LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   sudoers configuration problem (https://www.linuxquestions.org/questions/linux-software-2/sudoers-configuration-problem-805675/)

xcoldfyrex 05-03-2010 12:39 PM

sudoers configuration problem
 
Is it possible to allow a group/user to execute a command, where one of the parameters of the command is a group as well?

example that does not work as intended:
Code:

Cmnd_alias SU=/bin/su -l %group1
This example works sortof, it treats the "%group1" literally.
I know I can list out the "/bin/su -l <eachuser>", but as you can imagine that is impractical. In this example, I want people in group2(not shown for brevity sake) to be able to su to someone in group1

vikas027 05-03-2010 02:03 PM

Hi,

As far as I know you need to create a User Alias first. For example,
Code:

User_Alias        ABC = %group_name
and then you need to create command aliases.

xcoldfyrex 05-03-2010 03:19 PM

Here is exactly what I currently have:
Code:

User_Alias        SCRIPTS = %scripts
Cmnd_Alias        SU=/bin/su -l SCRIPTS
%eng            ALL=SU

Let's say eng is everyone, the scripts group are misc users of which blah is a member of.
As a user in the eng group:

Code:

-bash-3.2$ sudo su -l SCRIPTS
Password:
su: user SCRIPTS does not exist
-bash-3.2$ sudo su -l blah
Sorry, user dummy is not allowed to execute '/bin/su -l blah' as root on localhost.localdomain.

sudo is still treating the parameter for su as a literal string

vikas027 05-04-2010 01:50 PM

Hi,

Now, I have two questions in mind.

1) How are you editing /etc/sudoers file. I recommend using visudo and then try. It will check for any syntax errors.

2) Secondly, as per my knowledge there should be a script group in your system.
Please paste output of
Code:

grep -i scripts /etc/group

Scottish-Stephanie 06-05-2010 07:10 PM

Hi everyone.

I am having a sudoers configuration problem. I have come from Ubuntu and I am now using Fedora 12. I want to write Bash shell scripts so I need to add 'Stephanie' to the sudoers list. I have type visudo but I don't know where to add my name to the sudoers list.
Typing grep -i scripts /etc/group produces no output just a return to the shell prompt.

[Stephanie@laptop ~]$ grep -i scripts /etc/group
[Stephanie@laptop ~]$

Karl Godt 06-06-2010 04:34 PM

I am not sure but most know editors like vi, vim, ed, nano + leafpad, geany, gedit, kate
in such cases installer (root) previleges might be needded with sudo
passwords are sometimes in files that are called "siesta"
try sudo grep
Quote:

[Stephanie@laptop ~]$ grep -i scripts /etc/group
the $ is used to indicate sudo while # root (suse and grub use > for example)

Code:

# grep -i scripts /etc
# cat /etc
cat: /etc: Is a directory
# cat /etc/group
root:x:0:
daemon:x:1:
tty:x:2:
ppp:x:200:
users:x:500:
nobody:x:65534:
guest:x:501:
spot:x:502:spot
bin::2:root,bin,daemon
audio::17:
503:x:503:messagebus
ftp:x:1000:
dip:x:30:
uucp::10:
lpadmin::112:root,spot,nobody,guest
netdev::113:
haldaemon::119:
sshd::33:sshd
webgroup:x:504:
#

Code:

# less /etc/group




root:x:0:
daemon:x:1:
tty:x:2:
ppp:x:200:
users:x:500:
nobody:x:65534:
guest:x:501:
spot:x:502:spot
bin::2:root,bin,daemon
audio::17:
503:x:503:messagebus
ftp:x:1000:
dip:x:30:
uucp::10:
lpadmin::112:root,spot,nobody,guest
netdev::113:
haldaemon::119:
sshd::33:sshd
webgroup:x:504:
~

Code:

# cd /etc
# ls -a
.                  inittabPREV1      profile.d
..                  inputrc            protocols
axelrc              issue              protocols-OLD
ayttmrc            keymap            Puppybackgroundpicture
cdrecord.conf      ld.so.cache        puppyversion
codepage            ld.so.conf        ramdiskfssize
cups                localtime          ramdisksize
default            mailcap            rc.d
desktop_icon_theme  mime.types        README.txt
dhcpcd.sh          mke2fs.conf        resolv.conf
DISTRO_SPECS        modprobe.conf      sane.d
eventmanager        modprobe_includes  securetelnetrc
fdprm              modules            services
floppy              modules.conf      shadow
fontmap            mousebuttons      smb.conf
fonts              mousedevice        ssl
foomatic            mtab              udev
fstab              NETWORKING        usb_modeswitch.conf
gadmin-rsync        networkmodules    videomode
group              networks          wgetrc
gshadow            network-wizard    windowmanager
gtk-2.0            nscd.conf          wpa_supplicant.conf
gxine              nsswitch.conf      wvdial.conf
hiawatha            oldmousedevice    wvdial_options
host.conf          opt                X11
hostname            pango              xdg
hosts              passwd            xextraoptions
hosts.allow        pcmcia            .XLOADED
hosts.deny          ppp                xorgoverrides
init.d              printcap
inittab            profile
#


Karl Godt 06-07-2010 10:18 AM

just want to add that
sudo nano /etc/group

Cont+x
Y
ENTER

works at X-Ubuntu 9.10 liveCD
but
nano /etc/group

ENTER
permission denied

for the moment I have deleted /etc/group
using tee comand
and now I am asked for a password :)

RockDoctor 06-07-2010 11:51 AM

Quote:

Originally Posted by Scottish-Stephanie (Post 3993807)
Hi everyone.

I am having a sudoers configuration problem. I have come from Ubuntu and I am now using Fedora 12. I want to write Bash shell scripts so I need to add 'Stephanie' to the sudoers list. I have type visudo but I don't know where to add my name to the sudoers list.
Typing grep -i scripts /etc/group produces no output just a return to the shell prompt.

[Stephanie@laptop ~]$ grep -i scripts /etc/group
[Stephanie@laptop ~]$

From my Fedora Rawhide /etc/sudoers file:
Code:

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)      ALL
rockdoctor      ALL=(ALL)      ALL

I just ran visudo as root and added the line you see above for user rockdoctor. Didn't mess with groups (the % sign in front of wheel indicates a group).

Karl Godt 06-07-2010 06:32 PM

Quote:

[root@fedora ~]# cat >> create-linux-file.txt
this is the line appends to create-linux-file.txt
this is an example on using redirection to appends text
http://www.labtestproject.com/linuxcmd/cat_command.html
Code:

ubuntu@ubuntu:~$ sudo nano /etc/shadow
ubuntu@ubuntu:~$ sudo nano /etc/passwd
ubuntu@ubuntu:~$ sudo nano /etc/sudoers
ubuntu@ubuntu:~$ cat >>/etc/group
bash: /etc/group: Permission denied
ubuntu@ubuntu:~$ sudo cat>>/etc/group
bash: /etc/group: Permission denied 
ubuntu@ubuntu:~$ sudo bash         
root@ubuntu:~# cat >>/etc/groupENTER
STEPHANE:x:987:ENTER,Cont+d             
root@ubuntu:~# cat /etc/group 
root:x:0:                     
daemon:x:1:                   
bin:x:2:                     
sys:x:3:                     
adm:x:4:ubuntu               
tty:x:5:                     
disk:x:6:                     
lp:x:7:                       
mail:x:8:                     
news:x:9:                     
uucp:x:10:                   
man:x:12:                     
proxy:x:13:                   
kmem:x:15:                   
dialout:x:20:ubuntu           
fax:x:21:                     
voice:x:22:                   
cdrom:x:24:ubuntu             
floppy:x:25:                 
tape:x:26:                   
sudo:x:27:                   
audio:x:29:                   
dip:x:30:                     
www-data:x:33:               
backup:x:34:                 
operator:x:37:               
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:ubuntu
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
syslog:x:102:
klog:x:103:
scanner:x:104:
nvram:x:105:
fuse:x:106:
ssl-cert:x:107:
crontab:x:108:
mlocate:x:109:
ssh:x:110:
avahi-autoipd:x:111:
lpadmin:x:112:ubuntu
netdev:x:113:
saned:x:114:
messagebus:x:115:
avahi:x:116:
polkituser:x:117:
haldaemon:x:118:
admin:x:119:ubuntu
ubuntu:x:999:
sambashare:x:120:ubuntu
STEPHANE:x:987:
root@ubuntu:~#

found me kubuntu 8.10 live umts working:)

Scottish-Stephanie 06-08-2010 05:31 PM

Quote:

Originally Posted by RockDoctor (Post 3995562)
From my Fedora Rawhide /etc/sudoers file:
Code:

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)      ALL
rockdoctor      ALL=(ALL)      ALL

I just ran visudo as root and added the line you see above for user rockdoctor. Didn't mess with groups (the % sign in front of wheel indicates a group).


Rockdoctor, I added 'Stephanie' to the 'run all commands' section, but in vim when I do the following ':wq sudoers', I get the following 'E13: File exists (add ! to override)', I then enter :wq! sudoers and vim exits, but when I check the sudoers file in Nano all my changes have disappeared. Editing the sudoers list is no problem it is getting vim to write and exit that is now the problem.

chrism01 06-09-2010 04:47 AM

If you open a file in vim, there's no need to specify the filename at exit. Also, :wq is the long version (write+quit). Just use :x (eXit with save), so

vim sudoers

<now do edits...>

<now exit with save>
:x


All times are GMT -5. The time now is 03:46 AM.