[SOLVED] Sudo does not allow access to root commands
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The statement is at the bottom of the file - effectively just after the "root ALL=(ALL) ALL" statement since all of the lines in between are just comments.
Nothing related to your problem, but may I ask why you allow your user to run all commands without passwords (which is a very bad idea), if you only want to grant rights for exactly one command?
Nothing related to your problem, but may I ask why you allow your user to run all commands without passwords (which is a very bad idea), if you only want to grant rights for exactly one command?
It just saves me having to re-edit the file later if I want to access other commands (eg mount/umount). I don't see it as anymore risky than running "su" - especially since I (and only I) already know all the passwords.
It is essential that sudo can be run without a password so that I can include the sudo command in the menu (or wbar).
@psionl0: The key to your problem is "command not found". The $PATH of your user does not include /sbin.
For example I would assume the following will work:
Code:
sudo /sbin/pkgtool
Either issue the commands with the full path like I did above or edit your path variable to include directories such as /usr/local/sbin, /sbin and /usr/sbin.
If you use bash as your shell you could add these to your $PATH as follows.
It just saves me having to re-edit the file later if I want to access other commands (eg mount/umount). I don't see it as anymore risky than running "su" - especially since I (and only I) already know all the passwords.
It is essential that sudo can be run without a password so that I can include the sudo command in the menu (or wbar).
But it is more risky. If anyone breaks into your system (to your normal user account, which should be not very difficult), he can do whatever he wants on your system, because he needs no password for becoming root. With su he always needs that password. That said, you are compromising your systems security, just because you don't want to edit a file later again? For pure laziness (sorry I have to say that)?
LOL I don't see it that way. It would be no easier to break into my account than it would be to break into the root account.
Sure, if more people were likely to have access to my computer, I would tighten up security but everybody in my household is afraid to go near my computer (and I'm such a nice guy too ).
If it makes you feel any better, I have decided not to modify my $PATH environment. That should help protect my computer if I happen to be a TFI at times.
BTW I have clobbered the permissions on this computer's "guest" account.
It would be no easier to break into my account than it would be to break into the root account.
Sure, if more people were likely to have access to my computer, I would tighten up security but everybody in my household is afraid to go near my computer (and I'm such a nice guy too )
Of course it is easier to break into your account than into the root account. Or are you surfing the net as root? There will ever be bugs in mostly any software that can be used to write an exploit. Assuming you use Firefox, there are surely exploits that one can use to get access to your system. Not having a password for your root account (that is the same as passwordless sudo) is an invitation to break things.
This way, there is also no need to get physical access to your computer. Not setting the path to prevent things like that is the same as closing your eyes to not be seen by anyone else.
I mean, it is your system, and you can do what you want with it, I just want to say that the way you set it up is an invitation for any script-kiddie to make evil things with it.
Interesting point about "script-kiddie". I was under the impression that a properly setup firewall provided adequate protection on a linux system (even though the PC still responds to "ping" requests).
Since you have made such an eloquent case against unrestricted sudo access, I have limited myself to just shutdown, mount and umount. I can no longer sudo pkgtool anymore.
- script kiddies are not likely to run your special commands via sudo; those script kiddies probably know about Linux by then and even then it's only targeted at those people who actually have a sudoers file setup and then only those that have the permissions like ALL ALL NOPASSWD. Unlikely for script kiddies, not that unlikely for malicious malware.
- firewalls are only protection for assaults from the outside world, attempts to enter your system. Such a thing is not necessary if you provide the information yourself by visiting bad websites.
- question is how bad it is if a person gets access to the root account of someone's personal system compared to the actual user's account. Given that you keep your sensitive information on said user's account. Financial information, credit cards etc are the things they're most intersted in. That's where your damage will be. That your system reboots once or twice is something you'll notice, but hardly grind you down.
That's different for companies who rely on their website (a defaced website is bad publicity for most companies who do something on the web, as well as limiting the means their customers can do business with them, etc...) Aside from that, with the root account you can do worse things there than just that, overriding everything (discarding SELinux at this moment for I am lazy too)
That said: I think it's bad practice to have the sudoers as stated above in a company situation. My system rebooting or my website defaced are the least of my problems if my system's security is compromised. So a password-less sudo in a personal computer situation is not something I'd advocate against so strongly as against professional use.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.