Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   using NOPASSWD in sudoers (http://www.linux-archive.org/centos/162400-using-nopasswd-sudoers.html)

"Ski Dawg" 09-18-2008 05:49 PM

using NOPASSWD in sudoers
 
Hello Everyone,

I am trying to change our /etc/sudoers (using visudo) to allow 2
commands to be run as root without a password, but it isn't working.
Here is the part of the sudoers file that is in question.

# User alias specification
User_Alias FULLACCESS = doug, scott

# members of the FULLACCESS User_Alias may run chown and chmod without
a password
FULLACCESS ALL = (root) NOPASSWD: /bin/chown, /bin/chmod

# members of the FULLACCESS User_Alias may run anything but need a password
FULLACCESS ALL=(root) ALL

The part for requiring a password works, but not the NOPASSWD line. I
have tried changing the order of these lines with no change in
behavior. After each change to the sudoers file, I am logging out of
the machine and logging back in to make sure that it is properly
reading the changes.

I have also replaced the list of commands with a Cmnd_Alias, with no
change in behavior.

Any thoughts or suggestions about what I am missing.
--
Doug
Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Never trust a computer you can't throw out a window.
-- Steve Wozniak
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

"ankush grover" 09-19-2008 03:40 PM

using NOPASSWD in sudoers
 
On Thu, Sep 18, 2008 at 11:19 PM, Ski Dawg <centos@skidawg.org> wrote:
> Hello Everyone,
>
> I am trying to change our /etc/sudoers (using visudo) to allow 2
> commands to be run as root without a password, but it isn't working.
> Here is the part of the sudoers file that is in question.
>
> # User alias specification
> User_Alias FULLACCESS = doug, scott
>
> # members of the FULLACCESS User_Alias may run chown and chmod without
> a password
> FULLACCESS ALL = (root) NOPASSWD: /bin/chown, /bin/chmod
>
> # members of the FULLACCESS User_Alias may run anything but need a password
> FULLACCESS ALL=(root) ALL
>
> The part for requiring a password works, but not the NOPASSWD line. I
> have tried changing the order of these lines with no change in
> behavior. After each change to the sudoers file, I am logging out of
> the machine and logging back in to make sure that it is properly
> reading the changes.
>
> I have also replaced the list of commands with a Cmnd_Alias, with no
> change in behavior.
>
> Any thoughts or suggestions about what I am missing.
> --
Hi,

Can you remove (root) and then try for NOPASSWD


Regards

Ankush
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

"Ski Dawg" 09-20-2008 02:28 PM

using NOPASSWD in sudoers
 
On Fri, Sep 19, 2008 at 9:40 AM, ankush grover <ankushcentos@gmail.com> wrote:
> On Thu, Sep 18, 2008 at 11:19 PM, Ski Dawg <centos@skidawg.org> wrote:
>> Hello Everyone,
>>
>> # User alias specification
>> User_Alias FULLACCESS = doug, scott
>>
>> # members of the FULLACCESS User_Alias may run chown and chmod without
>> a password
>> FULLACCESS ALL = (root) NOPASSWD: /bin/chown, /bin/chmod
>>
>> # members of the FULLACCESS User_Alias may run anything but need a password
>> FULLACCESS ALL=(root) ALL
>
> Can you remove (root) and then try for NOPASSWD

Thanks for the reply. I finally figured it out later.

What I eneded up having to do is place the NOPASSWD line AFTER the
password required line, like:
# members of the FULLACCESS User_Alias may run anything but need a password
FULLACCESS ALL=(ALL) ALL

# members of the FULLACCESS User_Alias may run chown and chmod without
a password
FULLACCESS ALL = NOPASSWD: /bin/chown, /bin/chmod

I found something somewhere, don't remember where though, that stated
that sudoers worked down the entire file, and the following line would
overwrite the access, thus requiring a password when the line were
switched.

Another thing that got me for a little bit, when using visudo to edit
the sudoers file, it is actually just editing a tmp file, so to
completely write your changes to /etc/sudoers, you have to actually
quit visudo, just like when editing cron.

Thanks again for your reply.
--
Doug
Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Never trust a computer you can't throw out a window.
-- Steve Wozniak
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 09:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.