On Sun, Jun 28, 2020 at 10:01 PM ToddAndMargo via users
<users(a)lists.fedoraproject.org> wrote:
On 2020-06-28 12:16, ToddAndMargo via users wrote:
>
> I am trying to use sudo to work around the following bug
> I posted:
>
> ifdown access denied with USERCTL=yes
>
https://bugzilla.redhat.com/show_bug.cgi?id=1828100
>
> I wish they'd fix the bug, but it does not seems like it
> is every going to get any attention.
>
> So anyway, I fired up `sudovi` and added the following
> at the end of /etc/sudo.conf`:
>
> ## Allows members of the users group to down eno2
> %users ALL=/usr/libexec/nm-ifdown eno2
>
> Now when I run it from the command line, I get:
>
> $ /usr/libexec/nm-ifdown eno2
> Error: failed to load connection: access denied.
>
> Questions:
>
> 1) I thought `sudovi` caused sudo to reread sudo.conf
> on its exit. Am I mistaken? And if so, how do I
> force a reread?
>
> 2) what is wrong with the syntax of the command I added
> to sudo.conf?
It's "/etc/sudoers.conf".
It's better to add a file, for example "/etc/sudoers.d/ifdown", with
"visudo -f /etc/sudoers.d/ifdown".
Ah ha! This worked:
%users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2
Better:
%users ALL=(root) NOPASSWD: /usr/libexec/nm-ifdown
Then
$ sudo /usr/libexec/nm-ifdown eno2
Connection 'eno2' successfully deactivated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/2)
and `sudovi` did cause the re-read as I thought
There's no "sudovi". There's "visudo" to edit the
configuration and
there's "sudoedit" to edit a file as another user.