FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 03-28-2012, 03:17 PM
Mark Haney
 
Default Is it me or is it sudo?

On 03/28/2012 10:51 AM, Reindl Harald wrote:





Not much:


Mar 28 10:22:48 marius sudo: markh : TTY=pts/0 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/su
Mar 28 10:23:59 marius sudo: markh : TTY=pts/5 ; PWD=/home/markh/Documents ; USER=root ; COMMAND=/usr/bin/kate
Mar 28 10:25:07 marius sudo: markh : TTY=pts/7 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/su
Mar 28 10:46:58 marius sudo: markh : TTY=pts/7 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/cat /var/log/secure


and where is now exactly the problem?
these are logs with SUCCESS!




And that's my point. It's a success IF I enter the password. But since
I have NOPASSWD in sudoers I shouldn't have to enter the password.




--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 03:22 PM
Frank Murphy
 
Default Is it me or is it sudo?

On 28/03/12 14:18, Mark Haney wrote:



## Allow root to run any commands anywhere
root ALL=(ALL) ALL
markh ALL=(ALL) NOPASSWD: ALL


try removing the space
markh ALL=(ALL) NOPASSWD: ALL
to:
markh ALL=(ALL) NOPASSWD:ALL

But are you certain,
no one else has access to your PC?

--
Regards,
Frank
"Jack of all, fubars"
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 03:29 PM
Reindl Harald
 
Default Is it me or is it sudo?

Am 28.03.2012 17:22, schrieb Frank Murphy:
> On 28/03/12 14:18, Mark Haney wrote:
>
>>
>> ## Allow root to run any commands anywhere
>> root ALL=(ALL) ALL
>> markh ALL=(ALL) NOPASSWD: ALL
>
> try removing the space
> markh ALL=(ALL) NOPASSWD: ALL
> to:
> markh ALL=(ALL) NOPASSWD:ALL
>
> But are you certain,
> no one else has access to your PC?

the space is not related, no idea why not working for the OP

see line below, this one works on a machine currently
F16 since it was installed with F9 in summer 2008

[root@buildserver:~]$ cat /etc/sudoers | grep builduser
builduser ALL=(ALL) NOPASSWD: ALL
________________

on a usual desktop PC with a standard-user it is a VERY bad
idea because any attacker only needs to try "sudo anything"
to get full control over the machine

this should be only used for special accounts on well
secured machines where no foreign code is running


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 03:31 PM
Frank Murphy
 
Default Is it me or is it sudo?

On 28/03/12 16:29, Reindl Harald wrote:



the space is not related, no idea why not working for the OP



ok, just that there is no space on my /etc/sudoers.

--
Regards,
Frank
"Jack of all, fubars"
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 03:32 PM
Frank Murphy
 
Default Is it me or is it sudo?

On 28/03/12 15:20, Mark Haney wrote:


was the change made with "visudo" and are permissions OK?


Yes it was changed with visudo which I think I included in the OP. I
suppose I can specify a group, but that would be odd for that to work
and the user of the same name not to work.
'


ls -l /etc/sudoers

--
Regards,
Frank
"Jack of all, fubars"
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 04:02 PM
William Hooper
 
Default Is it me or is it sudo?

On Wed, Mar 28, 2012 at 9:18 AM, Mark Haney <markh@abemblem.com> wrote:
> I'm kinda confused by the sudo problem I'm having. *I've edited the main
> file with visudo to include:
>
> ## Allow root to run any commands anywhere
> root * *ALL=(ALL) * * * ALL
> markh * ALL=(ALL) * * * NOPASSWD: ALL

Do any of the other lines match the markh user? I believe sudo goes
through the file and uses the last matching entry.

--
William Hooper
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 05:19 PM
Joe Zeff
 
Default Is it me or is it sudo?

