Is it me or is it sudo?

03-28-2012, 01:35 PM

Am 28.03.2012 15:26, schrieb suvayu ali:
> On Wed, Mar 28, 2012 at 15:18, Mark Haney <markh@abemblem.com> wrote:
>> markh ALL=(ALL) NOPASSWD: ALL
>
> This should be:
>
> %markh ALL=(ALL) NOPASSWD: ALL

why? this would mean GROUP markh
see examples in /etc/sudoers!

was the change made with "visudo" and are permissions OK?
____________

## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 01:42 PM

On Wed, 28 Mar 2012 15:26:27 +0200
suvayu ali wrote:

> > markh * ALL=(ALL) * * * NOPASSWD: ALL
>
> This should be:
>
> %markh ALL=(ALL) NOPASSWD: ALL

There is no % in front of my user name in my sudoers file
on f16, yet I have full access with no password required.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 01:43 PM

On Wed, Mar 28, 2012 at 15:35, Reindl Harald <h.reindl@thelounge.net> wrote:
> Am 28.03.2012 15:26, schrieb suvayu ali:
>> On Wed, Mar 28, 2012 at 15:18, Mark Haney <markh@abemblem.com> wrote:
>>> markh * ALL=(ALL) * * * NOPASSWD: ALL
>>
>> This should be:
>>
>> %markh * ALL=(ALL) * * * NOPASSWD: ALL
>
> why? this would mean GROUP markh
> see examples in /etc/sudoers!
>

Because I did _mean_ group markh. I had overlooked that you could
specify individual users too. Since by default all users belong to a
group named after itself, specifying as a group should work too.

--
Suvayu

Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 01:44 PM

On Wed, Mar 28, 2012 at 15:42, Tom Horsley <horsley1953@gmail.com> wrote:
> On Wed, 28 Mar 2012 15:26:27 +0200
> suvayu ali wrote:
>
>> > markh * ALL=(ALL) * * * NOPASSWD: ALL
>>
>> This should be:
>>
>> %markh * ALL=(ALL) * * * NOPASSWD: ALL
>
> There is no % in front of my user name in my sudoers file
> on f16, yet I have full access with no password required.

As I mention in my next response, I had overlooked that you can
specify a single user too. I prefer using groups, but that is personal
taste.

--
Suvayu

Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 01:48 PM

Am 28.03.2012 15:43, schrieb suvayu ali:
> On Wed, Mar 28, 2012 at 15:35, Reindl Harald <h.reindl@thelounge.net> wrote:
>> Am 28.03.2012 15:26, schrieb suvayu ali:
>>> On Wed, Mar 28, 2012 at 15:18, Mark Haney <markh@abemblem.com> wrote:
>>>> markh ALL=(ALL) NOPASSWD: ALL
>>>
>>> This should be:
>>>
>>> %markh ALL=(ALL) NOPASSWD: ALL
>>
>> why? this would mean GROUP markh
>> see examples in /etc/sudoers!
>>
>
> Because I did _mean_ group markh. I had overlooked that you could
> specify individual users too. Since by default all users belong to a
> group named after itself, specifying as a group should work too.

one of the odd defaults many are not using

why should i have a group with the name of my user
if it has only one user - or why should i put the
user "caroline" in group "harry" except for chaos

no idea who invented this silly default, however, do not
assume all people are using defaults all the time

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 02:20 PM

On 03/28/2012 09:35 AM, Reindl Harald wrote:

Am 28.03.2012 15:26, schrieb suvayu ali:

On Wed, Mar 28, 2012 at 15:18, Mark Haney<markh@abemblem.com> wrote:

markh ALL=(ALL) NOPASSWD: ALL

This should be:

%markh ALL=(ALL) NOPASSWD: ALL

why? this would mean GROUP markh
see examples in /etc/sudoers!

was the change made with "visudo" and are permissions OK?

Yes it was changed with visudo which I think I included in the OP. I
suppose I can specify a group, but that would be odd for that to work
and the user of the same name not to work.

'

--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 02:22 PM

On 03/28/2012 09:43 AM, suvayu ali wrote:

On Wed, Mar 28, 2012 at 15:35, Reindl Harald<h.reindl@thelounge.net> wrote:

Am 28.03.2012 15:26, schrieb suvayu ali:

On Wed, Mar 28, 2012 at 15:18, Mark Haney<markh@abemblem.com> wrote:

markh ALL=(ALL) NOPASSWD: ALL

This should be:

%markh ALL=(ALL) NOPASSWD: ALL

why? this would mean GROUP markh
see examples in /etc/sudoers!

Because I did _mean_ group markh. I had overlooked that you could
specify individual users too. Since by default all users belong to a
group named after itself, specifying as a group should work too.

True, but if that's the case then specifying the user should work as
well. It doesn't. (and yes I've logged out and in again. sudoers has
been that way for a couple of weeks now so that's not a problem.)

--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 02:28 PM

On Wed, Mar 28, 2012 at 16:22, Mark Haney <markh@abemblem.com> wrote:
> True, but if that's the case then specifying the user should work as well.
> *It doesn't. *(and yes I've logged out and in again. *sudoers has been that
> way for a couple of weeks now so that's not a problem.)

What does /var/log/secure say for each sudo command you try?

--
Suvayu

Open source is the future. It sets us free.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 02:48 PM

On 03/28/2012 10:28 AM, suvayu ali wrote:

On Wed, Mar 28, 2012 at 16:22, Mark Haney<markh@abemblem.com> wrote:

True, but if that's the case then specifying the user should work as well.
It doesn't. (and yes I've logged out and in again. sudoers has been that
way for a couple of weeks now so that's not a problem.)

What does /var/log/secure say for each sudo command you try?

Not much:

Mar 28 10:22:48 marius sudo: markh : TTY=pts/0 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/su
Mar 28 10:23:59 marius sudo: markh : TTY=pts/5 ; PWD=/home/markh/Documents ; USER=root ; COMMAND=/usr/bin/kate
Mar 28 10:25:07 marius sudo: markh : TTY=pts/7 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/su
Mar 28 10:46:58 marius sudo: markh : TTY=pts/7 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/cat /var/log/secure

--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

03-28-2012, 02:51 PM

Am 28.03.2012 16:48, schrieb Mark Haney:
> On 03/28/2012 10:28 AM, suvayu ali wrote:
>> On Wed, Mar 28, 2012 at 16:22, Mark Haney<markh@abemblem.com> wrote:
>>> True, but if that's the case then specifying the user should work as well.
>>> It doesn't. (and yes I've logged out and in again. sudoers has been that
>>> way for a couple of weeks now so that's not a problem.)
>>
>> What does /var/log/secure say for each sudo command you try?
>>
>
> Not much:
>
>> Mar 28 10:22:48 marius sudo: markh : TTY=pts/0 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/su
>> Mar 28 10:23:59 marius sudo: markh : TTY=pts/5 ; PWD=/home/markh/Documents ; USER=root ; COMMAND=/usr/bin/kate
>> Mar 28 10:25:07 marius sudo: markh : TTY=pts/7 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/su
>> Mar 28 10:46:58 marius sudo: markh : TTY=pts/7 ; PWD=/home/markh ; USER=root ; COMMAND=/bin/cat /var/log/secure

and where is now exactly the problem?
these are logs with SUCCESS!

see below, this is a test on my buildmachine where
"builduser" has exactly this permissions to build/update/build
automated a bundle of packages

Mar 28 16:50:02 buildserver sudo: builduser : TTY=pts/0 ; PWD=/home/builduser ; USER=root ; COMMAND=/bin/env
PATH=/usr/lib64/qt-3.3/bin:/buildserver/:/usr/local/bin:/bin:/usr/bin date

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org