==============
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
07-09-2008, 02:52 PM
"Mário Gamito"
sudoers
Yes, I do.
On Wed, Jul 9, 2008 at 3:24 PM, Tharun Kumar Allu <tharun.allu@gmail.com> wrote:
>
>
> On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:
>>
>> Hi,
>>
>> I need to run /bin/mount and /sbin/mount.cifs commands as nobody user
>> (it has (bin/bash shell).
>>
>> So, I've edited /etc/sudoers and added:
>>
>> Cmnd_Alias CMD_MOUNT = /bin/mount
>> Cmnd_Alias CMD_CIFS ) = /sbin/mount.cifs
>>
>> nobody ALL = NOPASSWD: CMD_MOUNT
>> nobody ALL = NOPASSWD: CMD_CIFS
>>
>> But when I run the command as nobody (in the shell), I get the error:
>> "mount error 1 = Operation not permitted"
>>
>> Any ideas ?
>>
>> Any help would be appreciated.
>>
>> Warm Regards,
>> Mário Gamito
>>
>
> May be it is a stupid question but did you execute the command with sudo in
> logged in as user nobody
>
> nobody@yourserver$ sudo /bin/mount[.cifs]
>
> --
> Tharun Kumar Allu
> ==============
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
07-09-2008, 03:35 PM
"Tharun Kumar Allu"
sudoers
On Wed, Jul 9, 2008 at 10:52 AM, Mário Gamito <gamito@gmail.com> wrote:
Yes, I do.
On Wed, Jul 9, 2008 at 3:24 PM, Tharun Kumar Allu <tharun.allu@gmail.com> wrote:
>
>
> On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:
>>
>> Hi,
>>
>> I need to run /bin/mount and /sbin/mount.cifs commands as nobody user
>> (it has (bin/bash shell).
>>
>> So, I've edited /etc/sudoers and added:
>>
>> Cmnd_Alias * *CMD_MOUNT = /bin/mount
>> Cmnd_Alias * *CMD_CIFS ) = /sbin/mount.cifs
>>
>> nobody * * * * * ALL = NOPASSWD: CMD_MOUNT
>> nobody * * * * * ALL = NOPASSWD: CMD_CIFS
>>
>> But when I run the command as nobody (in the shell), I get the error:
>> "mount error 1 = Operation not permitted"
>>
>> Any ideas ?
>>
>> Any help would be appreciated.
>>
>> Warm Regards,
>> Mário Gamito
>>
>
> May be it is a stupid question but did you execute the command with sudo in
> logged in as user nobody
>
> nobody@yourserver$ sudo /bin/mount[.cifs]
>
Another stupid question are you editing /etc/sudoers using visudo? normally located at /usr/sbin/visudo
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
07-09-2008, 03:53 PM
Marc-Andre Levesque
sudoers
*
*
From:
centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Tharun Kumar Allu
Sent: July 9, 2008 11:36
To: CentOS
mailing list
Subject: Re: [CentOS] sudoers
*
*
On Wed, Jul 9, 2008 at 10:52 AM, Mário Gamito <gamito@gmail.com> wrote:
Yes, I do.
On Wed, Jul 9, 2008 at 3:24 PM, Tharun Kumar Allu <tharun.allu@gmail.com> wrote:
>
>
> On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:
>>
>> Hi,
>>
>> I need to run /bin/mount and /sbin/mount.cifs commands as nobody user
>> (it has (bin/bash shell).
>>
>> So, I've edited /etc/sudoers and added:
>>
>> Cmnd_Alias * *CMD_MOUNT = /bin/mount
>> Cmnd_Alias * *CMD_CIFS ) = /sbin/mount.cifs
>>
>> nobody * * * * * ALL = NOPASSWD: CMD_MOUNT
>> nobody * * * * * ALL = NOPASSWD: CMD_CIFS
>>
>> But when I run the command as nobody (in the shell), I get the error:
>> "mount error 1 = Operation not permitted"
>>
>> Any ideas ?
>>
>> Any help would be appreciated.
>>
>> Warm Regards,
>> Mário Gamito
>>
>
> May be it is a stupid question but did you execute the command with sudo
in
> logged in as user nobody
>
> nobody@yourserver$ sudo /bin/mount[.cifs]
>
Another stupid question are you editing /etc/sudoers using visudo? normally
located at /usr/sbin/visudo
*
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
07-09-2008, 04:11 PM
Marc-Andre Levesque
sudoers
Sorry for this accidental reply. But I
might as well take this opportunity to add to the thread.
Â*
First, look at the unneeded closing
parenthesis in the CMD_CIFS alias.
Second, have you tried ‘sudo –l’
as nobody to see the available list of commands that this user is entitled to
run with sudo?
Â*
MAL
Â*
From:
centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Marc-Andre
Levesque
Sent: July 9, 2008 11:54
To: 'CentOS
mailing list'
Subject: RE: [CentOS] sudoers
Â*
Â*
Â*
From:
centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Tharun Kumar Allu
Sent: July 9, 2008 11:36
To: CentOS
mailing list
Subject: Re: [CentOS] sudoers
Â*
Â*
On Wed, Jul 9, 2008 at 10:52 AM, Mário Gamito <gamito@gmail.com> wrote:
Yes, I do.
On Wed, Jul 9, 2008 at 3:24 PM, Tharun Kumar Allu <tharun.allu@gmail.com> wrote:
>
>
> On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:
>>
>> Hi,
>>
>> I need to run /bin/mount and /sbin/mount.cifs commands as nobody user
Antispammbox-debian <antispammbox-debian@yahoo.it> wrote:
> I use some utility like TrueCrypt and gmountiso that using sudo.
> I've added myself to the group sudo:
> sudo adduser myself
That creates a new user called "myself". It does not add anyone to the
"sudo" group.
> and modified with nano visudo, the sudoers file.
> username ALL=(ALL) NOPASSWD: ALL
This allows someone who logs in as "username" to use sudo.
> It possible to change this?
You seem to have confused two different approaches. You don't need to be
in the sudo group and to have an explicit entry. In fact, in my copy of
the sudoers file, being in the sudo group allows someone to run commands
as any user but still requires a password.
My recommendation would be to REMOVE yourself from the sudo group and
change the sudoers file entry you added for "username" to be for the
real user account that you're using.
Chris
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: f61749xq3a.ln2@news.roaima.co.uk">http://lists.debian.org/f61749xq3a.ln2@news.roaima.co.uk
03-26-2012, 09:21 PM
David Sastre Medina
Sudoers
On Mon, Mar 26, 2012 at 09:39:44PM +0200, Antispammbox-debian wrote:
> I've added myself to the group sudo:
> sudo adduser myself
This is wrong. You need to
# adduser $USER $GROUP
From man adduser :
adduser [options] user group
Add an existing user to an existing group
If called with two non-option arguments, adduser will add an
existing user to an existing group.
Antispammbox-debian<antispammbox-debian@yahoo.it> wrote:
I use some utility like TrueCrypt and gmountiso that using sudo.
I've added myself to the group sudo:
sudo adduser myself
This does not achieve what you want:
usermod -a -G sudo $user
newgrp sudo $user
change "$user" for your user name.
That creates a new user called "myself". It does not add anyone to the
"sudo" group.
and modified with nano visudo, the sudoers file.
username ALL=(ALL) NOPASSWD: ALL
I wouldn't recommend this, you are allowing "username" to execute any
command from any location with sudo and without password. This is a
security breach !
If you want members of the group "sudo" to be able to use sudo add:
sudo ALL=(ALL:ALL) ALL
Then if you want to grant execution of a SPECIFIC command with sudo
without a password then add it to the sudoers file:
$user ALL = NOPASSWD: /usr/bin/somecommand --someoption,
Better you can create "Comnd_Alias" with a list of commands. Maybe look
into the "exempt_group" option, by creating a special group for the
users you want to be able to run sudo without password.
But IMHO, tinkering with sudo without reading "man sudoers" to grant all
privileges to some random app seems like a very bad idea to start with...
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
sudoers
