Sudo does not allow access to root commands
 

In order to allow me to shutdown my PC from within fluxbox without being root I ran "visudo" and added the following line:A check that the line had been accepted showed all ok:Yet when I tested it out, I got nowhere:Have I done something wrong or isn't sudo meant to be used this way?

Hello,

Where did you put that line in the sudoers file? The order of the statements is very important. I think you'll have a line like
after yours. Put your line after that one and try again.

Kind regards,

Eric

The statement is at the bottom of the file - effectively just after the "root ALL=(ALL) ALL" statement since all of the lines in between are just comments.

Nothing related to your problem, but may I ask why you allow your user to run all commands without passwords (which is a very bad idea), if you only want to grant rights for exactly one command?

It just saves me having to re-edit the file later if I want to access other commands (eg mount/umount). I don't see it as anymore risky than running "su" - especially since I (and only I) already know all the passwords.

It is essential that sudo can be run without a password so that I can include the sudo command in the menu (or wbar).

@psionl0: The key to your problem is "command not found". The $PATH of your user does not include /sbin.

For example I would assume the following will work:
Either issue the commands with the full path like I did above or edit your path variable to include directories such as /usr/local/sbin, /sbin and /usr/sbin.

If you use bash as your shell you could add these to your $PATH as follows.

After this edit you will need to restart your terminal or just issue the following on its own:

If you don't use bash, look up how to configure the path for your preferred shell.

You didn't ask for it but you might also want to add the following to your ~/.bashrc (if you use bash):

That's EXACTLY what the problem was. Many thanks for your assistance.

cheers
psionl0

But it is more risky. If anyone breaks into your system (to your normal user account, which should be not very difficult), he can do whatever he wants on your system, because he needs no password for becoming root. With su he always needs that password. That said, you are compromising your systems security, just because you don't want to edit a file later again? For pure laziness (sorry I have to say that)?

Wow, I would never hire you as an administrator.

LOL I don't see it that way. It would be no easier to break into my account than it would be to break into the root account.

Sure, if more people were likely to have access to my computer, I would tighten up security but everybody in my household is afraid to go near my computer (and I'm such a nice guy too ;) ).

If it makes you feel any better, I have decided not to modify my $PATH environment. That should help protect my computer if I happen to be a TFI at times.

BTW I have clobbered the permissions on this computer's "guest" account.

Of course it is easier to break into your account than into the root account. Or are you surfing the net as root? There will ever be bugs in mostly any software that can be used to write an exploit. Assuming you use Firefox, there are surely exploits that one can use to get access to your system. Not having a password for your root account (that is the same as passwordless sudo) is an invitation to break things.
This way, there is also no need to get physical access to your computer. Not setting the path to prevent things like that is the same as closing your eyes to not be seen by anyone else.

I mean, it is your system, and you can do what you want with it, I just want to say that the way you set it up is an invitation for any script-kiddie to make evil things with it.

Interesting point about "script-kiddie". I was under the impression that a properly setup firewall provided adequate protection on a linux system (even though the PC still responds to "ping" requests).

Since you have made such an eloquent case against unrestricted sudo access, I have limited myself to just shutdown, mount and umount. I can no longer sudo pkgtool anymore.

cheers
psionl0

pros and cons:

- script kiddies are not likely to run your special commands via sudo; those script kiddies probably know about Linux by then and even then it's only targeted at those people who actually have a sudoers file setup and then only those that have the permissions like ALL ALL NOPASSWD. Unlikely for script kiddies, not that unlikely for malicious malware.

- firewalls are only protection for assaults from the outside world, attempts to enter your system. Such a thing is not necessary if you provide the information yourself by visiting bad websites.

- question is how bad it is if a person gets access to the root account of someone's personal system compared to the actual user's account. Given that you keep your sensitive information on said user's account. Financial information, credit cards etc are the things they're most intersted in. That's where your damage will be. That your system reboots once or twice is something you'll notice, but hardly grind you down.

That's different for companies who rely on their website (a defaced website is bad publicity for most companies who do something on the web, as well as limiting the means their customers can do business with them, etc...) Aside from that, with the root account you can do worse things there than just that, overriding everything (discarding SELinux at this moment for I am lazy too)

That said: I think it's bad practice to have the sudoers as stated above in a company situation. My system rebooting or my website defaced are the least of my problems if my system's security is compromised. So a password-less sudo in a personal computer situation is not something I'd advocate against so strongly as against professional use.