LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-11-2007, 10:52 AM   #1
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Fedora 14, Ubuntu , Slax 5.1.8, OpenSolaris, Centos 4.8
Posts: 296

Rep: Reputation: 30
Sudoers syntax clarification.


Hi there,
Something odd which occured when I edited the "sudoers" file and I was wondering if its behaviour could be explained. It was on a Ubuntu 7.04 server box.
Correct me if I'm wrong but in the following syntax :

Code:
uncle ALL=(uncle) /sbin/fdisk
uncle - user

ALL - any machine

(uncle) - user which the command is run as

When I log in as user "uncle" and run sudo fdisk -l the command runs perfectly.

However, I was playing around with the syntax and this also works !

Code:
uncle uncle= /sbin/fdisk
On first glance I assumed that it meant that user uncle can run the command on machine uncle. Could someone kindly explain why this works as well ?

Cheers,
Uncle

Last edited by uncle-c; 11-11-2007 at 11:03 AM.
 
Old 11-11-2007, 11:41 AM   #2
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,036

Rep: Reputation: 96
As I understand it, your first sudo command should have failed with an error stating something like:

"Sorry, user uncle is not allowed to execute /sbin/fdisk as root"

The second example should work. As you are not specifying a user to run the command root will be taken as default.

When you specify a user:
Code:
disillusionist ALL=(uncle) /usr/bin/vi
You are stating that disillusionist can run /usr/bin/vi on any machine as the user uncle. To run that I would need to type:
Code:
sudo -u uncle vi test_file
As both seem to work I would guess that you have another entry in the sudoers file that is being evaluated.

Possibly something like:
Code:
%admin ALL=(ALL) ALL
This would mean that anyone in group admin could run any command as any user.
 
Old 11-11-2007, 12:50 PM   #3
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Fedora 14, Ubuntu , Slax 5.1.8, OpenSolaris, Centos 4.8
Posts: 296

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Disillusionist View Post
As both seem to work I would guess that you have another entry in the sudoers file that is being evaluated.

Possibly something like:
Code:
%admin ALL=(ALL) ALL
This would mean that anyone in group admin could run any command as any user.
Thanks Dis !
The above entry is in my sudoers file. I also checked the /etc/group file and noticed that uncle was in the group admin. This must have happened during my initial ubuntu install when I was asked to create a non root user ( uncle). Is this user automatically added to group admin ?
I now realise that user uncle can sudo without any alterations being made to the /etc/sudoers file as a result of this group affiliation. Obviously sudoers file changes would have to be made for user aunty to run privileged programs.
You have been right on all accounts in your post. Thanks for clearing everything up. All makes sense now.
Thanks again !

All good wishes,

Uncle.

Last edited by uncle-c; 11-11-2007 at 12:58 PM.
 
Old 11-11-2007, 12:54 PM   #4
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,036

Rep: Reputation: 96
Before modifying the sudoers file (using visudo) you may want to activate the root account for logins.

If anything goes wrong with your changes (and you can't run sudo commands) you would need either an active root session or the ability to login as root.

To activate the root account (if you haven't already) type:

Code:
sudo passwd
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Syntax error in sudoers file Julix Linux - General 9 09-07-2007 10:44 PM
I just need some clarification Duneatreides Linux - Newbie 2 03-12-2007 06:48 AM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 06:03 PM
sudo and sudoers syntax mikemrh9 Linux - Security 7 06-04-2005 08:54 PM
Clarification needed..... SomeEverydayNob Linux - Newbie 3 05-10-2003 03:07 PM


All times are GMT -5. The time now is 04:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration