FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-09-2008, 01:19 PM
"Mário Gamito"
 
Default sudoers

Hi,

I need to run /bin/mount and /sbin/mount.cifs commands as nobody user
(it has (bin/bash shell).

So, I've edited /etc/sudoers and added:

Cmnd_Alias CMD_MOUNT = /bin/mount
Cmnd_Alias CMD_CIFS ) = /sbin/mount.cifs

nobody ALL = NOPASSWD: CMD_MOUNT
nobody ALL = NOPASSWD: CMD_CIFS

But when I run the command as nobody (in the shell), I get the error:
"mount error 1 = Operation not permitted"

Any ideas ?

Any help would be appreciated.

Warm Regards,
Mário Gamito
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-09-2008, 02:24 PM
"Tharun Kumar Allu"
 
Default sudoers

On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:

Hi,



I need to run /bin/mount and /sbin/mount.cifs commands as nobody user

(it has (bin/bash shell).



So, I've edited /etc/sudoers and added:



Cmnd_Alias * *CMD_MOUNT = /bin/mount

Cmnd_Alias * *CMD_CIFS ) = /sbin/mount.cifs



nobody * * * * * ALL = NOPASSWD: CMD_MOUNT

nobody * * * * * ALL = NOPASSWD: CMD_CIFS



But when I run the command as nobody (in the shell), I get the error:

"mount error 1 = Operation not permitted"



Any ideas ?



Any help would be appreciated.



Warm Regards,

Mário Gamito




May be it is a stupid question but did you execute the command with sudo in logged in as user nobody

nobody@yourserver$ sudo /bin/mount[.cifs]
--
Tharun Kumar Allu

==============
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-09-2008, 02:52 PM
"Mário Gamito"
 
Default sudoers

Yes, I do.

On Wed, Jul 9, 2008 at 3:24 PM, Tharun Kumar Allu <tharun.allu@gmail.com> wrote:
>
>
> On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:
>>
>> Hi,
>>
>> I need to run /bin/mount and /sbin/mount.cifs commands as nobody user
>> (it has (bin/bash shell).
>>
>> So, I've edited /etc/sudoers and added:
>>
>> Cmnd_Alias CMD_MOUNT = /bin/mount
>> Cmnd_Alias CMD_CIFS ) = /sbin/mount.cifs
>>
>> nobody ALL = NOPASSWD: CMD_MOUNT
>> nobody ALL = NOPASSWD: CMD_CIFS
>>
>> But when I run the command as nobody (in the shell), I get the error:
>> "mount error 1 = Operation not permitted"
>>
>> Any ideas ?
>>
>> Any help would be appreciated.
>>
>> Warm Regards,
>> Mário Gamito
>>
>
> May be it is a stupid question but did you execute the command with sudo in
> logged in as user nobody
>
> nobody@yourserver$ sudo /bin/mount[.cifs]
>
> --
> Tharun Kumar Allu
> ==============
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-09-2008, 03:35 PM
"Tharun Kumar Allu"
 
Default sudoers

On Wed, Jul 9, 2008 at 10:52 AM, Mário Gamito <gamito@gmail.com> wrote:

Yes, I do.



On Wed, Jul 9, 2008 at 3:24 PM, Tharun Kumar Allu <tharun.allu@gmail.com> wrote:

>

>

> On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:

>>

>> Hi,

>>

>> I need to run /bin/mount and /sbin/mount.cifs commands as nobody user

>> (it has (bin/bash shell).

>>

>> So, I've edited /etc/sudoers and added:

>>

>> Cmnd_Alias * *CMD_MOUNT = /bin/mount

>> Cmnd_Alias * *CMD_CIFS ) = /sbin/mount.cifs

>>

>> nobody * * * * * ALL = NOPASSWD: CMD_MOUNT

>> nobody * * * * * ALL = NOPASSWD: CMD_CIFS

>>

>> But when I run the command as nobody (in the shell), I get the error:

>> "mount error 1 = Operation not permitted"

>>

>> Any ideas ?

>>

>> Any help would be appreciated.

>>

>> Warm Regards,

>> Mário Gamito

>>

>

> May be it is a stupid question but did you execute the command with sudo in

> logged in as user nobody

>

> nobody@yourserver$ sudo /bin/mount[.cifs]

>

Another stupid question are you editing /etc/sudoers using visudo? normally located at /usr/sbin/visudo

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-09-2008, 03:53 PM
Marc-Andre Levesque
 
Default sudoers

*


*












From:
centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Tharun Kumar Allu

Sent: July 9, 2008 11:36

To: CentOS
mailing list

Subject: Re: [CentOS] sudoers




*


*




On Wed, Jul 9, 2008 at 10:52 AM, Mário Gamito <gamito@gmail.com> wrote:


Yes, I do.








On Wed, Jul 9, 2008 at 3:24 PM, Tharun Kumar Allu <tharun.allu@gmail.com> wrote:

>

>

> On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:

>>

>> Hi,

>>

>> I need to run /bin/mount and /sbin/mount.cifs commands as nobody user

>> (it has (bin/bash shell).

>>

>> So, I've edited /etc/sudoers and added:

>>

>> Cmnd_Alias * *CMD_MOUNT = /bin/mount

>> Cmnd_Alias * *CMD_CIFS ) = /sbin/mount.cifs

>>

>> nobody * * * * * ALL = NOPASSWD: CMD_MOUNT

>> nobody * * * * * ALL = NOPASSWD: CMD_CIFS

>>

>> But when I run the command as nobody (in the shell), I get the error:

>> "mount error 1 = Operation not permitted"

>>

>> Any ideas ?

>>

>> Any help would be appreciated.

>>

>> Warm Regards,

>> Mário Gamito

>>

>

> May be it is a stupid question but did you execute the command with sudo
in

> logged in as user nobody

>

> nobody@yourserver$ sudo /bin/mount[.cifs]

>












Another stupid question are you editing /etc/sudoers using visudo? normally
located at /usr/sbin/visudo


*









_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-09-2008, 04:11 PM
Marc-Andre Levesque
 
Default sudoers

Sorry for this accidental reply. But I
might as well take this opportunity to add to the thread.


Â*


First, look at the unneeded closing
parenthesis in the CMD_CIFS alias.


Second, have you tried ‘sudo –l’
as nobody to see the available list of commands that this user is entitled to
run with sudo?


Â*


MAL


Â*












From:
centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Marc-Andre
Levesque

Sent: July 9, 2008 11:54

To: 'CentOS
mailing list'

Subject: RE: [CentOS] sudoers




Â*


Â*


Â*












From:
centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Tharun Kumar Allu

Sent: July 9, 2008 11:36

To: CentOS
mailing list

Subject: Re: [CentOS] sudoers




Â*


Â*




On Wed, Jul 9, 2008 at 10:52 AM, Mário Gamito <gamito@gmail.com> wrote:


Yes, I do.








On Wed, Jul 9, 2008 at 3:24 PM, Tharun Kumar Allu <tharun.allu@gmail.com> wrote:

>

>

> On Wed, Jul 9, 2008 at 9:19 AM, Mário Gamito <gamito@gmail.com> wrote:

>>

>> Hi,

>>

>> I need to run /bin/mount and /sbin/mount.cifs commands as nobody user

>> (it has (bin/bash shell).

>>

>> So, I've edited /etc/sudoers and added:

>>

>> Cmnd_Alias Â* Â*CMD_MOUNT = /bin/mount

>> Cmnd_Alias Â* Â*CMD_CIFS ) = /sbin/mount.cifs

>>

>> nobody Â* Â* Â* Â* Â* ALL = NOPASSWD: CMD_MOUNT

>> nobody Â* Â* Â* Â* Â* ALL = NOPASSWD: CMD_CIFS

>>

>> But when I run the command as nobody (in the shell), I get the error:

>> "mount error 1 = Operation not permitted"

>>

>> Any ideas ?

>>

>> Any help would be appreciated.

>>

>> Warm Regards,

>> Mário Gamito

>>

>

> May be it is a stupid question but did you execute the command with sudo
in

> logged in as user nobody

>

> nobody@yourserver$ sudo /bin/mount[.cifs]

>












Another stupid question are you editing /etc/sudoers using visudo? normally
located at /usr/sbin/visudo


Â*











_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-26-2012, 07:39 PM
"Antispammbox-debian"
 
Default Sudoers

Hi


I use some utility like TrueCrypt and gmountiso that using sudo.

I've added myself to the group sudo:
sudo adduser myself
and modified with nano visudo, the sudoers file.

username ALL=(ALL) NOPASSWD: ALL

but programm that use sudo, continuing request password.

It possible to change this?

Thanks

Regards



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 2092E805B4A647E1952F6D503C26964B@CentrinoDuo">http ://lists.debian.org/2092E805B4A647E1952F6D503C26964B@CentrinoDuo
 
Old 03-26-2012, 08:46 PM
Chris Davies
 
Default Sudoers

Antispammbox-debian <antispammbox-debian@yahoo.it> wrote:
> I use some utility like TrueCrypt and gmountiso that using sudo.

> I've added myself to the group sudo:
> sudo adduser myself

That creates a new user called "myself". It does not add anyone to the
"sudo" group.


> and modified with nano visudo, the sudoers file.
> username ALL=(ALL) NOPASSWD: ALL

This allows someone who logs in as "username" to use sudo.


> It possible to change this?

You seem to have confused two different approaches. You don't need to be
in the sudo group and to have an explicit entry. In fact, in my copy of
the sudoers file, being in the sudo group allows someone to run commands
as any user but still requires a password.

My recommendation would be to REMOVE yourself from the sudo group and
change the sudoers file entry you added for "username" to be for the
real user account that you're using.

Chris


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: f61749xq3a.ln2@news.roaima.co.uk">http://lists.debian.org/f61749xq3a.ln2@news.roaima.co.uk
 
Old 03-26-2012, 09:21 PM
David Sastre Medina
 
Default Sudoers

On Mon, Mar 26, 2012 at 09:39:44PM +0200, Antispammbox-debian wrote:
> I've added myself to the group sudo:
> sudo adduser myself

This is wrong. You need to

# adduser $USER $GROUP

From man adduser :

adduser [options] user group

Add an existing user to an existing group
If called with two non-option arguments, adduser will add an
existing user to an existing group.

--
Primary key fingerprint: AD8F BDC0 5A2C FD5F A179 60E7 F79B AB04 5299 EC56
 
Old 03-27-2012, 07:17 AM
"tv.debian@googlemail.com"
 
Default Sudoers

Antispammbox-debian<antispammbox-debian@yahoo.it> wrote:
I use some utility like TrueCrypt and gmountiso that using sudo.

I've added myself to the group sudo:
sudo adduser myself


This does not achieve what you want:

usermod -a -G sudo $user
newgrp sudo $user

change "$user" for your user name.



That creates a new user called "myself". It does not add anyone to the
"sudo" group.


and modified with nano visudo, the sudoers file.
username ALL=(ALL) NOPASSWD: ALL


I wouldn't recommend this, you are allowing "username" to execute any
command from any location with sudo and without password. This is a
security breach !


If you want members of the group "sudo" to be able to use sudo add:

sudo ALL=(ALL:ALL) ALL

Then if you want to grant execution of a SPECIFIC command with sudo
without a password then add it to the sudoers file:


$user ALL = NOPASSWD: /usr/bin/somecommand --someoption,

Better you can create "Comnd_Alias" with a list of commands. Maybe look
into the "exempt_group" option, by creating a special group for the
users you want to be able to run sudo without password.


But IMHO, tinkering with sudo without reading "man sudoers" to grant all
privileges to some random app seems like a very bad idea to start with...






--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4F71698A.2070203@googlemail.com">http://lists.debian.org/4F71698A.2070203@googlemail.com
 

Thread Tools




All times are GMT. The time now is 12:59 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org