex Linux - Software 10 06-09-2010 04:47 AM
sudoers file configuration torrent55 Debian 2 11-04-2008 03:10 AM
samba configuration's difficulty danhhieu Linux - Networking 1 01-19-2007 04:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration