Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL Apparently it has no effect - I have to enter password each time sudo is invoked for the first time. What the heck and how do I solve this mystery?
Am 30.11.2011 11:38, schrieb Hiisi:
However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL Apparently it has no effect - I have to enter password each time sudo is invoked for the first time. What the heck and how do I solve this mystery?
where have you defined it and are this really TABs?
the following works since years on my build-machines to call "rpmbuild" batch-scripts as builduser followed by a "yum localupdate" before the next package is built to make sure that it uses the libraries from before
hopefully this is not broken in F16
## Allow root to run any commands anywhere root ALL=(ALL) ALL builduser ALL=(ALL) NOPASSWD: ALL
On 30/11/11 10:38, Hiisi wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL Apparently it has no effect - I have to enter password each time sudo is invoked for the first time.
Try taking out the space after NOPASSWD:
HTH, Rich
On Wed, Nov 30, 2011 at 4:08 PM, Hiisi hiisi@fedoraproject.org wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL Apparently it has no effect - I have to enter password each time sudo is invoked for the first time. What the heck and how do I solve this mystery? -- Hiisi. Registered Linux User #487982. Be counted at: http://counter.li.org/ -- Spandex is a privilege, not a right. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Make sure you are using visudo to edit sudoers file.
On 30 November 2011 14:45, Digvijay Patankar dbpatankar@gmail.com wrote:
Make sure you are using visudo to edit sudoers file.
Does it matter?
Am 30.11.2011 11:59, schrieb Hiisi:
On 30 November 2011 14:45, Digvijay Patankar dbpatankar@gmail.com wrote:
Make sure you are using visudo to edit sudoers file.
Does it matter?
well top of the file there are comments:
## This file must be edited with the 'visudo' command.
Yes it does. It has something to do with proper format which is ensured by visudo but not vi.
On Wed, Nov 30, 2011 at 4:29 PM, Hiisi hiisi@fedoraproject.org wrote:
On 30 November 2011 14:45, Digvijay Patankar dbpatankar@gmail.com wrote:
Make sure you are using visudo to edit sudoers file.
Does it matter?
Hiisi. Registered Linux User #487982. Be counted at: http://counter.li.org/ -- Spandex is a privilege, not a right. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 30 November 2011 15:01, Digvijay Patankar dbpatankar@gmail.com wrote:
Yes it does. It has something to do with proper format which is ensured by visudo but not vi.
On Wed, Nov 30, 2011 at 4:29 PM, Hiisi hiisi@fedoraproject.org wrote:
On 30 November 2011 14:45, Digvijay Patankar dbpatankar@gmail.com wrote:
Make sure you are using visudo to edit sudoers file.
Does it matter?
I used to do it both ways. This time I did it by 'visudo'.
On Wed, 2011-11-30 at 13:38 +0300, Hiisi wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL Apparently it has no effect - I have to enter password each time sudo is invoked for the first time. What the heck and how do I solve this mystery? -- Hiisi. Registered Linux User #487982. Be counted at: http://counter.li.org/ -- Spandex is a privilege, not a right.
When you add yourself or another and add them to the administrators group they become a member of group wheel. Run visudo find the no password line for the wheel group and uncomment it and comment the other one.
On 30 November 2011 15:15, Terry Polzin foxec208@wowway.com wrote:
When you add yourself or another and add them to the administrators group they become a member of group wheel. Run visudo find the no password line for the wheel group and uncomment it and comment the other one.
Thank you, Terry. You did it! List, sorry for the noise and thanks to everybody involved in discussion.
Am 30.11.2011 12:37, schrieb Emilio Lopez:
I'm trying to set up passwordless sudo for myself
Im not familiar with sudo, but doing it, sudo without password, is not a bad practice that allow any program to run anything as root without your knowledge, (calling sudo internally)???
yes it is normally a bad idea
but depends on what the user and script running under this user are supposed to do - for role-accounts where you have automatic batch-jobs which should start task as normal user and needs sudo it is a good thing
[builduser@buildserver:~]$ cat /rpmbuild/SPECS/build-all.sh #!/bin/bash
DATE_COMPILE_START=$(date "+%d.%m.%Y %H:%M:%S")
source /home/builduser/config.sh cd /rpmbuild/SPECS/
QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -bb GeoIP.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/httpd.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_security.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_flvx.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_bw.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_bwshare.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_h264_streaming.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mysql.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
./build-all-php.sh
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libmp4v2.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/x264.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libquicktime.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/lame.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/faac.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/faad2.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/a52dec.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/libvpx.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/libmpdclient.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/pulsed.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/mpd.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/mpdscribble.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/ffmpeg.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/transcode.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/postfix.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/postgrey.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/dovecot.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/dbmail.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/dbmail-postfix-policyd.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/webalizer-xtended.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/mp3info.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/iat.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/aespipe.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/mysqltuner.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/php-reader.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/php-manual-de.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/phpMyAdmin.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-class-std-fast.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-soap-wsdl.spec sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-net-dri.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-IO-Socket-INET6.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/netatalk.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/hylafax.spec rpmbuild -bb /home/builduser/rpmbuild/SPECS/iaxmodem.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm
./build-horde.sh sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm
DATE_COMPILE_FINISH=$(date "+%d.%m.%Y %H:%M:%S") echo "" echo "-----------------------------------------------" echo $DATE_COMPILE_START echo $DATE_COMPILE_FINISH echo "-----------------------------------------------"
On Wed, 2011-11-30 at 13:38 +0300, Hiisi wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL Apparently it has no effect - I have to enter password each time sudo is invoked for the first time. What the heck and how do I solve this mystery? -- Hiisi.
I hope you are using visudo to edit the /etc/sudoers file. I made the mistake yesterday using vi to do the edit and that will not work.
On Wed, 2011-11-30 at 10:44 +0000, Rich Boyce wrote:
On 30/11/11 10:38, Hiisi wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL Apparently it has no effect - I have to enter password each time sudo is invoked for the first time.
Try taking out the space after NOPASSWD:
No the blank should be there.
On Wed, 2011-11-30 at 14:04 +0300, Hiisi wrote:
On 30 November 2011 15:01, Digvijay Patankar dbpatankar@gmail.com wrote:
Yes it does. It has something to do with proper format which is ensured by visudo but not vi.
On Wed, Nov 30, 2011 at 4:29 PM, Hiisi hiisi@fedoraproject.org wrote:
On 30 November 2011 14:45, Digvijay Patankar dbpatankar@gmail.com wrote:
Make sure you are using visudo to edit sudoers file.
Does it matter?
I used to do it both ways. This time I did it by 'visudo'.
I tried this yesterday and vo does not work
On 30 November 2011 17:09, Aaron Konstam akonstam@sbcglobal.net wrote:
On Wed, 2011-11-30 at 14:04 +0300, Hiisi wrote:
On 30 November 2011 15:01, Digvijay Patankar dbpatankar@gmail.com wrote:
Yes it does. It has something to do with proper format which is ensured by visudo but not vi.
On Wed, Nov 30, 2011 at 4:29 PM, Hiisi hiisi@fedoraproject.org wrote:
On 30 November 2011 14:45, Digvijay Patankar dbpatankar@gmail.com wrote:
Make sure you are using visudo to edit sudoers file.
Does it matter?
I used to do it both ways. This time I did it by 'visudo'.
I tried this yesterday and vo does not work
Just yesterday I edited it using vi on debian squeeze and everything works like a charm. Nevertheless, using help from this list I managed to get it to work now.
On Wed, 2011-11-30 at 13:38 +0300, Hiisi wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL
On initial installs when this is setup, your userID is not added to the sudoers file itself. The *wheel* group is what is allowed/setup in sudoers, and your userid is added to the *wheel* group in the /etc/group file, such as below..
wheel:x:10:your-username-here
If you wanted to do passwordless, then comment out the line below..
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
And uncomment the line below here..
## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL
In other words, it doesn't add the username/ID itself to the sudoers file, it goes through the *wheel* group and you add/drop users from there on need to use basis.
On Wednesday 30 November 2011 10:49:40 Mike Chambers wrote:
On Wed, 2011-11-30 at 13:38 +0300, Hiisi wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL
On initial installs when this is setup, your userID is not added to the sudoers file itself. The *wheel* group is what is allowed/setup in sudoers, and your userid is added to the *wheel* group in the /etc/group file, such as below..
wheel:x:10:your-username-here
If you wanted to do passwordless, then comment out the line below..
