LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 06-30-2010, 04:33 AM   #1
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,275

Rep: Reputation: 99
Question /etc/sudoers


Hi Gurus / All,

I have been working with sudo for quite some time now.

After reading the sudo man page, I have two questions in mind.

1) When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.

2) What is the role of "timestamp" in sudoers. I tried to google it but could not find something informative.


Any ideas people, specially on the second question.
 
Old 06-30-2010, 05:02 AM   #2
TheIndependentAquarius
Senior Member
 
Registered: Dec 2008
Posts: 4,634
Blog Entries: 29

Rep: Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900
Quote:
Originally Posted by vikas027 View Post
2) What is the role of "timestamp" in sudoers. I tried to google it but could not find something informative.[/COLOR]

Any ideas people, specially on the second question.
Do
Code:
man sudoers
It provides a lot of useful and easy to understand info regarding timestamps !

Last edited by TheIndependentAquarius; 06-30-2010 at 05:06 AM.
 
Old 06-30-2010, 05:09 AM   #3
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,275

Original Poster
Rep: Reputation: 99
Exclamation

Quote:
Originally Posted by anishakaul View Post
Do
Code:
man sudoers
It provides a lot of useful and easy to understand info regarding timestamps !
Hi Anisha,

I have mentioned it in my first post already that I could not get the use of timestamps in sudoers clearly in man sudoers.
 
Old 06-30-2010, 05:22 AM   #4
TheIndependentAquarius
Senior Member
 
Registered: Dec 2008
Posts: 4,634
Blog Entries: 29

Rep: Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900
Quote:
Originally Posted by vikas027 View Post
Hi Anisha,

I have mentioned it in my first post already that I could not get the use of timestamps in sudoers clearly in man sudoers.
I missed that statement in your OP.
My Apologies

Anyway,
You didn't understand the following from the man page ???

Quote:
passwd_timeout
Number of minutes before the sudo password prompt times out. The default is 5; set this to 0 for no password timeout.

timestamp_timeout
Number of minutes that can elapse before sudo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respectively.

timestampdir
The directory in which sudo stores its timestamp files. The default is /var/run/sudo.

timestampowner
The owner of the timestamp directory and the timestamps stored therein. The default is root.
What phrase did you not understand exactly ?

Last edited by TheIndependentAquarius; 06-30-2010 at 05:38 AM. Reason: Indentation
 
Old 06-30-2010, 05:49 AM   #5
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,275

Original Poster
Rep: Reputation: 99
Post

[QUOTE=anishakaul;4019119]I missed that statement in your OP.
My Apologies
QUOTE] Now worries, I will explain my doubts line by line.



Code:
       -v  If given the -v (validate) option, sudo will update the userÔs timestamp, prompting for the userÔs password if necessary.  This extends the sudo
           timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command.
- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
- Where this updation of user's timestamp takes place; in a dir. or file under /var/run/sudo.


Code:
       -k  The -k (kill) option to sudo invalidates the userÔs timestamp by setting the time on it to the epoch.  The next time sudo is run a password will
           be required.  This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.
- What is epoch ?

These questions might be generic, but still I need help in these.
 
Old 06-30-2010, 06:26 AM   #6
TheIndependentAquarius
Senior Member
 
Registered: Dec 2008
Posts: 4,634
Blog Entries: 29

Rep: Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900
Quote:
Originally Posted by vikas027 View Post
Now worries, I will explain my doubts line by line.

Code:
       -v  If given the -v (validate) option, sudo will update the userÔs timestamp, prompting for the userÔs password if necessary.  This extends the sudo
           timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command.
- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
- Where this updation of user's timestamp takes place; in a dir. or file under /var/run/sudo.


Code:
       -k  The -k (kill) option to sudo invalidates the userÔs timestamp by setting the time on it to the epoch.  The next time sudo is run a password will
           be required.  This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.
In your OP you asked "What is the role of "timestamp" in sudoers."
To which I answered in post 4

Your new question above is not the same as in your OP !

There is a difference between:
A. What is the use/role of timestamps ?
B. How operating system writes the timestamps ?

Your new question needs to be answered by some sysadmin !

Quote:
Originally Posted by vikas027 View Post
- What is epoch ?
Read the following link:
http://www.unixtimestamp.com/index.php
___________________________EDIT___________________________
http://wordnetweb.princeton.edu/perl/webwn?s=epoch

Last edited by TheIndependentAquarius; 06-30-2010 at 06:41 AM.
 
Old 06-30-2010, 07:20 AM   #7
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,275

Original Poster
Rep: Reputation: 99
Question

Quote:
Originally Posted by anishakaul View Post
B. How operating system writes the timestamps ?
I never asked this.

Anyways, I am wating for someone else to answer me these questions.

- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
- Where this updation of user's timestamp takes place; in a dir. or file(s) under /var/run/sudo.

- When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.
 
