LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Sudoers problem (https://www.linuxquestions.org/questions/linux-newbie-8/sudoers-problem-681517/)

majkinetor 11-06-2008 08:27 AM

Sudoers problem
 
Hello.

What I want:
To be able to use sudo <cmd> without password prompt.

What I did:
This is the content of my sudoers file:

Code:

Defaults        env_reset

# Uncomment to allow members of group sudo to not need a password
%sudo ALL=NOPASSWD: ALL

# User privilege specification
root    ALL=(ALL) ALL
mmilic  ALL=NOPASSWD: ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

I am in sudo group so i don't know why %sudo rule doesn't work.
Code:

$ id mmilic
uid=1000(mmilic) gid=1000(mmilic) groups=1000(mmilic), 1001(sudo) ....

I also don't know why user privilege spec doesn't work.

Alternatively, I tried to do the same thing with expect.My idea was to create script that will automatically put password if sudo session is over. If I call that script refresh_sudo, I would then be able to use this in my shell scripts in this way:
Code:

#!/bin/bash
refresh_sudo
sudo apt_get install $1
sudo <cmd...>
...

The exp script is:
Code:

#!/usr/bin/expect -f

spawn sudo echo session is active ?
expect {
  "password" { send "mypassword\r" }
  "session is active ?" {}
}
exit

and it also didn't help...

I appreciate any help.
Thanks.

Simon Bridge 11-07-2008 01:37 AM

It is strongly discouraged to allow any user to operate sudo without a password, including yourself. Note - if you do a lot of sudoing in one go, you need your password only the once for the sudo session anyway.

You con increase the timeout period if you want - but remember to explicitly kill the session after.

There is often sudo su - to get you a root shell.

If you find yourself routinely running commands that you need scripts to handle them, consider organizing things so they can be run as cron jobs.

Similarly for scripts - let root run root scripts - not users.

You have a world-class secure OS there, please do not dismantle the very features keeping all of us safer. Look for another way to acheive your ends. Thanks.

Back to your question:
In what way are the changes you made "not working"? (eg. Can you still use sudo - but still need a password, or can you not sudo at all now?)

Did you logout/login after making the changes?

majkinetor 11-07-2008 07:36 AM

Quote:

It is strongly discouraged to allow any user to operate sudo without a password, including yourself. Note - if you do a lot of sudoing in one go, you need your password only the once for the sudo session anyway.

You con increase the timeout period if you want - but remember to explicitly kill the session after.
There is often sudo su - to get you a root shell.
If you find yourself routinely running commands that you need scripts to handle them, consider organizing things so they can be run as cron jobs.
Similarly for scripts - let root run root scripts - not users.
You have a world-class secure OS there, please do not dismantle the very features keeping all of us safer. Look for another way to acheive your ends. Thanks.
I am running experimental system on VM and its security is not important at all. I am the only user. In other words, I don't care about "world-class secure OS" feature of Ubuntu atm. I just care about repeating password every 15 minutes.

Quote:

In what way are the changes you made "not working"? (eg. Can you still use sudo - but still need a password, or can you not sudo at all now?)
Did you logout/login after making the changes?
They are not working related to my original wish. It still requires password.
I think I did restart the system, but I am not sure. I will check it out again and post it here if that fixes the problem. I didn't know you need to logout for this to take effect.

About exp script it always asks for password, even if run multiple times. Actually, since automation is one of my primary ways of expression, I would really like to know what is the problem with exp script and to see version that works. I already explained what I am trying to achieve - refresh_sudo when called will either return if sudo session is still active or open another sudo session if not, by automatically filling in password.

Thanks


All times are GMT -5. The time now is 03:23 AM.