LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-08-2011, 01:49 PM   #1
lazerking9
LQ Newbie
 
Registered: May 2011
Distribution: Ubuntu
Posts: 24

Rep: Reputation: 12
help with sudoers


I am attempting to configure my sudoers file, and have quite a few questions.
If you can answer any/all of them, I would be grateful.

-Is there a way to set it up so that root gets notified if a user tries to use a command they are not allowed to?

-If something like this already exists on my system, how do I set it up/use it/ read root's messages?

-I see a lecture=always default exists, but can I customize this lecture?

-Is there an easy way to explicitly deny a user sudo permission?

-I see there is an ALL wildcard. Is there something similar to a NONE wildcard?

Thank you very much in advance.

~~~~alec
 
Old 06-08-2011, 03:54 PM   #2
tuxboom747
LQ Newbie
 
Registered: May 2011
Posts: 19

Rep: Reputation: 10
All your questions assume that the sudoers file is a positive <--> negative configuration file.
That is not the case!

Only users mentioned in sudoers (and they are mentioned with the commands allowed to exec or ALL commands to exec) are generally allowed to run commands with sudo prefixed.

Please read the manpage of sudo(1) by "man sudo"!! It WILL answer most of your questions, is that simple?

Make your day
 
Old 06-08-2011, 05:39 PM   #3
lazerking9
LQ Newbie
 
Registered: May 2011
Distribution: Ubuntu
Posts: 24

Original Poster
Rep: Reputation: 12
Lightbulb

I think I get it now. Here's my sudoers file:

Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults	env_reset
Defaults 	passwd_timeout = 1
Defaults 	timestamp_timeout = 5
Defaults 	listpw = all
Defaults 	verifypw = all
Defaults 	lecture = always
Defaults 	insults
Defaults 	mail_always
Defaults 	mail_badpass
Defaults 	mail_no_user
Defaults 	mail_no_host
Defaults 	mail_no_perms
Defaults 	loglinelen = 0
Defaults 	tty_tickets

# Host alias specification
Host_Alias 	HOMEMACH = MYHOMEPC-HP-PC

# User alias specification

# Cmnd alias specification

# User privilege specification
root	HOMEMACH=(root) PASSWD:ALL
alec 	HOMEMACH=(root) PASSWD:/sbin/shutdown

# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo HOMEMACH=(root) PASSWD:ALL
#
#includedir /etc/sudoers.d

# Members of the admin group may gain root privileges
%admin HOMEMACH=(root) PASSWD:ALL
so, what you're saying is: in this specific case, a user named foo would have no sudo rights, because I did not mention him?

And I figured out alot of the rest on my own, through trial and error (with the original default /etc/sudoers backed up, modifications done on a LIVE usb)..
but there are one or two more questions I still have.

Quote:
-I see a lecture=always default exists, but can I customize this lecture?
and thank you so much tuxboom!! =)
 
Old 06-08-2011, 05:52 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Quote:
Originally Posted by lazerking9 View Post
I think I get it now. Here's my sudoers file:

Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults	env_reset
Defaults 	passwd_timeout = 1
Defaults 	timestamp_timeout = 5
Defaults 	listpw = all
Defaults 	verifypw = all
Defaults 	lecture = always
Defaults 	insults
Defaults 	mail_always
Defaults 	mail_badpass
Defaults 	mail_no_user
Defaults 	mail_no_host
Defaults 	mail_no_perms
Defaults 	loglinelen = 0
Defaults 	tty_tickets

# Host alias specification
Host_Alias 	HOMEMACH = MYHOMEPC-HP-PC

# User alias specification

# Cmnd alias specification

# User privilege specification
root	HOMEMACH=(root) PASSWD:ALL
alec 	HOMEMACH=(root) PASSWD:/sbin/shutdown

# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo HOMEMACH=(root) PASSWD:ALL
#
#includedir /etc/sudoers.d

# Members of the admin group may gain root privileges
%admin HOMEMACH=(root) PASSWD:ALL
so, what you're saying is: in this specific case, a user named foo would have no sudo rights, because I did not mention him?
Unless he happens to be a member of the group sudo, admin or is
mentioned in any other rules explicitly pulled in from
#includedir /etc/sudoers.d
....

[edit]
forgot to mention that "mail_always" makes the other
mail_* entries unnecessary... [/edit]



Tink

Last edited by Tinkster; 06-08-2011 at 05:57 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudoers madwac Linux - Newbie 1 03-10-2007 06:54 PM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 05:03 PM
Regarding SUDOERS hinetvenkat Linux - Networking 1 09-02-2005 01:47 PM
sudoers usa1234 Linux - General 1 10-24-2004 03:07 PM
sudoers???? yenonn Slackware 6 02-10-2004 03:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration