LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   sudo without password works not for mount/umount (https://www.linuxquestions.org/questions/linux-security-4/sudo-without-password-works-not-for-mount-umount-848038/)

TobiSGD 12-02-2010 06:55 PM
sudo without password works not for mount/umount
 
Title edited because of this.


I want to grant the rights to run some programs that need root privilegues to my normal user (tobi), using sudo without password authentification for ease of use. And here I am running into problems. To make things clear, here is my sudoers file:
Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root        ALL=(ALL) ALL
tobi        ALL=NOPASSWD: /usr/bin/xfce4-power-manager
tobi        ALL=NOPASSWD: /usr/sbin/poweroff
tobi        ALL=NOPASSWD: /usr/sbin/reboot
tobi        ALL=NOPASSWD: /usr/sbin/pm-suspend-hybrid
tobi        ALL=NOPASSWD: /usr/bin/mount 
tobi        ALL=NOPASSWD: /usr/bin/umount


# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
#%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
The problem is, it works with the commands /usr/bin/xfce4-power-manager and /usr/sbin/pm-suspend-hybrid, but not with the other commands.

For example, if I try
Code:
sudo reboot
it asks for my password and then tells me that I am not allowed to run this program, same with the other programs, except the two mentioned above.

Note for the mount/umount-commands: I work a lot with many different ISO-files, so an approach using fstab will not work for me.

I searched the net and for similar threads here, but found nothing that helped me.
I appreciate if anybody can point me into the right direction what I am making wrong here.

AsusDave 12-02-2010 07:24 PM
Take a look at the Tag_Spec section in the sudoers man file.

While what you have may work fine, it isn't quite the format they use.

See if that helps you any.

HTH
Dave

andrewthomas 12-02-2010 07:28 PM
Try changing to the path to
Code:
/sbin/mount
/sbin/umount
/sbin/reboot
/sbin/poweroff
I think this is what is wrong

TobiSGD 12-02-2010 08:34 PM
Quote:
Originally Posted by AsusDave (Post 4178914)
Take a look at the Tag_Spec section in the sudoers man file.

While what you have may work fine, it isn't quite the format they use.

See if that helps you any.

HTH
Dave
I changed my sudoers file, so that it looks like in the man page described:
Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root        ALL=(ALL) ALL
tobi        monster = NOPASSWD: /usr/bin/xfce4-power-manager, /usr/sbin/poweroff, /usr/sbin/reboot, /usr/sbin/pm-suspend-hybrid, /usr/bin/mount, /usr/bin/umount



# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
#%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
Sadly, that didn't help.





Quote:
Originally Posted by andrewthomas (Post 4178917)
Try changing to the path to
Code:
/sbin/mount
/sbin/umount
/sbin/reboot
/sbin/poweroff
I think this is what is wrong
Checked all the paths twice, they are correct.



Thanks for your answers. Anybody a different idea?

andrewthomas 12-02-2010 08:56 PM
Quote:
Originally Posted by TobiSGD (Post 4178969)


Checked all the paths twice, they are correct.



Thanks for your answers. Anybody a different idea?
Ok I was wrong. Mount and umount are in /bin
Quote:
/bin/mount
/bin/umount
http://packages.debian.org/sid/amd64/mount/filelist
Furthermore
Quote:
/sbin/poweroff
/sbin/reboot
http://packages.debian.org/sid/amd64/sysvinit/filelist

TobiSGD 12-03-2010 03:46 PM
I don't know what happened. In my desperation to get this working I started visudo, deleted the whole content of the sudoers-file and rewrote it. It looks now like this
Code:
Defaults env_reset

# User privilege
root        ALL=(ALL) ALL
tobi        monster = NOPASSWD: /usr/bin/xfce4-power-manager, /sbin/poweroff, /sbin/reboot, /usr/sbin/pm-suspend-hybrid, /usr/bin/mount, /usr/bin/umount
And suddenly all commands, except mount and umount, worked like a charm. I wonder what was wrong with the old file.

Can anybody help me with the mount and umount command?

P.S.:I changed the title of the thread according to the new situation.

andrewthomas 12-03-2010 10:32 PM
Quote:
Originally Posted by TobiSGD (Post 4179881)
Can anybody help me with the mount and umount command?
I see that once you changed the path to poweroff and reboot they now work. I suggest that you type
Code:
which mount
and
Code:
which umount
into the terminal and observe the results.
I added the following line to my sudoers file just to test out the command and it works just fine.
Code:
andrew ALL=(ALL)    NOPASSWD: /bin/mount, /bin/umount

TobiSGD 12-03-2010 11:09 PM
Thanks, I don't know what happened with my eyes and fingers, that I typed the /usr before them and then overlooked it.
Maybe I should sleep a little bit more.

Thanks, a lot.


All times are GMT -5. The time now is 10:16 PM.