LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   /etc/sudoers (http://www.linuxquestions.org/questions/linux-server-73/etc-sudoers-817125/)

vikas027 06-30-2010 03:33 AM

/etc/sudoers
 
Hi Gurus / All,

I have been working with sudo for quite some time now.

After reading the sudo man page, I have two questions in mind.

1) When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.

2) What is the role of "timestamp" in sudoers. I tried to google it but could not find something informative.


Any ideas people, specially on the second question.

TheIndependentAquarius 06-30-2010 04:02 AM

Quote:

Originally Posted by vikas027 (Post 4019073)
2) What is the role of "timestamp" in sudoers. I tried to google it but could not find something informative.[/COLOR]

Any ideas people, specially on the second question.

Do
Code:

man sudoers
It provides a lot of useful and easy to understand info regarding timestamps !

vikas027 06-30-2010 04:09 AM

Quote:

Originally Posted by anishakaul (Post 4019103)
Do
Code:

man sudoers
It provides a lot of useful and easy to understand info regarding timestamps !

Hi Anisha,

I have mentioned it in my first post already that I could not get the use of timestamps in sudoers clearly in man sudoers.

TheIndependentAquarius 06-30-2010 04:22 AM

Quote:

Originally Posted by vikas027 (Post 4019109)
Hi Anisha,

I have mentioned it in my first post already that I could not get the use of timestamps in sudoers clearly in man sudoers.

I missed that statement in your OP.
My Apologies

Anyway,
You didn't understand the following from the man page ???

Quote:

passwd_timeout
Number of minutes before the sudo password prompt times out. The default is 5; set this to 0 for no password timeout.

timestamp_timeout
Number of minutes that can elapse before sudo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respectively.

timestampdir
The directory in which sudo stores its timestamp files. The default is /var/run/sudo.

timestampowner
The owner of the timestamp directory and the timestamps stored therein. The default is root.
What phrase did you not understand exactly ?

vikas027 06-30-2010 04:49 AM

[QUOTE=anishakaul;4019119]I missed that statement in your OP.
My Apologies
QUOTE] Now worries, I will explain my doubts line by line.



Code:

      -v  If given the -v (validate) option, sudo will update the userÔs timestamp, prompting for the userÔs password if necessary.  This extends the sudo
          timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command.

- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
- Where this updation of user's timestamp takes place; in a dir. or file under /var/run/sudo.


Code:

      -k  The -k (kill) option to sudo invalidates the userÔs timestamp by setting the time on it to the epoch.  The next time sudo is run a password will
          be required.  This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.

- What is epoch ?

These questions might be generic, but still I need help in these.

TheIndependentAquarius 06-30-2010 05:26 AM

Quote:

Originally Posted by vikas027 (Post 4019149)
Now worries, I will explain my doubts line by line.

Code:

      -v  If given the -v (validate) option, sudo will update the userÔs timestamp, prompting for the userÔs password if necessary.  This extends the sudo
          timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command.

- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
- Where this updation of user's timestamp takes place; in a dir. or file under /var/run/sudo.


Code:

      -k  The -k (kill) option to sudo invalidates the userÔs timestamp by setting the time on it to the epoch.  The next time sudo is run a password will
          be required.  This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.


In your OP you asked "What is the role of "timestamp" in sudoers."
To which I answered in post 4

Your new question above is not the same as in your OP !

There is a difference between:
A. What is the use/role of timestamps ?
B. How operating system writes the timestamps ?

Your new question needs to be answered by some sysadmin !

Quote:

Originally Posted by vikas027 (Post 4019149)
- What is epoch ?

Read the following link:
http://www.unixtimestamp.com/index.php
___________________________EDIT___________________________
http://wordnetweb.princeton.edu/perl/webwn?s=epoch

vikas027 06-30-2010 06:20 AM

Quote:

Originally Posted by anishakaul (Post 4019177)
B. How operating system writes the timestamps ?

I never asked this.

Anyways, I am wating for someone else to answer me these questions.

- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
- Where this updation of user's timestamp takes place; in a dir. or file(s) under /var/run/sudo.

- When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.

TheIndependentAquarius 06-30-2010 06:26 AM

Quote:

Originally Posted by vikas027 (Post 4019229)
I never asked this.

Are the following questions not similar to :
How does shell/operating system write/deal with timestamps ?
Quote:

- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?

- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?

- Where this updation of user's timestamp takes place; in a dir. or file(s) under /var/run/sudo.

- When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.[/COLOR]

vikas027 06-30-2010 06:37 AM

Quote:

Originally Posted by anishakaul (Post 4019233)
Are the following questions not similar to :
How does shell/operating system write/deal with timestamps ?

NO. ;)

I guess you misunderstood the question. You gave me this link. I am NOT asking how unix deals with timestamps, what I am asking is significance of timestamps for sudo users as I have never felt the need to know it until I read "man sudo".

Meanwhile, I was just going through some more links, still I have these questions.

- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
- When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.


Anyways, thanks for the help Anisha.

unSpawn 06-30-2010 07:01 AM

Quote:

Originally Posted by vikas027 (Post 4019239)
How the timeout is set to 5 minutes in /etc/sudoers ?

With "passwd_timeout=n"?


Quote:

Originally Posted by vikas027 (Post 4019239)
Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?

You can test that: 'sudo /bin/sleep 10m'.


Quote:

Originally Posted by vikas027 (Post 4019239)
Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?

You can easily test that yourself too:
Code:

CONF=/etc/sudoers
_test() { visudo -c || echo "Run visudo and correct errors."; exit 127; }
grep -q ^passwd_timeout= $CONF || echo "passwd_timeout=5" >> $CONF; _test
echo "Cmnd_Alias SLEEPTEST = /bin/sleep 10m" >> $CONF; _test
echo "vikas localhost = NOPASSWD: SLEEPTEST >> $CONF; _test
sudo /bin/sleep 10m


Quote:

Originally Posted by vikas027 (Post 4019239)
When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.

You can test that yourself as well: 'sudo -u root env' (or env_audit).

TheIndependentAquarius 06-30-2010 07:05 AM

Quote:

Originally Posted by vikas027 (Post 4019239)
NO. ;)
I guess you misunderstood the question. You gave me this link. I am NOT asking how unix deals with timestamps, what I am asking is significance of timestamps for sudo users as I have never felt the need to know it until I read "man sudo".

My post number 4 answers your this question !!

Quote:

Originally Posted by vikas027 (Post 4019239)
NO. ;)
I guess you misunderstood the question. You gave me this link. I am NOT asking how unix deals with timestamps, what I am asking is significance of timestamps for sudo users as I have never felt the need to know it until I read "man sudo".

You asked what is epoch !
That link and this one has details regarding epoch !!!

vikas027 06-30-2010 07:20 AM

Quote:

Originally Posted by anishakaul (Post 4019268)
My post number 4 answers your this question !!


You asked what is epoch !
That link and this one has details regarding epoch !!!

Leave it. Thanks anyways.

vikas027 06-30-2010 07:23 AM

Quote:

Originally Posted by unSpawn (Post 4019260)
With "passwd_timeout=n"?

You can test that: 'sudo /bin/sleep 10m'.

You can easily test that yourself too:
Code:

CONF=/etc/sudoers
_test() { visudo -c || echo "Run visudo and correct errors."; exit 127; }
grep -q ^passwd_timeout= $CONF || echo "passwd_timeout=5" >> $CONF; _test
echo "Cmnd_Alias SLEEPTEST = /bin/sleep 10m" >> $CONF; _test
echo "vikas localhost = NOPASSWD: SLEEPTEST >> $CONF; _test
sudo /bin/sleep 10m


You can test that yourself as well: 'sudo -u root env' (or env_audit).

Exactly, what I wanted. Thanks a ton mate. !


All times are GMT -5. The time now is 08:33 AM.