FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 03-29-2012, 01:31 PM
Mark Haney
 
Default Is it me or is it sudo?

On 03/29/2012 09:17 AM, Reindl Harald wrote:







no, i have no good documentation, i googled around
for colors i searched :-)


I'm aware of BASH's use of colors, but, I'm not always at a console that displays colors. (I've not found an
Android app that will display them on my Galaxy Tab for instance.)


ConnectBot can it on HTC Hero and HTC Desire
i would wonder if not on Galaxy


The older versions of CB couldn't. It probably can now, and I might
actually try it, but I'm comfortable with things as they are, so it's
not a showstopper for me.





--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-29-2012, 03:11 PM
"Alan J. Gagne"
 
Default Is it me or is it sudo?

That's true. However, as I've explained, that line is commented out
while I'm debugging the issue with the username. I suppose, push comes
to shove that I can use an empty sudoers file except for that one line
in order to make absolutely certain nothing else is interfering, but
since Aaron Konstam verified that is /should/ work as I have it (as well
as others) I don't think I need to go that drastic.

The one thing I haven't done is post my entire sudoers file. I will if
anyone thinks it'll help.

I'm really not trying to be difficult here, but this is driving me nuts.



You could also just add a file to /etc/sudoers.d. I believe these
entries get processed last.



I use the wheel group set-up with passwd in sudoers file so I just

added a file using sudoedit /etc/sudoers.d/utest. Then added a line

USERNAME******** ALL=(ALL)****** NOPASSWD: ALL



This overrides my wheel group entry and works fine.



Alan



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-29-2012, 05:33 PM
Mark Haney
 
Default Is it me or is it sudo?

On 03/29/2012 11:11 AM, Alan J. Gagne wrote:



I'm really not trying to be difficult here, but this is driving me nuts.


You could also just add a file to /etc/sudoers.d. I believe these
entries get processed last.

I use the wheel group set-up with passwd in sudoers file so I just
added a file using sudoedit /etc/sudoers.d/utest. Then added a line
USERNAME ALL=(ALL) NOPASSWD: ALL



Huh. Now that's just insane. I added /etc/sudoers.d/marius file with a
COPY&PASTE line from sudoers and the blasted thing works. Can /anyone/
explain that? I still don't like the fact that editing sudoers doesn't
seem to work for me, but I'm reconciled to leaving it as is now.
Thanks to everyone for allowing me to beat my head against the wall over
this.



--

Mark Haney
Software Developer/Consultant
AB Emblem
markh@abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-29-2012, 06:18 PM
Joe Zeff
 
Default Is it me or is it sudo?

On 03/29/2012 06:23 AM, Mark Haney wrote:

Yep. Use that a lot. Still doesn't mean I'll always think to run it
before doing something. Trust me, I'm one of those 'oooh, something
shiny' kinda people. Better safe than sorry.


Put the host name into the prompt as well as the username.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-29-2012, 06:21 PM
Rick Stevens
 
Default Is it me or is it sudo?

On 03/29/2012 10:33 AM, Mark Haney wrote:

On 03/29/2012 11:11 AM, Alan J. Gagne wrote:



I'm really not trying to be difficult here, but this is driving me nuts.


You could also just add a file to /etc/sudoers.d. I believe these
entries get processed last.

I use the wheel group set-up with passwd in sudoers file so I just
added a file using sudoedit /etc/sudoers.d/utest. Then added a line
USERNAME ALL=(ALL) NOPASSWD: ALL



Huh. Now that's just insane. I added /etc/sudoers.d/marius file with a
COPY&PASTE line from sudoers and the blasted thing works. Can /anyone/
explain that? I still don't like the fact that editing sudoers doesn't
seem to work for me, but I'm reconciled to leaving it as is now.
Thanks to everyone for allowing me to beat my head against the wall over
this.


Did you use visudo or just vi? Using vi on /etc/sudoers isn't a good
idea generally (permissions, syntax checking, etc.)
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- Memory is the second thing to go, but I can't remember the first! -
----------------------------------------------------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-29-2012, 06:32 PM
William Hooper
 
Default Is it me or is it sudo?

