Am 28.03.2012 19:28, schrieb suvayu ali:
> On Wed, Mar 28, 2012 at 19:19, Joe Zeff <joe@zeff.us> wrote:
>> Yes, I understand that there are times you have to use sudo instead of su in
>> a production environment to ensure that everything gets logged, but I've
>> never understood why anybody would do it at home. YMMV and all that jazz,
>> but if this is a home box, I'd suggest asking yourself why you're bothering
>> with sudo in the first place.
>
> Because sudo with a passwd is a healthy mix of security and
> convenience for a home system.

but the topic is about sudo WITHOUT a pwassword!

and as said in my last post:

/usr/local/bin/sudo:
#!/bin/bash
su -c "$1"

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On Wed, Mar 28, 2012 at 09:18:50AM -0400, Mark Haney wrote:
> I'm kinda confused by the sudo problem I'm having. I've edited the main
> file with visudo to include:
>
> ## Allow root to run any commands anywhere
> root ALL=(ALL) ALL
> markh ALL=(ALL) NOPASSWD: ALL

I have this, using the group, not the user.

%wheel ALL=(ALL) NOPASSWD: ALL

However, sometimes a space makes all the difference (silly, I know). Have
you tried adding spaces like so: markh ALL = (ALL) NOPASSWD: ALL



>
> (obviously only the last line was my addition)
>
> But for some reason, it makes no difference at all. I'm still required
> to input my password. What gives? I've not had this problem before so
> I don't know where to start.
>
> --
>
> Mark Haney
> Software Developer/Consultant
> AB Emblem
> markh@abemblem.com
> Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On Wed, Mar 28, 2012 at 05:29:25PM +0200, Reindl Harald wrote:
>
>
> Am 28.03.2012 17:22, schrieb Frank Murphy:
> > On 28/03/12 14:18, Mark Haney wrote:
> >
> >>
> >> ## Allow root to run any commands anywhere
> >> root ALL=(ALL) ALL
> >> markh ALL=(ALL) NOPASSWD: ALL
> >
> > try removing the space
> > markh ALL=(ALL) NOPASSWD: ALL
> > to:
> > markh ALL=(ALL) NOPASSWD:ALL
> >
> > But are you certain,
> > no one else has access to your PC?
>
> the space is not related, no idea why not working for the OP
>
> see line below, this one works on a machine currently
> F16 since it was installed with F9 in summer 2008
>
> [root@buildserver:~]$ cat /etc/sudoers | grep builduser
> builduser ALL=(ALL) NOPASSWD: ALL
> ________________

I had an installation once where you had to add spaces around the 'equal'
sign. FWIW dept.

>
> on a usual desktop PC with a standard-user it is a VERY bad
> idea because any attacker only needs to try "sudo anything"
> to get full control over the machine
>
> this should be only used for special accounts on well
> secured machines where no foreign code is running
>
>



> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 03/28/2012 10:31 AM, Reindl Harald wrote:

/usr/local/bin/sudo:
#!/bin/bash
su -c "$1"


Or, if we're going for minimalism, add this to .bashrc

alias sudo=su -c "$1"
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Reindl Harald wrote:
> one of the odd defaults many are not using
>
> why should i have a group with the name of my user
> if it has only one user - or why should i put the
> user "caroline" in group "harry" except for chaos
>
> no idea who invented this silly default, however, do not
> assume all people are using defaults all the time

For what it’s worth, the Red Hat Linux 7.3 manual at
ftp://archive.download.redhat.com/pub/redhat/linux/7.3/en/doc/RH-DOCS/pdf-en/rhl-rg-en.pdf
section 6.4.1 gives the official rationale. It’s definitely a Red
Hat-ism, but there is some thought behind it.

Briefly, it’s because if you have a group shared directory (where users
in that group can edit all the files in the directory), you want the
default umask to be 002, which makes new files get rw-rw-r-- permissions
by default, and new subdirectories get rwxrwxr-x. (If the directory has
the group SUID bit set, then by default everything created in that
directory will inherit the same group).

But that means that files in your home directory also get rw-rw-r--
permissions, which is Not a Good Thing if anyone else is in the same
group. So you need a per-user group to keep home directories safe.

James.

--
E-mail: james@ | "Yes, it's one those irregular verbs: I have an
aprilcottage.co.uk | individual mind, you are eccentric, he is completely
| round the twist."
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Mark Haney wrote:
> I'm kinda confused by the sudo problem I'm having. I've edited the
> main file with visudo to include:
>
> ## Allow root to run any commands anywhere
> root ALL=(ALL) ALL
> markh ALL=(ALL) NOPASSWD: ALL
>
> (obviously only the last line was my addition)
>
> But for some reason, it makes no difference at all. I'm still
> required to input my password. What gives? I've not had this
> problem before so I don't know where to start.

Wild guess: try
cat -vet /etc/sudoers
This should show if you have any unexpected control characters in your
file (tab is shown as ^I, and the line feed at the end of a line by $).

Hope this helps,

James.

--
E-mail: james@ | "Security question ... What's your dog's maiden name?"
aprilcottage.co.uk | -- Peter Gutmann on bad security designs
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 03/28/2012 12:02 PM, William Hooper wrote:

On Wed, Mar 28, 2012 at 9:18 AM, Mark Haney<markh@abemblem.com> wrote:

I'm kinda confused by the sudo problem I'm having. I've edited the main
file with visudo to include:

## Allow root to run any commands anywhere
root ALL=(ALL) ALL
markh ALL=(ALL) NOPASSWD: ALL


Do any of the other lines match the markh user? I believe sudo goes
through the file and uses the last matching entry.



Hmm, no, not that I can see. That's the only entry with my username in
it.


--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 03/28/2012 01:19 PM, Joe Zeff wrote:

On 03/28/2012 08:29 AM, Reindl Harald wrote:

on a usual desktop PC with a standard-user it is a VERY bad
idea because any attacker only needs to try "sudo anything"
to get full control over the machine


My thoughts exactly. Except under very unusual circumstances I'm the
only person who ever uses this PC, but I don't have sudo set up with
nopassword. In fact, as I know the root password (being the person who
installed Fedora) I don't have sudo set up at all. AIUI, sudo was
written to allow people *who don't have the root password* limited
access to administrative commands.

Yes, I understand that there are times you have to use sudo instead of
su in a production environment to ensure that everything gets logged,
but I've never understood why anybody would do it at home. YMMV and all
that jazz, but if this is a home box, I'd suggest asking yourself why
you're bothering with sudo in the first place.


The only real issue there is I'm usually running multiple consoles and I
don't always pay enough attention to keep track of which console is
running root. If I use sudo I know that I can't do anything stupid in a
console that will trash the system. I may blow up my own crap, but
that's why we have backups. And that's why sudo is much safer to use
than logging in as root, at least from the command line.



--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 03/28/2012 01:44 PM, ny6p01@gmail.com wrote:

On Wed, Mar 28, 2012 at 05:29:25PM +0200, Reindl Harald wrote:



Am 28.03.2012 17:22, schrieb Frank Murphy:

On 28/03/12 14:18, Mark Haney wrote:



## Allow root to run any commands anywhere
root ALL=(ALL) ALL
markh ALL=(ALL) NOPASSWD: ALL


try removing the space
markh ALL=(ALL) NOPASSWD: ALL
to:
markh ALL=(ALL) NOPASSWD:ALL

But are you certain,
no one else has access to your PC?




I had an installation once where you had to add spaces around the 'equal'
sign. FWIW dept.



I'll certainly try all the variations, but it seems kinda silly when
other people with F16 don't seem to need that kind of babysitting.


--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On Wed, Mar 28, 2012 at 19:31, Reindl Harald <h.reindl@thelounge.net> wrote:
>
>
> Am 28.03.2012 19:28, schrieb suvayu ali:
>> On Wed, Mar 28, 2012 at 19:19, Joe Zeff <joe@zeff.us> wrote:
>>> Yes, I understand that there are times you have to use sudo instead of su in
>>> a production environment to ensure that everything gets logged, but I've
>>> never understood why anybody would do it at home. *YMMV and all that jazz,
>>> but if this is a home box, I'd suggest asking yourself why you're bothering
>>> with sudo in the first place.
>>
>> Because sudo with a passwd is a healthy mix of security and
>> convenience for a home system.
>
> but the topic is about sudo WITHOUT a pwassword!
>

I was responding to Joe's comment about "why bother with sudo when I
can use su", not to the OP's problem of NOPASSWD not working.

--
Suvayu

Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org