alright I just have a quick questions about this
root ALL=(ALL) ALL what do each of these parts mean I see many people with this whole thing setup differently and I'm concerned about what the proper way of setting it up. So I just got some questions
What do each of the above mean and do (excluding root since I know that thats just to point to a user name there)
How would I get a regular user to be able to run mplayer
how would I do the above but not requiring a password
Does disabling the requirement of a password pose any sort of security risk that I could avoid by requiring the password (I assume yes but idk I seen people post that adding that in makes it no less secure but I'm not sure if i believe it)
thanks everyone for your help :)
root ALL1=(ALL2) ALL3
root = user kind of thing - if you wanted charlie to run programs as lucy this is where you'd put charlie.
ALL1 = hostname kind of thing - ALL is the easiest way to say this rule applies on this host.
ALL2 = runas kind of thing - if you wanted charlie to run programs as lucy this is where you'd put lucy.
ALL3 = commands kind of thing - if you want someone to run shutdown this is where you'd put /sbin/shutdown
Each of these can be a list rather than a single item, and can include aliases allowing you useful shortcuts as well as scope for making the file overcomplicated.
The default sudoers file contains examples including the NOPASSWD: term.
Worth checking out the man page (man sudoers). There are many other ecamples availible on the net as well.
As for the security risk from asking for a password, I think it depends on the exact situation/who your giving what powers to. If the only people who in the sudoers are increadiby trustworthy (and I don't just mean malicious but constantly vigiliant as well) then there is no real reason to use the password. But if the user has any chance of leaving there terminal/PC unattended and unlocked a nefarious passer bye could have full access to that persons acconunt (i.e. /home/user_who_went_for_coffee) and anything they had sudo access for. They will have to suffer the consiquence of the former but you will have to sought the later. Ofcorse anyone caught doing such a thing should be quietly and firmley reminded that they should not.
I prefer to have have passwords on anyway. It takes me all of 500ms to type and reinforces that I am using sudo. This is especially important if it is a launcher that does gksudo Some_command.
Without knowing the full details of the situation I cannot say if a password is needed but some critical thinking (think of every way someone could get into the system via sudo (not in terms of buffer overflows etc. but in terms of expanding limited access that they have aquired socially).
Not requiring passwords does reduce the danger from sholder surfing (the less times you type in a password the less times the bad guy behind you can try and see what your typing). However I think this is mainly mitigated by making sure passeord feedback is turned off (defualt) some user don't like this but education is better than giving them exactly what they want here. Also Avoid letting users type passwords on tablets (esp Ipads), or any touchscreen device, sholder serfing can be ridculously easy with these devices, again the best way to sought this out is education, there is no reason a sys-admin cannot ssh off there tablet if they are on there own or using a H/W Keyboard.
So I just reinstalled my entire OS
Appartently I have full access as a normal user to alsa now which wasn't happening before and was why I needed to have sudo to use mplayer but now I can run it normally can now run alsamixer and all that now. I don't think I did anything different but whatever I must have (I hope) done something right this time or is this not the way alsa should be?
I did think i was weird I needed special permission to play music cause I never used to but i figured things just changed in the versions I never used
It may be that you weren't a member of the audio group if you did not have access to alsa.
Well it seems but now I only don't have access to alsa when using ssh but I have a thread about it specifically
Here's my notes I took on sudo/visudo from a Linux+ Certification book
Run visudo and comment out these two lines that will cause sudo to require using the root password:
#ALL ALL=(ALL) ALL
Allowing user(s) to only run certain commands with sudo. Add these lines with visudo.
User_Alias PWRUSRS = tux
Cmnd_Alias KILLPROCS = /bin/kill, /usr/bin/killall
Host_Alias MYHSTS = ws1
PWRUSRS MYHSTS = (root) KILLPROCS
Uncomment to allow members of the wheel group to perform any command as root using their own password.
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
|All times are GMT -5. The time now is 01:32 PM.|