You are not logged in.
- Topics: Active | Unanswered
Announcement
#1 2012-08-06 20:29:16
- enricotognoni
- Member
- Registered: 2012-08-06
- Posts: 16
[OK] i need to force password request in sudo actually is free command
can you tell me why sudo doesnt ask password? could you tell me how to force the ask of password?
thanks you, my user is enrico:
[enrico@archbang ~]$ groups
lp wheel log network video audio optical storage power users
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!/sbin/reboot !log_output
Defaults:enrico timestamp_timeout=20
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
enrico ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
Last edited by enricotognoni (2012-08-08 16:49:26)
Offline
#2 2012-08-07 04:29:26
- oliver
- Administrator
- Registered: 2010-11-04
- Posts: 1,515
Re: [OK] i need to force password request in sudo actually is free command
## Read drop-in files from /etc/sudoers.d ## (the '#' here does not indicate a comment) #includedir /etc/sudoers.d
That code is a lot easier to read if you enclose it in [ c o d e ] [ / c o d e] tags (no spaces)
But the answer to your problem is in the little section I've posted... Take a look at the file in /etc/sudoers.d
To fix, edit it or remove that last section from sudoers (but remember sudoers can and will be overwritten with an update so it's best to leave it separated)
Welly, welly, welly, welly, welly, welly, well. To what do I owe the extreme pleasure of this surprising visit?
Offline
#3 2012-08-07 07:49:56
- enricotognoni
- Member
- Registered: 2012-08-06
- Posts: 16
Re: [OK] i need to force password request in sudo actually is free command
Thanks you i tried but i cant find a way to force in g_wheel only some command, so i deleted the file, i made this change in /etc/sudoers:
# %wheel ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: /sbin/halt,NOPASSWD: /sbin/shutdown,NOPASSWD: $
this way i can force password for most of the commands, and prevent abuse of privileges, how can i translate this in /etc/sudoers.d/g_wheel?
thanks you for the suggest to check includedir and #includedir it really tricked me O.o
ciao & thanks you!
Offline
#4 2012-08-07 08:56:11
- oliver
- Administrator
- Registered: 2010-11-04
- Posts: 1,515
Re: [OK] i need to force password request in sudo actually is free command
Thanks you i tried but i cant find a way to force in g_wheel only some command, so i deleted the file, i made this change in /etc/sudoers:
# %wheel ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: /sbin/halt,NOPASSWD: /sbin/shutdown,NOPASSWD: $this way i can force password for most of the commands, and prevent abuse of privileges, how can i translate this in /etc/sudoers.d/g_wheel?
thanks you for the suggest to check includedir and #includedir it really tricked me O.o
ciao & thanks you!
should be the same format... I'm not sure why that didn't work for you
Welly, welly, welly, welly, welly, welly, well. To what do I owe the extreme pleasure of this surprising visit?
Offline
#5 2012-08-07 09:40:22
- enricotognoni
- Member
- Registered: 2012-08-06
- Posts: 16
Re: [OK] i need to force password request in sudo actually is free command
Could you post your g_wheel file with description of permissions?
maybe i did some bad mistake.
(I deleted g_wheel, so to rebuild it do i have to use some command like visudo? i updated g_wheel using normal leafpad, could be the problem?)
thanks you!
Offline
#6 2012-08-07 13:07:14
- oliver
- Administrator
- Registered: 2010-11-04
- Posts: 1,515
Re: [OK] i need to force password request in sudo actually is free command
Mine is very simple... I just want open sudo for my specific user
# cat /etc/sudoers.d/localtrusted
oliver ALL=(ALL) NOPASSWD: ALLYou can call it whatever you want, so you *should* be able to cut-n-paste that line you want into a file
Welly, welly, welly, welly, welly, welly, well. To what do I owe the extreme pleasure of this surprising visit?
Offline
#7 2012-08-07 14:01:07
- enricotognoni
- Member
- Registered: 2012-08-06
- Posts: 16
Re: [OK] i need to force password request in sudo actually is free command
sudo EDITOR=nano visudo -f /etc/sudoers.d/g_wheele
root ALL=(ALL) ALL
enrico ALL=(ALL) ALL
enrico crunchbang = NOPASSWD: /usr/bin/wvdial,NOPASSWD: /sbin/modprobe .....this command for example allows me to create the file g_wheele correctly, i dont know why but NOPASSWD=ALL it looks really dangerous 
Offline
#8 2012-08-07 18:07:35
- oliver
- Administrator
- Registered: 2010-11-04
- Posts: 1,515
Re: [OK] i need to force password request in sudo actually is free command
i dont know why but NOPASSWD=ALL it looks really dangerous
I consider it more for convenience than security... but then again, I'm the only one using this box
Welly, welly, welly, welly, welly, welly, well. To what do I owe the extreme pleasure of this surprising visit?
Offline