LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-03-2010, 01:39 PM   #1
xcoldfyrex
LQ Newbie
 
Registered: May 2006
Location: Sunnyvale,CA
Distribution: gentoo
Posts: 20

Rep: Reputation: 0
sudoers configuration problem


Is it possible to allow a group/user to execute a command, where one of the parameters of the command is a group as well?

example that does not work as intended:
Code:
Cmnd_alias SU=/bin/su -l %group1
This example works sortof, it treats the "%group1" literally.
I know I can list out the "/bin/su -l <eachuser>", but as you can imagine that is impractical. In this example, I want people in group2(not shown for brevity sake) to be able to su to someone in group1
 
Old 05-03-2010, 03:03 PM   #2
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107
Lightbulb

Hi,

As far as I know you need to create a User Alias first. For example,
Code:
User_Alias	ABC = %group_name
and then you need to create command aliases.
 
Old 05-03-2010, 04:19 PM   #3
xcoldfyrex
LQ Newbie
 
Registered: May 2006
Location: Sunnyvale,CA
Distribution: gentoo
Posts: 20

Original Poster
Rep: Reputation: 0
Here is exactly what I currently have:
Code:
User_Alias	SCRIPTS = %scripts
Cmnd_Alias	SU=/bin/su -l SCRIPTS
%eng            ALL=SU
Let's say eng is everyone, the scripts group are misc users of which blah is a member of.
As a user in the eng group:

Code:
-bash-3.2$ sudo su -l SCRIPTS
Password: 
su: user SCRIPTS does not exist
-bash-3.2$ sudo su -l blah
Sorry, user dummy is not allowed to execute '/bin/su -l blah' as root on localhost.localdomain.
sudo is still treating the parameter for su as a literal string
 
Old 05-04-2010, 02:50 PM   #4
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107
Hi,

Now, I have two questions in mind.

1) How are you editing /etc/sudoers file. I recommend using visudo and then try. It will check for any syntax errors.

2) Secondly, as per my knowledge there should be a script group in your system.
Please paste output of
Code:
grep -i scripts /etc/group
 
Old 06-05-2010, 08:10 PM   #5
Scottish-Stephanie
LQ Newbie
 
Registered: Jun 2010
Posts: 5

Rep: Reputation: 0
Hi everyone.

I am having a sudoers configuration problem. I have come from Ubuntu and I am now using Fedora 12. I want to write Bash shell scripts so I need to add 'Stephanie' to the sudoers list. I have type visudo but I don't know where to add my name to the sudoers list.
Typing grep -i scripts /etc/group produces no output just a return to the shell prompt.

[Stephanie@laptop ~]$ grep -i scripts /etc/group
[Stephanie@laptop ~]$
 
Old 06-06-2010, 05:34 PM   #6
Karl Godt
Member
 
Registered: Mar 2010
Location: Kiel , Germany
Distribution: once:SuSE6.2,Debian3.1, aurox9.2+3,Mandrake?,DSL? then:W7st,WVHB, #!8.10.02,PUPPY4.3.1 now:Macpup
Posts: 314

Rep: Reputation: 45
I am not sure but most know editors like vi, vim, ed, nano + leafpad, geany, gedit, kate
in such cases installer (root) previleges might be needded with sudo
passwords are sometimes in files that are called "siesta"
try sudo grep
Quote:
[Stephanie@laptop ~]$ grep -i scripts /etc/group
the $ is used to indicate sudo while # root (suse and grub use > for example)

Code:
# grep -i scripts /etc
# cat /etc
cat: /etc: Is a directory
# cat /etc/group
root:x:0:
daemon:x:1:
tty:x:2:
ppp:x:200:
users:x:500:
nobody:x:65534:
guest:x:501:
spot:x:502:spot
bin::2:root,bin,daemon
audio::17:
503:x:503:messagebus
ftp:x:1000:
dip:x:30:
uucp::10:
lpadmin::112:root,spot,nobody,guest
netdev::113:
haldaemon::119:
sshd::33:sshd
webgroup:x:504:
#
Code:
# less /etc/group




root:x:0:
daemon:x:1:
tty:x:2:
ppp:x:200:
users:x:500:
nobody:x:65534:
guest:x:501:
spot:x:502:spot
bin::2:root,bin,daemon
audio::17:
503:x:503:messagebus
ftp:x:1000:
dip:x:30:
uucp::10:
lpadmin::112:root,spot,nobody,guest
netdev::113:
haldaemon::119:
sshd::33:sshd
webgroup:x:504:
~
Code:
# cd /etc
# ls -a
.                   inittabPREV1       profile.d
..                  inputrc            protocols
axelrc              issue              protocols-OLD
ayttmrc             keymap             Puppybackgroundpicture
cdrecord.conf       ld.so.cache        puppyversion
codepage            ld.so.conf         ramdiskfssize
cups                localtime          ramdisksize
default             mailcap            rc.d
desktop_icon_theme  mime.types         README.txt
dhcpcd.sh           mke2fs.conf        resolv.conf
DISTRO_SPECS        modprobe.conf      sane.d
eventmanager        modprobe_includes  securetelnetrc
fdprm               modules            services
floppy              modules.conf       shadow
fontmap             mousebuttons       smb.conf
fonts               mousedevice        ssl
foomatic            mtab               udev
fstab               NETWORKING         usb_modeswitch.conf
gadmin-rsync        networkmodules     videomode
group               networks           wgetrc
gshadow             network-wizard     windowmanager
gtk-2.0             nscd.conf          wpa_supplicant.conf
gxine               nsswitch.conf      wvdial.conf
hiawatha            oldmousedevice     wvdial_options
host.conf           opt                X11
hostname            pango              xdg
hosts               passwd             xextraoptions
hosts.allow         pcmcia             .XLOADED
hosts.deny          ppp                xorgoverrides
init.d              printcap
inittab             profile
#
 
Old 06-07-2010, 11:18 AM   #7
Karl Godt
Member
 
Registered: Mar 2010
Location: Kiel , Germany
Distribution: once:SuSE6.2,Debian3.1, aurox9.2+3,Mandrake?,DSL? then:W7st,WVHB, #!8.10.02,PUPPY4.3.1 now:Macpup
Posts: 314

Rep: Reputation: 45
just want to add that
sudo nano /etc/group

Cont+x
Y
ENTER

works at X-Ubuntu 9.10 liveCD
but
nano /etc/group

ENTER
permission denied

for the moment I have deleted /etc/group
using tee comand
and now I am asked for a password
 
Old 06-07-2010, 12:51 PM   #8
RockDoctor
Senior Member
 
Registered: Nov 2003
Location: Minnesota, US
Distribution: Fedora, Ubuntu, Linux Mint
Posts: 1,710

Rep: Reputation: 400Reputation: 400Reputation: 400Reputation: 400Reputation: 400
Quote:
Originally Posted by Scottish-Stephanie View Post
Hi everyone.

I am having a sudoers configuration problem. I have come from Ubuntu and I am now using Fedora 12. I want to write Bash shell scripts so I need to add 'Stephanie' to the sudoers list. I have type visudo but I don't know where to add my name to the sudoers list.
Typing grep -i scripts /etc/group produces no output just a return to the shell prompt.

[Stephanie@laptop ~]$ grep -i scripts /etc/group
[Stephanie@laptop ~]$
From my Fedora Rawhide /etc/sudoers file:
Code:
## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL
rockdoctor      ALL=(ALL)       ALL
I just ran visudo as root and added the line you see above for user rockdoctor. Didn't mess with groups (the % sign in front of wheel indicates a group).
 
Old 06-07-2010, 07:32 PM   #9
Karl Godt
Member
 
Registered: Mar 2010
Location: Kiel , Germany
Distribution: once:SuSE6.2,Debian3.1, aurox9.2+3,Mandrake?,DSL? then:W7st,WVHB, #!8.10.02,PUPPY4.3.1 now:Macpup
Posts: 314

Rep: Reputation: 45
Quote:
[root@fedora ~]# cat >> create-linux-file.txt
this is the line appends to create-linux-file.txt
this is an example on using redirection to appends text
http://www.labtestproject.com/linuxcmd/cat_command.html
Code:
ubuntu@ubuntu:~$ sudo nano /etc/shadow
ubuntu@ubuntu:~$ sudo nano /etc/passwd
ubuntu@ubuntu:~$ sudo nano /etc/sudoers
ubuntu@ubuntu:~$ cat >>/etc/group
bash: /etc/group: Permission denied
ubuntu@ubuntu:~$ sudo cat>>/etc/group
bash: /etc/group: Permission denied  
ubuntu@ubuntu:~$ sudo bash           
root@ubuntu:~# cat >>/etc/groupENTER
STEPHANE:x:987:ENTER,Cont+d              
root@ubuntu:~# cat /etc/group  
root:x:0:                      
daemon:x:1:                    
bin:x:2:                       
sys:x:3:                       
adm:x:4:ubuntu                 
tty:x:5:                       
disk:x:6:                      
lp:x:7:                        
mail:x:8:                      
news:x:9:                      
uucp:x:10:                     
man:x:12:                      
proxy:x:13:                    
kmem:x:15:                     
dialout:x:20:ubuntu            
fax:x:21:                      
voice:x:22:                    
cdrom:x:24:ubuntu              
floppy:x:25:                   
tape:x:26:                     
sudo:x:27:                     
audio:x:29:                    
dip:x:30:                      
www-data:x:33:                 
backup:x:34:                   
operator:x:37:                 
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:ubuntu
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
syslog:x:102:
klog:x:103:
scanner:x:104:
nvram:x:105:
fuse:x:106:
ssl-cert:x:107:
crontab:x:108:
mlocate:x:109:
ssh:x:110:
avahi-autoipd:x:111:
lpadmin:x:112:ubuntu
netdev:x:113:
saned:x:114:
messagebus:x:115:
avahi:x:116:
polkituser:x:117:
haldaemon:x:118:
admin:x:119:ubuntu
ubuntu:x:999:
sambashare:x:120:ubuntu
STEPHANE:x:987:
root@ubuntu:~#
found me kubuntu 8.10 live umts working
 
Old 06-08-2010, 06:31 PM   #10
Scottish-Stephanie
LQ Newbie
 
Registered: Jun 2010
Posts: 5

Rep: Reputation: 0
Quote:
Originally Posted by RockDoctor View Post
From my Fedora Rawhide /etc/sudoers file:
Code:
## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL
rockdoctor      ALL=(ALL)       ALL
I just ran visudo as root and added the line you see above for user rockdoctor. Didn't mess with groups (the % sign in front of wheel indicates a group).

Rockdoctor, I added 'Stephanie' to the 'run all commands' section, but in vim when I do the following ':wq sudoers', I get the following 'E13: File exists (add ! to override)', I then enter :wq! sudoers and vim exits, but when I check the sudoers file in Nano all my changes have disappeared. Editing the sudoers list is no problem it is getting vim to write and exit that is now the problem.
 
Old 06-09-2010, 05:47 AM   #11
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,682

Rep: Reputation: 2490Reputation: 2490Reputation: 2490Reputation: 2490Reputation: 2490Reputation: 2490Reputation: 2490Reputation: 2490Reputation: 2490Reputation: 2490Reputation: 2490
If you open a file in vim, there's no need to specify the filename at exit. Also, :wq is the long version (write+quit). Just use :x (eXit with save), so

vim sudoers

<now do edits...>

<now exit with save>
:x
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudoers file configuration torrent55 Debian 2 11-04-2008 04:10 AM
Create two entries for the sudoers configuration file - help! SheMoves Linux - Newbie 1 06-23-2008 02:30 PM
/etc/sudoers problem Braynid Linux - Newbie 4 10-21-2006 10:11 AM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 06:03 PM
Entries for sudoers configuration file Hikito Linux - Newbie 5 09-17-2004 01:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration