LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-02-2010, 06:55 PM   #1
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047
sudo without password works not for mount/umount


Title edited because of this.


I want to grant the rights to run some programs that need root privilegues to my normal user (tobi), using sudo without password authentification for ease of use. And here I am running into problems. To make things clear, here is my sudoers file:
Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults	env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root	ALL=(ALL) ALL
tobi	ALL=NOPASSWD: /usr/bin/xfce4-power-manager
tobi	ALL=NOPASSWD: /usr/sbin/poweroff
tobi	ALL=NOPASSWD: /usr/sbin/reboot
tobi	ALL=NOPASSWD: /usr/sbin/pm-suspend-hybrid
tobi	ALL=NOPASSWD: /usr/bin/mount  
tobi	ALL=NOPASSWD: /usr/bin/umount 


# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
#%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
The problem is, it works with the commands /usr/bin/xfce4-power-manager and /usr/sbin/pm-suspend-hybrid, but not with the other commands.

For example, if I try
Code:
sudo reboot
it asks for my password and then tells me that I am not allowed to run this program, same with the other programs, except the two mentioned above.

Note for the mount/umount-commands: I work a lot with many different ISO-files, so an approach using fstab will not work for me.

I searched the net and for similar threads here, but found nothing that helped me.
I appreciate if anybody can point me into the right direction what I am making wrong here.

Last edited by TobiSGD; 12-03-2010 at 03:48 PM. Reason: Problem partially solved.
 
Old 12-02-2010, 07:24 PM   #2
AsusDave
Member
 
Registered: Jul 2008
Distribution: Debian, Ubuntu 10.04
Posts: 151

Rep: Reputation: 34
Take a look at the Tag_Spec section in the sudoers man file.

While what you have may work fine, it isn't quite the format they use.

See if that helps you any.

HTH
Dave
 
Old 12-02-2010, 07:28 PM   #3
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Try changing to the path to
Code:
/sbin/mount
/sbin/umount
/sbin/reboot
/sbin/poweroff
I think this is what is wrong

Last edited by andrewthomas; 12-02-2010 at 07:29 PM.
 
Old 12-02-2010, 08:34 PM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Original Poster
Rep: Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047
Quote:
Originally Posted by AsusDave View Post
Take a look at the Tag_Spec section in the sudoers man file.

While what you have may work fine, it isn't quite the format they use.

See if that helps you any.

HTH
Dave
I changed my sudoers file, so that it looks like in the man page described:
Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults	env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root	ALL=(ALL) ALL
tobi	monster = NOPASSWD: /usr/bin/xfce4-power-manager, /usr/sbin/poweroff, /usr/sbin/reboot, /usr/sbin/pm-suspend-hybrid, /usr/bin/mount, /usr/bin/umount



# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
#%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
Sadly, that didn't help.





Quote:
Originally Posted by andrewthomas View Post
Try changing to the path to
Code:
/sbin/mount
/sbin/umount
/sbin/reboot
/sbin/poweroff
I think this is what is wrong
Checked all the paths twice, they are correct.



Thanks for your answers. Anybody a different idea?
 
Old 12-02-2010, 08:56 PM   #5
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Quote:
Originally Posted by TobiSGD View Post


Checked all the paths twice, they are correct.



Thanks for your answers. Anybody a different idea?
Ok I was wrong. Mount and umount are in /bin
Quote:
/bin/mount
/bin/umount
http://packages.debian.org/sid/amd64/mount/filelist
Furthermore
Quote:
/sbin/poweroff
/sbin/reboot
http://packages.debian.org/sid/amd64/sysvinit/filelist

Last edited by andrewthomas; 12-03-2010 at 10:49 PM. Reason: grammar
 
Old 12-03-2010, 03:46 PM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Original Poster
Rep: Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047
I don't know what happened. In my desperation to get this working I started visudo, deleted the whole content of the sudoers-file and rewrote it. It looks now like this
Code:
Defaults env_reset

# User privilege
root	ALL=(ALL) ALL
tobi	monster = NOPASSWD: /usr/bin/xfce4-power-manager, /sbin/poweroff, /sbin/reboot, /usr/sbin/pm-suspend-hybrid, /usr/bin/mount, /usr/bin/umount
And suddenly all commands, except mount and umount, worked like a charm. I wonder what was wrong with the old file.

Can anybody help me with the mount and umount command?

P.S.:I changed the title of the thread according to the new situation.
 
Old 12-03-2010, 10:32 PM   #7
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Quote:
Originally Posted by TobiSGD View Post
Can anybody help me with the mount and umount command?
I see that once you changed the path to poweroff and reboot they now work. I suggest that you type
Code:
which mount
and
Code:
which umount
into the terminal and observe the results.
I added the following line to my sudoers file just to test out the command and it works just fine.
Code:
andrew ALL=(ALL)    NOPASSWD: /bin/mount, /bin/umount
 
Old 12-03-2010, 11:09 PM   #8
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Original Poster
Rep: Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047
Thanks, I don't know what happened with my eyes and fingers, that I typed the /usr before them and then overlooked it.
Maybe I should sleep a little bit more.

Thanks, a lot.
 
  


Reply

Tags
sudo, sudoers


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sudo: umount works, mount not works sasser Slackware 3 07-09-2010 03:01 AM
[SOLVED] Sudo problem - Run all commands with password except these uncle-c Linux - Newbie 1 02-16-2010 11:02 AM
[SOLVED] Problem in executing multiple commands through password less sudo vysakh@gmail.com Linux - Server 6 08-04-2009 07:11 AM
Can sudo restrict certain commands? Thaidog Linux - Security 3 01-30-2009 11:24 AM
sudo and at commands ulto Programming 2 05-01-2004 08:36 AM


All times are GMT -5. The time now is 01:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration