FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 08-15-2011, 07:12 PM
Bob Proulx
 
Default sudoers tty defaults ( Changing Users in a script)

Tom H wrote:
> Both are set by default.

Just tty_tickets is set by default. requiretty is off by default.

$ man 5 sudoers

tty_tickets If set, users must authenticate on a per-tty basis.
With this flag enabled, sudo will use a file named for
the tty the user is logged in on in the user's time
stamp directory. If disabled, the time stamp of the
directory is used instead. This flag is on by default.

requiretty If set, sudo will only run when the user is logged in
to a real tty. When this flag is set, sudo can only be
run from a login session and not via other means such
as cron(8) or cgi-bin scripts. This flag is off by
default.

Best would be to run 'sudo -l' and see what flags are actually set at
the time. And remember that /etc/sudoers.d/* is a directory of
additional snippets that are also included into the configuration.

$ sudo -l

Bob
 
Old 08-15-2011, 07:51 PM
Walter Hurry
 
Default sudoers tty defaults ( Changing Users in a script)

On Mon, 15 Aug 2011 13:12:04 -0600, Bob Proulx wrote:

> Tom H wrote:
>> Both are set by default.
>
> Just tty_tickets is set by default. requiretty is off by default.
>
> $ man 5 sudoers
>
> tty_tickets If set, users must authenticate on a per-tty
> basis.
> With this flag enabled, sudo will use a file
> named for the tty the user is logged in on in the
> user's time stamp directory. If disabled, the
> time stamp of the directory is used instead.
> This flag is on by default.
>
> requiretty If set, sudo will only run when the user is
> logged in
> to a real tty. When this flag is set, sudo can
> only be run from a login session and not via
> other means such as cron(8) or cgi-bin scripts.
> This flag is off by default.
>
> Best would be to run 'sudo -l' and see what flags are actually set at
> the time. And remember that /etc/sudoers.d/* is a directory of
> additional snippets that are also included into the configuration.

For what it is worth, I'm not sure that that man page is up to date.
Squeeze here (up to date), and I have done nothing directly with the
supplied /etc/sudoers; only used visudo to add myself.

It has neither tty-tickets nor requiretty. I note by the way, that this
differs from RHEL and derivatives, which include requiretty by default.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: j2btcu$mt$1@dough.gmane.org">http://lists.debian.org/j2btcu$mt$1@dough.gmane.org
 
Old 08-15-2011, 08:07 PM
Bob Proulx
 
Default sudoers tty defaults ( Changing Users in a script)

Walter Hurry wrote:
> Bob Proulx wrote:
> > Best would be to run 'sudo -l' and see what flags are actually set at
> > the time. And remember that /etc/sudoers.d/* is a directory of
> > additional snippets that are also included into the configuration.
>
> For what it is worth, I'm not sure that that man page is up to date.
> Squeeze here (up to date), and I have done nothing directly with the
> supplied /etc/sudoers; only used visudo to add myself.
>
> It has neither tty-tickets nor requiretty.

I agree. The man apge is out of sync. My bad for quoting it without
checking it. After checking various releases I concur that neither of
those are set by default on Debian.

> I note by the way, that this differs from RHEL and derivatives,
> which include requiretty by default.

Yep.

Bob
 
Old 08-15-2011, 09:33 PM
Tom H
 
Default sudoers tty defaults ( Changing Users in a script)

On Mon, Aug 15, 2011 at 3:51 PM, Walter Hurry <walterhurry@lavabit.com> wrote:
> On Mon, 15 Aug 2011 13:12:04 -0600, Bob Proulx wrote:
>> Tom H wrote:
>>> Both are set by default.
>>
>> Just tty_tickets is set by default. *requiretty is off by default.
>>
>> * $ man 5 sudoers
>>
>> * * * *tty_tickets * * If set, users must authenticate on a per-tty
>> * * * *basis.
>> * * * * * * * * * * * *With this flag enabled, sudo will use a file
>> * * * * * * * * * * * *named for the tty the user is logged in on in the
>> * * * * * * * * * * * *user's time stamp directory. *If disabled, the
>> * * * * * * * * * * * *time stamp of the directory is used instead.
>> * * * * * * * * * * * *This flag is on by default.
>>
>> * * * *requiretty * * *If set, sudo will only run when the user is
>> * * * *logged in
>> * * * * * * * * * * * *to a real tty. *When this flag is set, sudo can
>> * * * * * * * * * * * *only be run from a login session and not via
>> * * * * * * * * * * * *other means such as cron(8) or cgi-bin scripts.
>> * * * * * * * * * * * *This flag is off by default.
>>
>> Best would be to run 'sudo -l' and see what flags are actually set at
>> the time. *And remember that /etc/sudoers.d/* is a directory of
>> additional snippets that are also included into the configuration.
>
> For what it is worth, I'm not sure that that man page is up to date.
> Squeeze here (up to date), and I have done nothing directly with the
> supplied /etc/sudoers; only used visudo to add myself.
>
> It has neither tty-tickets nor requiretty. I note by the way, that this
> differs from RHEL and derivatives, which include requiretty by default.