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
And uncomment the line below here..
## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL
In other words, it doesn't add the username/ID itself to the sudoers file, it goes through the *wheel* group and you add/drop users from there on need to use basis.
Wouldn't this actually enable passwordless sudo for all members of the wheel group, rather than just for one user?
What would the config look like if the OP wants to be both a member of the wheel group, and have a paswordless sudo config *only* for himself?
Best, :-) Marko
On Wed, 2011-11-30 at 17:36 +0000, Marko Vojinovic wrote:
On Wednesday 30 November 2011 10:49:40 Mike Chambers wrote:
On Wed, 2011-11-30 at 13:38 +0300, Hiisi wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL
On initial installs when this is setup, your userID is not added to the sudoers file itself. The *wheel* group is what is allowed/setup in sudoers, and your userid is added to the *wheel* group in the /etc/group file, such as below..
wheel:x:10:your-username-here
If you wanted to do passwordless, then comment out the line below..
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
And uncomment the line below here..
## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL
In other words, it doesn't add the username/ID itself to the sudoers file, it goes through the *wheel* group and you add/drop users from there on need to use basis.
Wouldn't this actually enable passwordless sudo for all members of the wheel group, rather than just for one user?
Yes it would. Or change the group to something else instead of wheel and just make sure the groups file is updated.
What would the config look like if the OP wants to be both a member of the wheel group, and have a paswordless sudo config *only* for himself?
If just using the stuff already in the config, for example the OP could uncomment the first one with wheel and use that one with passwords, and then uncomment the line below and put in his own group for ones without passwords.
Not sure which one is read/used first but assuming it would know. man sudoers for more information.
On Wed, Nov 30, 2011 at 12:36 PM, Marko Vojinovic vvmarko@gmail.com wrote:
Wouldn't this actually enable passwordless sudo for all members of the wheel group, rather than just for one user?
What would the config look like if the OP wants to be both a member of the wheel group, and have a paswordless sudo config *only* for himself?
Just use the username of the user instead of %wheel
mike ALL=(ALL) NOPASSWD: ALL
Adding a user to the wheel group is a separate issue. This can be done via the user manager gui, or by editing /etc/group. As far as the sudoers file goes, all settings for wheel are commented out by default
Not sure if there are other reasons to add a user to the wheel group. Don't think there is any other use for the wheel group. Perhaps someone else who knows can respond to that issue.
Mike
On Wed, 2011-11-30 at 10:49 -0600, Mike Chambers wrote:
On Wed, 2011-11-30 at 13:38 +0300, Hiisi wrote:
Hi, list! I'm trying to set up passwordless sudo for myself. It's a shiny brand new fresh-installed F16. During first boot I had been asked to create a new user and put him to administrative group. I answered yes and hence my user is able to run commands using sudo. However in /etc/sudoers there's not a mention of my user. I've added the following string to it: hiisi ALL=(ALL) NOPASSWD: ALL
On initial installs when this is setup, your userID is not added to the sudoers file itself. The *wheel* group is what is allowed/setup in sudoers, and your userid is added to the *wheel* group in the /etc/group file, such as below..
wheel:x:10:your-username-here
If you wanted to do passwordless, then comment out the line below..
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
And uncomment the line below here..
## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL
In other words, it doesn't add the username/ID itself to the sudoers file, it goes through the *wheel* group and you add/drop users from there on need to use basis.
Thhat is not copletely true. Using visudo and adding the line:
hilsi ALL=(root) NOPASSWD ALL
should work.
On Wed, 2011-11-30 at 15:32 -0500, Mike Williams wrote:
Not sure if there are other reasons to add a user to the wheel group. Don't think there is any other use for the wheel group.
Maybe not for the OP, but there is also a pam_wheel module that will succeed only if the invoking user is in the wheel group. It is sometimes used in /etc/pam.d/su to allow only wheel group users to use su.
--Greg
-
Aaron Konstam -
Digvijay Patankar -
Emilio Lopez -
Greg Woods -
Hiisi -
Marko Vojinovic -
Mike Chambers -
Mike Williams -
Reindl Harald -
Rich Boyce -
Terry Polzin