somewhat OT: sudo question

JD jd1008 at gmail.com
Fri Sep 10 01:13:04 UTC 2010 


On 09/09/2010 05:32 PM, Ranjan Maitra wrote:
> On Thu, 9 Sep 2010 14:18:43 -0500 kalinix
> <calin.kalinix.cosma at gmail.com>  wrote:
>
>> On Thu, 2010-09-09 at 14:12 -0500, Ranjan Maitra wrote:
>>
>>
>> On Thu, 9 Sep 2010 13:59:18 -0500 JD<jd1008 at gmail.com<mailto:jd1008 at gmail.com>>  wrote:
>>
>>>
>>> On 09/09/2010 11:41 AM, Ranjan Maitra wrote:
>>>> Hi,
>>>>
>>>> I would like to set up sudo permissions for myself (let us say) such
>>>> that I do not need password for /usr/sbin/pm-hibernate
>>>> or /usr/sbin/pm-suspend but need it for everything else. Anyone know
>>>> off-hand how this can be done by adding lines in the /etc/sudoers file?
>>>>
>>>> Many thanks and best wishes,
>>>> Ranjan
>>> Append a line like the following to /etc/sudoers
>>>
>>> ranjan      ALL=(ALL)       NOPASSWD: ALL
>> Sorry, maybe I was not clear. I wanted to have the ability to use sudo
>> without password for the above two commands, but use sudo with password
>> (required) for everything else.
>>
>> Will it be enough to type the two commands with a comma separator after
>> the NOPASSWD: (and instead of the ALL)? I guess I could try this, but
>> wanted to be sure.
>>
>> Ranjan
>>
>>
>>> --
>>> users mailing list
>>> users at lists.fedoraproject.org<mailto:users at lists.fedoraproject.org>
>>> To unsubscribe or change subscription options:
>>> https://admin.fedoraproject.org/mailman/listinfo/users
>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>>
>>
>>
>> In aliases section:
>>
>>
>> Cmnd_Alias HIBERNATE = /usr/sbin/pm-hibernate, /usr/sbin/pm-suspend
>>
>>
>> in the main part:
>>
>> rajan ALL=(ALL)    NOPASSWD: HIBERNATE
>>
>>
>> This should do the trick in the way that you will be able to run any command (ALL) and you will be asked for the password, except for commands that are defined under the HIBERNATE alias.
> Hi, I have been unable to get this to work. If I do exactly as above,
> or even forgo the alias and specifically write
>
> maitra	ALL=(ALL) NOPASSWD:/usr/sbin/pm-hibernate,/usr/sbin/pm-suspend
>
> in the main part, nothing works under sudo. Specifically, even a simple
> command as sudo yum update yields:
>
> Sorry, user maitra is not allowed to execute '/usr/bin/yum update' as root on (name of machine).
>
> What is wrong here?
>
> Of course,
> maitra	ALL=(ALL) ALL
>
> works just fine, but of course, asks me for my password for every sudo command.
>
>>
>> Fact is that once you entered the password in sudo, it will be remembered for the rest of the session.
> Really, in my case, there seems to be a time window of around 5 minutes
> or so before it again asks for a password. I like this feature (which I
> thought was default everywhere, but I guess not).
>
> Thanks!
> Ranjan

You have a typo.
The entry in sudoers should be:
maitra    ALL=(ALL)      NOPASSWD: 
/usr/sbin/pm-hibernate,/usr/sbin/pm-suspend

Notice the space after the colon :

More information about the users mailing list