FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS Docs

 
 
LinkBack Thread Tools
 
Old 04-18-2008, 07:14 PM
"Akemi Yagi"
 
Default becoming root

On Fri, Apr 18, 2008 at 12:09 PM, Manuel Wolfshant
<wolfy@nobugconsulting.ro> wrote:
> On 04/18/2008 09:27 PM, Akemi Yagi wrote:
>
> > Looking good to me. One thing that may be worth mentioning is that
> > all sudo commands are logged in /var/log/secure. In the above
> > example, it will look like:
> >
> > Apr 18 11:23:17 localhost sudo: bob : TTY=pts/0 ; PWD=/home/bob ;
> > USER=root ; COMMAND=/bin/ping -c 10 -i 0 localhost
> >
> > I think this is a nice feature. Commands executed by real root are
> > not logged except in root's .history file, if I'm not mistaken.
> >
> you are not mistaken
>
> should I mention that my /etc/sudoers ends for quite sometime with:
> wolfy ALL=(ALL) NOPASSWD: ALL
> ? neah, guess not

Well, I have that line all over the place (except it does not say wolfy) :-D

Akemi
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-18-2008, 07:25 PM
Nils Ratusznik
 
Default becoming root

Akemi Yagi a écrit :

On Fri, Apr 18, 2008 at 12:09 PM, Manuel Wolfshant
<wolfy@nobugconsulting.ro> wrote:


On 04/18/2008 09:27 PM, Akemi Yagi wrote:



Looking good to me. One thing that may be worth mentioning is that
all sudo commands are logged in /var/log/secure. In the above
example, it will look like:

Apr 18 11:23:17 localhost sudo: bob : TTY=pts/0 ; PWD=/home/bob ;
USER=root ; COMMAND=/bin/ping -c 10 -i 0 localhost

I think this is a nice feature. Commands executed by real root are
not logged except in root's .history file, if I'm not mistaken.



you are not mistaken

should I mention that my /etc/sudoers ends for quite sometime with:
wolfy ALL=(ALL) NOPASSWD: ALL
? neah, guess not



Well, I have that line all over the place (except it does not say wolfy) :-D

Akemi




You both know what you are doing, right?
Do all the people who will read this wiki page know what the will do
with this?
I prefer people guessing this and be aware of what they do instead of
not learning what sudo is and what are its possibilities.


Nils
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-18-2008, 07:39 PM
Manuel Wolfshant
 
Default becoming root

On 04/18/2008 10:25 PM, Nils Ratusznik wrote:


You both know what you are doing, right?

Yes, we do. We both are _very_ experienced.


Do all the people who will read this wiki page know what the will do
with this?
No, they will not, unless this is explicitly explained. And with a big
fat warning sign attached



_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-19-2008, 12:23 PM
Ned Slider
 
Default becoming root

Nils Ratusznik wrote:

Akemi Yagi a écrit :

Excellent! Guess Alan can polish it up if needed :-D

Akemi

Your help is also welcome

Here is what I wrote. I wrote it without wiki syntax so someone will
surely polish it up.


Regards,

Nils


Hi Nils,

Your sudo content has now been posted to the Wiki:

http://wiki.centos.org/TipsAndTricks/BecomingRoot

Please do check that I haven't messed up any of the formatting and it
appears as you intended


Thank you again for the contribution!

*Everyone* I think we're nearing the point that we can sign off on this
page, and link to it in the TipsAndTricks/Admin tricks and shell
one-liners section once everyone is happy with the content. Any thoughts?


Regards,

Ned
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-19-2008, 01:24 PM
"Alan Bartlett"
 
Default becoming root

Ned,

On 19/04/2008, Ned Slider <ned@unixmail.co.uk> wrote:


http://wiki.centos.org/TipsAndTricks/BecomingRoot


*Everyone* I think we're nearing the point that we can sign off on this page, and link to it in the TipsAndTricks/Admin tricks and shell one-liners section once everyone is happy with the content. Any thoughts?

I seem to recall Ralph writing:

> Please mention the bash manual page (and the section about login
> shells), where this behaviour is explained in more detail.


Apart from that, it seems to be looking good.

Alan.


_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-19-2008, 03:31 PM
Ned Slider
 
Default becoming root

Alan Bartlett wrote:



I seem to recall Ralph writing:


Please mention the bash manual page (and the section about login
shells), where this behaviour is explained in more detail.


Apart from that, it seems to be looking good.

Alan.



I kind of did here (end of su section):

"For a more detailed explanation, see the bash manual page (man bash),
particularly the section on INVOCATION and login shells."


If you think it needs more, or a better explanation, feel free

I'm sure there's other stuff too that people suggested that has been
forgotten/missed


_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-19-2008, 04:41 PM
"Alan Bartlett"
 
Default becoming root

Ned,

On 19/04/2008, Ned Slider <ned@unixmail.co.uk> wrote:

I seem to recall Ralph writing:




Please mention the bash manual page (and the section about login

shells), where this behaviour is explained in more detail.




I kind of did here (end of su section):



"For a more detailed explanation, see the bash manual page (man bash), particularly the section on INVOCATION and login shells."



If you think it needs more, or a better explanation, feel free
Oops. My eye-sight must *really* be failing me. Sorry.

Alan.


_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-19-2008, 07:20 PM
Ned Slider
 
Default becoming root

Alan Bartlett wrote:

Ned,

On 19/04/2008, Ned Slider <ned@unixmail.co.uk> wrote:

I seem to recall Ralph writing:

Please mention the bash manual page (and the section about login

shells), where this behaviour is explained in more detail.


I kind of did here (end of su section):

"For a more detailed explanation, see the bash manual page (man bash),
particularly the section on INVOCATION and login shells."

If you think it needs more, or a better explanation, feel free



Oops. My eye-sight must *really* be failing me. Sorry.

Alan.



Cool - just wasn't sure if it needed something more
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-20-2008, 01:12 AM
"Akemi Yagi"
 
Default becoming root

On Sat, Apr 19, 2008 at 12:20 PM, Ned Slider <ned@unixmail.co.uk> wrote
>
> Cool - just wasn't sure if it needed something more

I have made some minor addition and changes to the sudo section. Hope
it is still looking good.

Akemi
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-20-2008, 10:51 AM
Nils Ratusznik
 
Default becoming root

Akemi Yagi a écrit :

On Sat, Apr 19, 2008 at 12:20 PM, Ned Slider <ned@unixmail.co.uk> wrote


Cool - just wasn't sure if it needed something more



I have made some minor addition and changes to the sudo section. Hope
it is still looking good.

Akemi

Hi,

it is still looking good to me. Just two little things :
- Do we consider people who reach this page know at least how to edit a
file with vi? I ask this because I mentionned how to save the sudoers
file but not how to edit it; since it is a sudo howto and not a vi
howto, maybe this part could be changed (something like : if you don't
know how to use vi, follow this link, with a link to a vi howto).
- About the NOPASSWD version of the quick and dirty setup : I'm not
against it if there is a big fat warning sign attached.


Nils
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 

Thread Tools




All times are GMT. The time now is 10:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org