"sudo -L" lists the full list of "Defaults". I'd be very surprised if
even one of these isn't set.

"sudo -l" lists the commands that the invoking user can run as well
whatever's explicitly set on the "Defaults" line.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAOdo=Sx_piSLfC-ao92=njDSiFU-UD+ZJXDs1WqxfDwibeaS2g@mail.gmail.com">http://lists.debian.org/CAOdo=Sx_piSLfC-ao92=njDSiFU-UD+ZJXDs1WqxfDwibeaS2g@mail.gmail.com
 
Old 08-16-2011, 10:37 AM
Walter Hurry
 
Default sudoers tty defaults ( Changing Users in a script)

On Mon, 15 Aug 2011 17:33:58 -0400, Tom H wrote:

> "sudo -L" lists the full list of "Defaults". I'd be very surprised if
> even one of these isn't set.

Then prepare for a surprise. Vanilla /etc/sudoers in Squeeze:

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL

# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: j2dh8f$se7$1@dough.gmane.org">http://lists.debian.org/j2dh8f$se7$1@dough.gmane.org
 
Old 08-20-2011, 03:06 PM
Tom H
 
Default sudoers tty defaults ( Changing Users in a script)

On Tue, Aug 16, 2011 at 6:37 AM, Walter Hurry <walterhurry@lavabit.com> wrote:
> On Mon, 15 Aug 2011 17:33:58 -0400, Tom H wrote:
>
>> "sudo -L" lists the full list of "Defaults". I'd be very surprised if
>> even one of these isn't set.
>
> Then prepare for a surprise. Vanilla /etc/sudoers in Squeeze:
>
> # /etc/sudoers
>
> Defaults * * * *env_reset

Thanks. The big surprised isn't that they aren't set, it's that I was
talking COMPLETE rubbish - and have been using it - when I said
that '"sudo -L" lists the full list of "Defaults"'.

I've just re-read the sudoers man page (after a VERY long time),
thinking that it would help me "refudiate" the fact that the
"Defaults" line had some in-built, unlisted defaults, when in fact,
I've been misusing "sudo -L" for more years than I care to remember...

Thanks for the correction!


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAOdo=SwZPn3kDoR4UFbmbuwY5oBvuP3=K3=+w+W8kdXuWGHD6 A@mail.gmail.com">http://lists.debian.org/CAOdo=SwZPn3kDoR4UFbmbuwY5oBvuP3=K3=+w+W8kdXuWGHD6 A@mail.gmail.com
 
Old 08-30-2011, 06:02 PM
Bob Proulx
 
Default sudoers tty defaults ( Changing Users in a script)

Tom H wrote:
> I've just re-read the sudoers man page (after a VERY long time),
> thinking that it would help me "refudiate" the fact that the
> "Defaults" line had some in-built, unlisted defaults, when in fact,
> I've been misusing "sudo -L" for more years than I care to remember...

And I see that with the latest sudo in Sid that it installs a new
upstream sudo and the upstream sudo no longer has the sudo -L option.
The 'sudo -L' is gone now.

Bob

Here is the upstream ChangeLog concerning sudo -L:

2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>

* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
src/sudo_usage.h.in:
Completely remove the -L flag from the sudo front end.
[3d220030b720]

2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>

* sudo.pod:
The -L flag will be removed in sudo 1.7.4
[ffd026084333]

1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>

* sudo.cat, sudo.html, sudo.man, sudo.pod:
document -L flag
[dc803e1ce0d7]

1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>

Add a "-L" flag to list the name of options with their descriptions.
This may only be temporary.
 

Thread Tools




All times are GMT. The time now is 10:09 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org