Old 06-30-2010, 07:26 AM   #8
TheIndependentAquarius
Senior Member
 
Registered: Dec 2008
Posts: 4,634
Blog Entries: 29

Rep: Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900
Quote:
Originally Posted by vikas027 View Post
I never asked this.
Are the following questions not similar to :
How does shell/operating system write/deal with timestamps ?
Quote:
- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?

- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?

- Where this updation of user's timestamp takes place; in a dir. or file(s) under /var/run/sudo.

- When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.[/COLOR]

Last edited by TheIndependentAquarius; 06-30-2010 at 07:28 AM.
 
Old 06-30-2010, 07:37 AM   #9
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,275

Original Poster
Rep: Reputation: 99
Wink

Quote:
Originally Posted by anishakaul View Post
Are the following questions not similar to :
How does shell/operating system write/deal with timestamps ?
NO.

I guess you misunderstood the question. You gave me this link. I am NOT asking how unix deals with timestamps, what I am asking is significance of timestamps for sudo users as I have never felt the need to know it until I read "man sudo".

Meanwhile, I was just going through some more links, still I have these questions.

- How the timeout is set to 5 minutes in /etc/sudoers ?
- Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
- Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
- When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.


Anyways, thanks for the help Anisha.
 
Old 06-30-2010, 08:01 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,814
Blog Entries: 54

Rep: Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989
Quote:
Originally Posted by vikas027 View Post
How the timeout is set to 5 minutes in /etc/sudoers ?
With "passwd_timeout=n"?


Quote:
Originally Posted by vikas027 View Post
Does this means that if my sudo command takes more than 5 mins, will it terminate automatically ?
You can test that: 'sudo /bin/sleep 10m'.


Quote:
Originally Posted by vikas027 View Post
Will it ask for a password even if NOPASSWD is mentioned in /etc/sudoers ?
You can easily test that yourself too:
Code:
CONF=/etc/sudoers
_test() { visudo -c || echo "Run visudo and correct errors."; exit 127; }
grep -q ^passwd_timeout= $CONF || echo "passwd_timeout=5" >> $CONF; _test
echo "Cmnd_Alias SLEEPTEST = /bin/sleep 10m" >> $CONF; _test
echo "vikas localhost = NOPASSWD: SLEEPTEST >> $CONF; _test
sudo /bin/sleep 10m

Quote:
Originally Posted by vikas027 View Post
When we run sudo commands, in which shell those commands are executed ? I believe it should be the shell of root.
You can test that yourself as well: 'sudo -u root env' (or env_audit).
 
1 members found this post helpful.
Old 06-30-2010, 08:05 AM   #11
TheIndependentAquarius
Senior Member
 
Registered: Dec 2008
Posts: 4,634
Blog Entries: 29

Rep: Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900
Quote:
Originally Posted by vikas027 View Post
NO.
I guess you misunderstood the question. You gave me this link. I am NOT asking how unix deals with timestamps, what I am asking is significance of timestamps for sudo users as I have never felt the need to know it until I read "man sudo".
My post number 4 answers your this question !!

Quote:
Originally Posted by vikas027 View Post
NO.
I guess you misunderstood the question. You gave me this link. I am NOT asking how unix deals with timestamps, what I am asking is significance of timestamps for sudo users as I have never felt the need to know it until I read "man sudo".
You asked what is epoch !
That link and this one has details regarding epoch !!!

Last edited by TheIndependentAquarius; 06-30-2010 at 08:10 AM.
 
Old 06-30-2010, 08:20 AM   #12
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,275

Original Poster
Rep: Reputation: 99
Quote:
Originally Posted by anishakaul View Post
My post number 4 answers your this question !!


You asked what is epoch !
That link and this one has details regarding epoch !!!
Leave it. Thanks anyways.
 
Old 06-30-2010, 08:23 AM   #13
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,275

Original Poster
Rep: Reputation: 99
Thumbs up

Quote:
Originally Posted by unSpawn View Post
With "passwd_timeout=n"?

You can test that: 'sudo /bin/sleep 10m'.

You can easily test that yourself too:
Code:
CONF=/etc/sudoers
_test() { visudo -c || echo "Run visudo and correct errors."; exit 127; }
grep -q ^passwd_timeout= $CONF || echo "passwd_timeout=5" >> $CONF; _test
echo "Cmnd_Alias SLEEPTEST = /bin/sleep 10m" >> $CONF; _test
echo "vikas localhost = NOPASSWD: SLEEPTEST >> $CONF; _test
sudo /bin/sleep 10m

You can test that yourself as well: 'sudo -u root env' (or env_audit).
Exactly, what I wanted. Thanks a ton mate. !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with sudoers DrStrangepork Linux - Newbie 8 10-13-2009 08:53 AM
sudoers texerasmo Linux - General 3 08-04-2006 10:57 AM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 06:03 PM
sudoers???? yenonn Slackware 6 02-10-2004 04:09 AM
Sudoers Fonke0412 Linux - Newbie 3 08-10-2003 04:54 PM


All times are GMT -5. The time now is 09:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration