LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-23-2012, 03:49 AM   #1
fatalerror0x00
Member
 
Registered: Oct 2012
Location: Holden, ME, USA
Distribution: SlackWare64 14.00
Posts: 185

Rep: Reputation: 0
visudo


alright I just have a quick questions about this

root ALL=(ALL) ALL what do each of these parts mean I see many people with this whole thing setup differently and I'm concerned about what the proper way of setting it up. So I just got some questions

What do each of the above mean and do (excluding root since I know that thats just to point to a user name there)
How would I get a regular user to be able to run mplayer
how would I do the above but not requiring a password
Does disabling the requirement of a password pose any sort of security risk that I could avoid by requiring the password (I assume yes but idk I seen people post that adding that in makes it no less secure but I'm not sure if i believe it)

thanks everyone for your help
 
Old 11-23-2012, 04:25 AM   #2
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 808
Blog Entries: 2

Rep: Reputation: 203Reputation: 203Reputation: 203
root ALL1=(ALL2) ALL3

root = user kind of thing - if you wanted charlie to run programs as lucy this is where you'd put charlie.
ALL1 = hostname kind of thing - ALL is the easiest way to say this rule applies on this host.
ALL2 = runas kind of thing - if you wanted charlie to run programs as lucy this is where you'd put lucy.
ALL3 = commands kind of thing - if you want someone to run shutdown this is where you'd put /sbin/shutdown

Each of these can be a list rather than a single item, and can include aliases allowing you useful shortcuts as well as scope for making the file overcomplicated.

The default sudoers file contains examples including the NOPASSWD: term.
 
Old 11-23-2012, 04:47 AM   #3
archShade
Member
 
Registered: Mar 2006
Location: Delft NL
Distribution: Debian; Slackware; windows 7
Posts: 218

Rep: Reputation: 53
Worth checking out the man page (man sudoers). There are many other ecamples availible on the net as well.

As for the security risk from asking for a password, I think it depends on the exact situation/who your giving what powers to. If the only people who in the sudoers are increadiby trustworthy (and I don't just mean malicious but constantly vigiliant as well) then there is no real reason to use the password. But if the user has any chance of leaving there terminal/PC unattended and unlocked a nefarious passer bye could have full access to that persons acconunt (i.e. /home/user_who_went_for_coffee) and anything they had sudo access for. They will have to suffer the consiquence of the former but you will have to sought the later. Ofcorse anyone caught doing such a thing should be quietly and firmley reminded that they should not.

I prefer to have have passwords on anyway. It takes me all of 500ms to type and reinforces that I am using sudo. This is especially important if it is a launcher that does gksudo Some_command.

Without knowing the full details of the situation I cannot say if a password is needed but some critical thinking (think of every way someone could get into the system via sudo (not in terms of buffer overflows etc. but in terms of expanding limited access that they have aquired socially).

Not requiring passwords does reduce the danger from sholder surfing (the less times you type in a password the less times the bad guy behind you can try and see what your typing). However I think this is mainly mitigated by making sure passeord feedback is turned off (defualt) some user don't like this but education is better than giving them exactly what they want here. Also Avoid letting users type passwords on tablets (esp Ipads), or any touchscreen device, sholder serfing can be ridculously easy with these devices, again the best way to sought this out is education, there is no reason a sys-admin cannot ssh off there tablet if they are on there own or using a H/W Keyboard.
 
Old 11-23-2012, 06:39 AM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047
Quote:
Originally Posted by fatalerror0x00 View Post
alright I just have a quick questions about this

root ALL=(ALL) ALL what do each of these parts mean I see many people with this whole thing setup differently and I'm concerned about what the proper way of setting it up. So I just got some questions

What do each of the above mean and do (excluding root since I know that thats just to point to a user name there)
You can find extensive info on that with
Code:
man sudoers
man sudo
Quote:
How would I get a regular user to be able to run mplayer
Add him to the video group. This is no use-case for sudo at all. There is absolutely no reason for anyone to run mplayer as root.
Quote:
Does disabling the requirement of a password pose any sort of security risk that I could avoid by requiring the password (I assume yes but idk I seen people post that adding that in makes it no less secure but I'm not sure if i believe it)
It depends. If you use sudo the way it was originally intended (giving some users root access to a few specially chosen applications) it can be pretty safe to configure sudo without password. I use it that way with the commands mount/umount and reboot/shutdown/pm-suspend. Of course you have to think about which commands are allowed for the user. If you give access to using a text-editor as root the user would be able to edit the sudoers file. This is the same as giving the user full root access. When using the NOPASSWD option in the "Ubuntu use-case", which is using the line you mentioned before, giving a user access to all commands as root, anyone that can get access to that users account (maybe if he forgot to lock the system before going to a coffee-break) can do anything on the system.
 
Old 11-23-2012, 05:16 PM   #5
fatalerror0x00
Member
 
Registered: Oct 2012
Location: Holden, ME, USA
Distribution: SlackWare64 14.00
Posts: 185

Original Poster
Rep: Reputation: 0
So I just reinstalled my entire OS
Appartently I have full access as a normal user to alsa now which wasn't happening before and was why I needed to have sudo to use mplayer but now I can run it normally can now run alsamixer and all that now. I don't think I did anything different but whatever I must have (I hope) done something right this time or is this not the way alsa should be?

I did think i was weird I needed special permission to play music cause I never used to but i figured things just changed in the versions I never used
 
Old 11-24-2012, 11:25 AM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047
It may be that you weren't a member of the audio group if you did not have access to alsa.
 
Old 11-24-2012, 05:11 PM   #7
fatalerror0x00
Member
 
Registered: Oct 2012
Location: Holden, ME, USA
Distribution: SlackWare64 14.00
Posts: 185

Original Poster
Rep: Reputation: 0
Well it seems but now I only don't have access to alsa when using ssh but I have a thread about it specifically

http://www.linuxquestions.org/questi...96#post4835896
 
Old 11-25-2012, 12:55 AM   #8
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: san antonio, texas
Distribution: Fedora 64 bit RAID0 + LUKS, CentOS (server), Backtrack, Gentoo Hardened
Posts: 1,441

Rep: Reputation: 81
Here's my notes I took on sudo/visudo from a Linux+ Certification book

Configuring sudo
Run visudo and comment out these two lines that will cause sudo to require using the root password:
#Defaults targetpw
#ALL ALL=(ALL) ALL
Allowing user(s) to only run certain commands with sudo. Add these lines with visudo.
User_Alias PWRUSRS = tux
Cmnd_Alias KILLPROCS = /bin/kill, /usr/bin/killall
Host_Alias MYHSTS = ws1
PWRUSRS MYHSTS = (root) KILLPROCS
Uncomment to allow members of the wheel group to perform any command as root using their own password.
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL

Last edited by fakie_flip; 11-25-2012 at 12:56 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Visudo does not work tquang Linux - Security 2 10-02-2012 10:22 PM
dont see visudo matrix13 Linux - General 1 02-27-2007 01:40 AM
visudo noonmid27 Linux - Newbie 8 02-23-2007 04:42 PM
Need help with visudo powadha Debian 2 12-19-2004 05:04 AM
visudo xviddivxoggmp3 Slackware 7 08-17-2004 08:19 PM


All times are GMT -5. The time now is 03:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration