LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 07-27-2009, 02:51 PM   #16
pcunix
Member
 
Registered: Dec 2004
Location: MA
Distribution: Various
Posts: 149

Rep: Reputation: 23

Quote:
Originally Posted by Alien Bob View Post
You must be using Ubuntu.

Eric

:-)

Not particularly. But no, I can't think of any place I have Slackware installed and I imagine that was your point, right?
 
Old 07-27-2009, 11:48 PM   #17
bassmadrigal
Member
 
Registered: Nov 2003
Location: Newport News, VA
Distribution: Slackware
Posts: 173

Rep: Reputation: 34
I think the only point he was originally trying to get out is that this isn't possible with a stock Slackware system. The way you made it sound is that is all he would have to do, but in reality he would have to tweak the sudoers file.

Me personally, I change my sudoers so that I can use sudo on any command without typing in a password. But then I am the only user on my system, so I am not worried about others going in a screwing it up. If I was on a multi-user system, it certainly wouldn't be that way.

Back to the original topic... Since I have sudo set up for my user, and I hate typing in the /usr/sbin or /sbin I have a .profile in my user directory that will add those paths. All the script contains is:

Code:
#!/bin/bash
PATH=$PATH:/usr/local/sbin:/sbin:/usr/sbin
This code will be executed when you login the first time. And yes, you can use sudo without a password, but it requires editing the /etc/sudoers file.

As others have mentioned, this is a security risk, so make sure that you fully understand what is being done.

Good Luck
Jeremy
 
Old 07-28-2009, 02:18 PM   #18
w1k0
Senior Member
 
Registered: May 2008
Location: Poland
Distribution: Slackware, Mint
Posts: 1,240

Rep: Reputation: 187Reputation: 187
Well... Back to the question.

To get root's environment use commands suggested by GrapefruiTgirl. Use command su - if you need command line interface or su if you need X Window applications. Before it you have to set X host with xhost `hostname` command. I put it in my system permanently in ~/.xinitrc file.

The usage of sudo is more sophisticated. Use it only to run carefully selected commands.

The main task is to prepare the appropriate sudoers file:

# cat /etc/sudoers
Code:
Defaults    timestamp_timeout = 0

User_Alias  FULL = john, mary
User_Alias  PART = ebenezer

Cmnd_Alias  KILL = /bin/kill, /bin/killall
Cmnd_Alias  HALT = /sbin/reboot, /sbin/halt, \
                   /usr/local/bin/suspend
Cmnd_Alias  MOUNT = /bin/mount, /bin/umount
Cmnd_Alias  CDWR = /usr/local/bin/cdwr

root ALL =  (ALL) ALL

FULL ALL =  NOPASSWD: KILL, HALT, MOUNT, \
                      CDWR

PART ALL =  PASSWD:   KILL, HALT, \
            NOPASSWD: MOUNT, CDWR
If you're familiar with vi use visudo to do it. Each entry in sudoers file has to be one single line so to break lines use \. In the above example are three users: john, mary and ebenezer. First two users have full access to all registered commands without password -- the last user has limited access.

To simplify running the above commands prepare the appropriate .bashrc file.

$ cat ~/.bashrc
Code:
export PS1="\u@\h:\w\$ "

alias ls='ls --color=auto -b -T 0'

alias c='perl -e '\''$_="@ARGV"; print eval $_, "\n"'\'''

alias kill="sudo /bin/kill"
alias killall="sudo /bin/killall"
alias reboot="sudo /sbin/reboot"
alias halt="sudo /sbin/halt"

alias suspend="sudo /usr/local/bin/suspend"

alias mount="sudo /bin/mount"
alias umount="sudo /bin/umount"

alias cdwr="sudo /usr/local/bin/cdwr"
To run some commands in console mode prepare the appropriate .bash_profile.

$ cat ~/.bash_profile
Code:
BASH_ENV=$HOME/.bashrc
USERNAME="john"

export USERNAME BASH_ENV

alias kill="sudo /bin/kill"
alias killall="sudo /bin/killall"
alias reboot="sudo /sbin/reboot"
alias halt="sudo /sbin/halt"

echo ; fortune ; echo
In some cases sudo works not exactly the same as su. See: Firewall problem in PPPOE. If you'll discover such problem use the command su with -c switch instead of sudo, for example: su -c /usr/sbin/pppoe-start.

Last edited by w1k0; 07-28-2009 at 02:31 PM.
 
Old 07-28-2009, 03:35 PM   #19
rg3
Member
 
Registered: Jul 2007
Distribution: Slackware Linux
Posts: 498

Rep: Reputation: Disabled
Back to some other question, I have no idea why sudo was created, but it does provide much more granularity than su in terms of controlling who can do what as which user. Also, the default configuration of asking for the user's own password is also useful in the sense that you can allow a specific user run a specific command as root without giving them the root password. In many environments, it's very important that only one or two people know the root password, while the rest of users are granted privileges on demand.

Anyway, su can be configured not to ask any password, indeed. You need to use /etc/suauth (usually the file does not exist), with something along these lines:

root:someuser:NOPASS

See man suauth for more details. Why you'd want to do that is beyond my imagination.
 
Old 07-28-2009, 04:08 PM   #20
niels.horn
Senior Member
 
Registered: Mar 2007
Location: Rio de Janeiro - Brazil
Distribution: Slackware64-current
Posts: 1,004

Rep: Reputation: 87
Quote:
Originally Posted by rg3 View Post
Anyway, su can be configured not to ask any password, indeed.
Now, now... I learn something new everyday...
I _never_ heard about this one!

I tested it and deleted the file immediately afterwards
 
Old 07-28-2009, 08:22 PM   #21
escaflown
Member
 
Registered: Apr 2009
Location: Canada
Distribution: Slackware
Posts: 235

Rep: Reputation: 30
Quote:
Originally Posted by rg3 View Post
Anyway, su can be configured not to ask any password, indeed. You need to use /etc/suauth (usually the file does not exist), with something along these lines:

root:someuser:NOPASS
why will someone want to do that??? It just looks like creating an user with root privileges and an empty password.
 
Old 07-28-2009, 08:45 PM   #22
rworkman
Slackware Contributor
 
Registered: Oct 2004
Location: Tuscaloosa, Alabama (USA)
Distribution: Slackware
Posts: 1,904

Rep: Reputation: Disabled
Quote:
Originally Posted by escaflown View Post
why will someone want to do that??? It just looks like creating an user with root privileges and an empty password.
If you lock your terminal when you're away from the machine, and you have a secure password on your normal user account, one could argue that it's no less secure at all.
 
Old 07-28-2009, 09:00 PM   #23
niels.horn
Senior Member
 
Registered: Mar 2007
Location: Rio de Janeiro - Brazil
Distribution: Slackware64-current
Posts: 1,004

Rep: Reputation: 87
Quote:
Originally Posted by rworkman View Post
If you lock your terminal when you're away from the machine, and you have a secure password on your normal user account, one could argue that it's no less secure at all.
If we could trust normal users to do things the way they are supposed to do it, we wouldn't need security

OK, I *am* biased (or paranoid?)... I work at a large financial institution and security of information is one of our main concerns.

We have a strict "lock your terminal" policy and security checks random workstations at lunch breaks etc., but unfortunately we cannot rely on users following all policies.

I know things are different if you only have one desktop at home.

I see this all in the following manner:
--> Windows machines are insecure by default and can be made reasonably secure with careful configuration
--> Linux machines are secure by default and can be made quite insecure by careless configuration

Just my $0.02 ...
 
  


Reply

Tags
environment, path, sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 01:36 AM
Sudo and passing environment variables lapthorn Linux - Security 1 06-23-2009 05:40 AM
sudo perl script with environment variables powah Programming 1 04-22-2009 11:22 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 07:12 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 03:20 PM


All times are GMT -5. The time now is 05:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration