Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-29-2004, 09:29 PM
|
#1
|
LQ Newbie
Registered: Aug 2004
Posts: 6
Rep:
|
Sudo authorizes me with incorrect password?
I am trying to set up sudo, and I have succeeded, but I have reason to believe it's not working the way I want. My username is jherm, and I have tried adding stuff to my sudoers file. Sudo then works from user jherm, but when it prompts me for a password, and I enter ROOT password, it fails, but when I enter my own user's password, it works?
I thought the point of sudo was to run commands as root, like su, but for just one command. Why would su ask me for root's password, and work, but sudo not work when I entered ROOT's password?
Can you tell me what to add to make sudo do what I want it to do?
Code:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
jherm ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
|
|
|
08-29-2004, 09:35 PM
|
#2
|
Senior Member
Registered: Feb 2003
Location: N'rn WI -- USA
Distribution: Kubuntu 8.04, ClarkConnect 4
Posts: 1,142
Rep:
|
sudo is more secure, because root controls what users can do, and they don't know root's password. If sudo required root's password, users would be able to just login as root and do whatever they want, rather than only what root has allowed them to do with sudo.
It's also secure because if somebody gets onto your computer while you step away for a minute, they still need your password to sudo anything. Or, if you get a nasty program off the internet, and run it as a user, if it has a sudo command in it, it will ask for your password, and you'll know something's up. That's one reason you shouldn't set any users with NOPASSWD in sudoers conf file.
Last edited by ranger_nemo; 08-29-2004 at 09:37 PM.
|
|
|
08-29-2004, 09:49 PM
|
#3
|
LQ Newbie
Registered: Aug 2004
Posts: 6
Original Poster
Rep:
|
Alright, so now I get it, sudo doesn't ask for root's password because root has already authorized me to sudo some command via the sudoers file.
Still, that doesn't solve my problem. If anyone has any ideas, please post.
|
|
|
08-29-2004, 10:05 PM
|
#4
|
LQ Newbie
Registered: Aug 2004
Location: Mexico
Distribution: Debian
Posts: 16
Rep:
|
A sample sudoers file
# User alias specification
User_Alias ILDE = ilde
User_Alias STAFF = anita,fanny
User_Alias ADMIN = ilde,jules
# Cmnd alias specification
Cmnd_Alias SHUTDOWN=/sbin/shutdown
Cmnd_Alias IFCONFIG=/sbin/ifconfig
Cmnd_Alias PON=/usr/bin/pon
Cmnd_Alias POFF=/usr/bin/poff
Cmnd_Alias PLOG=/usr/bin/plog
Cmnd_Alias LPQ=/usr/bin/lpq
Cmnd_Alias PING=/bin/ping
...
...
# User privilege specification
root ALL=(ALL) ALL
ILDE ALL=NOPASSWD: SHUTDOWN,UPDATEDB
STAFF ALL=NOPASSWD: SHUTDOWN,IFCONFIG,PON,POFF,LPC,MOUNT,UMOUNT,LPRM
ADMIN ALL=NOPASSWD: ADDUSER,DELUSER,PING,APTGET,DSELECT,MKE2FS
|
|
|
08-29-2004, 10:15 PM
|
#5
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
You (jherm) already have access to run any command as any user. What isn't working about it?
|
|
|
All times are GMT -5. The time now is 04:25 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|