On Thu, Mar 29, 2012 at 1:33 PM, Mark Haney <markh@abemblem.com> wrote:
> On 03/29/2012 11:11 AM, Alan J. Gagne wrote:
>
>>>
>>> I'm really not trying to be difficult here, but this is driving me nuts.
>>
>>
>> You could also just add a file to /etc/sudoers.d. I believe these
>> entries get processed last.
>>
>> I use the wheel group set-up with passwd in sudoers file so I just
>> added a file using sudoedit /etc/sudoers.d/utest. Then added a line
>> USERNAME ALL=(ALL) NOPASSWD: ALL
>>
>
> Huh. *Now that's just insane. *I added /etc/sudoers.d/marius file with a
> COPY&PASTE line from sudoers and the blasted thing works. *Can /anyone/
> explain that? I still don't like the fact that editing sudoers doesn't seem
> to work for me, but I'm reconciled to leaving it as is now.
> Thanks to everyone for allowing me to beat my head against the wall over
> this.

As mentioned those entries seem to be processed last. Check the whole
sudoers file and see if your user is in any of the other groups
defined in it. Also, do you have anything else in /etc/sudoers.d/ ?

--
William Hooper
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-30-2012, 11:51 AM
Joel Rees
 
Default Is it me or is it sudo?

On Wed, Mar 28, 2012 at 10:48 PM, Reindl Harald <h.reindl@thelounge.net> wrote:
>
>
> Am 28.03.2012 15:43, schrieb suvayu ali:
>> On Wed, Mar 28, 2012 at 15:35, Reindl Harald <h.reindl@thelounge.net> wrote:
>>> Am 28.03.2012 15:26, schrieb suvayu ali:
>>>> On Wed, Mar 28, 2012 at 15:18, Mark Haney <markh@abemblem.com> wrote:
>>>>> markh * ALL=(ALL) * * * NOPASSWD: ALL
>>>>
>>>> This should be:
>>>>
>>>> %markh * ALL=(ALL) * * * NOPASSWD: ALL
>>>
>>> why? this would mean GROUP markh
>>> see examples in /etc/sudoers!
>>>
>>
>> Because I did _mean_ group markh. I had overlooked that you could
>> specify individual users too. Since by default all users belong to a
>> group named after itself, specifying as a group should work too.
>
> one of the odd defaults many are not using
>
> why should i have a group with the name of my user
> if it has only one user - or why should i put the
> user "caroline" in group "harry" except for chaos
>
> no idea who invented this silly default, however, do not
> assume all people are using defaults all the time

It was "invented" by a number of people who understood how to get
along without ACLs and capabilities and all the stupid machinery
necessary to support them.

Adding ACLs and capabilities to a *nix system is like giving the car
owner a rope to tie his car door shut when there's already a perfectly
good lock on the door. Or screen doors on a submarine, take your pick.

--
Joel Rees
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-30-2012, 11:56 AM
Reindl Harald
 
Default Is it me or is it sudo?

Am 30.03.2012 13:51, schrieb Joel Rees:
> On Wed, Mar 28, 2012 at 10:48 PM, Reindl Harald <h.reindl@thelounge.net> wrote:
>> one of the odd defaults many are not using
>>
>> why should i have a group with the name of my user
>> if it has only one user - or why should i put the
>> user "caroline" in group "harry" except for chaos
>>
>> no idea who invented this silly default, however, do not
>> assume all people are using defaults all the time
>
> It was "invented" by a number of people who understood how to get
> along without ACLs and capabilities and all the stupid machinery
> necessary to support them

sounds more you do not understand what ACLs are for

how could a private user group replace ACLs?
if you have different users and groups which needs
defined permissions you will always need ACLs because
chmod can only reflect the primary group

for restrict access to a single user you need no ACL
chmod 600 does this for you




--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-30-2012, 07:39 PM
James Wilkinson
 
Default Is it me or is it sudo?

Reindl Harald wrote:
> sounds more you do not understand what ACLs are for
>
> how could a private user group replace ACLs?
> if you have different users and groups which needs
> defined permissions you will always need ACLs because
> chmod can only reflect the primary group
>
> for restrict access to a single user you need no ACL
> chmod 600 does this for you

It was in the old Red Hat Linux manuals (for example, section 6.4.1 of
ftp://archive.download.redhat.com/pub/redhat/linux/7.3/en/doc/RH-DOCS/pdf-en/rhl-rg-en.pdf):

IF you want a shared directory (say a project directory) writeable
by some but not all users,
AND IF you don’t want to use ACLs¹,
THEN you need to have that directory and everything in it owned by a
suitable group (and set to be group-writeable).

IF you don’t want to have users having to play around with
ownership and permissions all the time,
THEN you need to have the setgid bit on the folder set (which makes
all new files and directories automatically have the appropriate
group)
AND you need to have umask set to 002 (which makes all new files and
directories group-writeable).

From there, it follows that the easiest way to do this is to make 002
the default umask, which means that all new files and directories
created by normal users have these permissions. That means that if you
want files that only their owner can write to, you need a per-user
group.

It makes perfect sense.

James.

¹ This predated Linux ACLs, anyway.

--
E-mail: james@ | And that bird was singin' up a storm. Chirp, pause,
aprilcottage.co.uk | chirp. Almost a pulse, really. Astonishing how...
| mechanical...that...sounded. And then I put my head in
| my hands and sighed, because I had been trying to ID the
| mating call of my Epson printer. -- Ursula Vernon
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-31-2012, 12:19 AM
Joel Rees
 
Default Is it me or is it sudo?

On Sat, Mar 31, 2012 at 4:39 AM, James Wilkinson
<fedora@aprilcottage.co.uk> wrote:
> Reindl Harald wrote:
>> sounds more you do not understand what ACLs are for
>>
>> how could a private user group replace ACLs?
>> if you have different users and groups which needs
>> defined permissions you will always need ACLs because
>> chmod can only reflect the primary group
>>
>> for restrict access to a single user you need no ACL
>> chmod 600 does this for you
>
> It was in the old Red Hat Linux manuals (for example, section 6.4.1 of
> ftp://archive.download.redhat.com/pub/redhat/linux/7.3/en/doc/RH-DOCS/pdf-en/rhl-rg-en.pdf):
>
> * *IF you want a shared directory (say a project directory) writeable
> * *by some but not all users,
> * *AND IF you don’t want to use ACLs¹,
> * *THEN you need to have that directory and everything in it owned by a
> * *suitable group (and set to be group-writeable).
>
> * *IF you don’t want to have users having to play around with
> * *ownership and permissions all the time,
> * *THEN you need to have the setgid bit on the folder set (which makes
> * *all new files and directories automatically have the appropriate
> * *group)
> * *AND you need to have umask set to 002 (which makes all new files and
> * *directories group-writeable).
>
> From there, it follows that the easiest way to do this is to make 002
> the default umask, which means that all new files and directories
> created by normal users have these permissions. That means that if you
> want files that only their owner can write to, you need a per-user
> group.
>
> It makes perfect sense.
>
> James.
>
> ¹ This predated Linux ACLs, anyway.

And, of course, there are plenty of other ways to use per-user groups,
once you get your head around the idea that there is no one-to-one
relationship between user-ids and physical users.

One thing we didn't write back then, that we should have, was a
sub-user tool similar to the user tool --

subuser add/edit/delete/etc

It would have to incorporate user types, implicit/default quota
heuristics and other stuff that we didn't want to deal with then, but
find ourselves dealing with now, and it would use the setuid bit, so
each user could set up and get rid of his/her own private user/group
combos. Combine that with sudo, and we could have had sandboxed apps
years and years ago. (With a bit of work, but not near what ACLs and
their ilk cost us.)

That was the unix way, and we have parted from it to our detriment.

--
Joel Rees
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 10:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org