On 03/28/2012 08:29 AM, Reindl Harald wrote:

on a usual desktop PC with a standard-user it is a VERY bad
idea because any attacker only needs to try "sudo anything"
to get full control over the machine


My thoughts exactly. Except under very unusual circumstances I'm the
only person who ever uses this PC, but I don't have sudo set up with
nopassword. In fact, as I know the root password (being the person who
installed Fedora) I don't have sudo set up at all. AIUI, sudo was
written to allow people *who don't have the root password* limited
access to administrative commands.


Yes, I understand that there are times you have to use sudo instead of
su in a production environment to ensure that everything gets logged,
but I've never understood why anybody would do it at home. YMMV and all
that jazz, but if this is a home box, I'd suggest asking yourself why
you're bothering with sudo in the first place.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 05:26 PM
"T.C. Hollingsworth"
 
Default Is it me or is it sudo?

On Wed, Mar 28, 2012 at 10:19 AM, Joe Zeff <joe@zeff.us> wrote:
> On 03/28/2012 08:29 AM, Reindl Harald wrote:
>>
>> on a usual desktop PC with a standard-user it is a VERY bad
>> idea because any attacker only needs to try "sudo anything"
>> to get full control over the machine
>
>
> My thoughts exactly. *Except under very unusual circumstances I'm the only
> person who ever uses this PC, but I don't have sudo set up with nopassword.
> *In fact, as I know the root password (being the person who installed
> Fedora) I don't have sudo set up at all. *AIUI, sudo was written to allow
> people *who don't have the root password* limited access to administrative
> commands.
>
> Yes, I understand that there are times you have to use sudo instead of su in
> a production environment to ensure that everything gets logged, but I've
> never understood why anybody would do it at home. *YMMV and all that jazz,
> but if this is a home box, I'd suggest asking yourself why you're bothering
> with sudo in the first place.

In my case, it's because `sudo yum update` requires 3 less keystrokes
`su -c 'yum update'`. ;-)

I generally only need root for one-off commands and IMHO sudo's syntax
for that is far nicer than su's.

-T.C.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 05:28 PM
suvayu ali
 
Default Is it me or is it sudo?

On Wed, Mar 28, 2012 at 19:19, Joe Zeff <joe@zeff.us> wrote:
> Yes, I understand that there are times you have to use sudo instead of su in
> a production environment to ensure that everything gets logged, but I've
> never understood why anybody would do it at home. *YMMV and all that jazz,
> but if this is a home box, I'd suggest asking yourself why you're bothering
> with sudo in the first place.

Because sudo with a passwd is a healthy mix of security and
convenience for a home system.

--
Suvayu

Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-28-2012, 05:30 PM
Reindl Harald
 
Default Is it me or is it sudo?

Am 28.03.2012 19:26, schrieb T.C. Hollingsworth:
> On Wed, Mar 28, 2012 at 10:19 AM, Joe Zeff <joe@zeff.us> wrote:
>> On 03/28/2012 08:29 AM, Reindl Harald wrote:
>>>
>>> on a usual desktop PC with a standard-user it is a VERY bad
>>> idea because any attacker only needs to try "sudo anything"
>>> to get full control over the machine
>>
>>
>> My thoughts exactly. Except under very unusual circumstances I'm the only
>> person who ever uses this PC, but I don't have sudo set up with nopassword.
>> In fact, as I know the root password (being the person who installed
>> Fedora) I don't have sudo set up at all. AIUI, sudo was written to allow
>> people *who don't have the root password* limited access to administrative
>> commands.
>>
>> Yes, I understand that there are times you have to use sudo instead of su in
>> a production environment to ensure that everything gets logged, but I've
>> never understood why anybody would do it at home. YMMV and all that jazz,
>> but if this is a home box, I'd suggest asking yourself why you're bothering
>> with sudo in the first place.
>
> In my case, it's because `sudo yum update` requires 3 less keystrokes
> `su -c 'yum update'`. ;-)
>
> I generally only need root for one-off commands and IMHO sudo's syntax
> for that is far nicer than su's.

what about a simple shell-script "/usr/local/bin/sudo" as wrapper?

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 05:49 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org