Sudoers syntax clarification.
Hi there,
Something odd which occured when I edited the "sudoers" file and I was wondering if its behaviour could be explained. It was on a Ubuntu 7.04 server box. Correct me if I'm wrong but in the following syntax : Code:
uncle ALL=(uncle) /sbin/fdisk ALL - any machine (uncle) - user which the command is run as When I log in as user "uncle" and run sudo fdisk -l the command runs perfectly. However, I was playing around with the syntax and this also works ! Code:
uncle uncle= /sbin/fdisk Cheers, Uncle |
As I understand it, your first sudo command should have failed with an error stating something like:
"Sorry, user uncle is not allowed to execute /sbin/fdisk as root" The second example should work. As you are not specifying a user to run the command root will be taken as default. When you specify a user: Code:
disillusionist ALL=(uncle) /usr/bin/vi Code:
sudo -u uncle vi test_file Possibly something like: Code:
%admin ALL=(ALL) ALL |
Quote:
The above entry is in my sudoers file. I also checked the /etc/group file and noticed that uncle was in the group admin. This must have happened during my initial ubuntu install when I was asked to create a non root user ( uncle). Is this user automatically added to group admin ? I now realise that user uncle can sudo without any alterations being made to the /etc/sudoers file as a result of this group affiliation. Obviously sudoers file changes would have to be made for user aunty to run privileged programs. You have been right on all accounts in your post. Thanks for clearing everything up. All makes sense now. Thanks again ! All good wishes, Uncle. |
Before modifying the sudoers file (using visudo) you may want to activate the root account for logins.
If anything goes wrong with your changes (and you can't run sudo commands) you would need either an active root session or the ability to login as root. To activate the root account (if you haven't already) type: Code:
sudo passwd |
All times are GMT -5. The time now is 12:19 PM. |