somewhat OT: sudo question
JD
jd1008 at gmail.com
Fri Sep 10 01:13:04 UTC 2010
On 09/09/2010 05:32 PM, Ranjan Maitra wrote:
> On Thu, 9 Sep 2010 14:18:43 -0500 kalinix
> <calin.kalinix.cosma at gmail.com> wrote:
>
>> On Thu, 2010-09-09 at 14:12 -0500, Ranjan Maitra wrote:
>>
>>
>> On Thu, 9 Sep 2010 13:59:18 -0500 JD<jd1008 at gmail.com<mailto:jd1008 at gmail.com>> wrote:
>>
>>>
>>> On 09/09/2010 11:41 AM, Ranjan Maitra wrote:
>>>> Hi,
>>>>
>>>> I would like to set up sudo permissions for myself (let us say) such
>>>> that I do not need password for /usr/sbin/pm-hibernate
>>>> or /usr/sbin/pm-suspend but need it for everything else. Anyone know
>>>> off-hand how this can be done by adding lines in the /etc/sudoers file?
>>>>
>>>> Many thanks and best wishes,
>>>> Ranjan
>>> Append a line like the following to /etc/sudoers
>>>
>>> ranjan ALL=(ALL) NOPASSWD: ALL
>> Sorry, maybe I was not clear. I wanted to have the ability to use sudo
>> without password for the above two commands, but use sudo with password
>> (required) for everything else.
>>
>> Will it be enough to type the two commands with a comma separator after
>> the NOPASSWD: (and instead of the ALL)? I guess I could try this, but
>> wanted to be sure.
>>
>> Ranjan
>>
>>
>>> --
>>> users mailing list
>>> users at lists.fedoraproject.org<mailto:users at lists.fedoraproject.org>
>>> To unsubscribe or change subscription options:
>>> https://admin.fedoraproject.org/mailman/listinfo/users
>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>>
>>
>>
>> In aliases section:
>>
>>
>> Cmnd_Alias HIBERNATE = /usr/sbin/pm-hibernate, /usr/sbin/pm-suspend
>>
>>
>> in the main part:
>>
>> rajan ALL=(ALL) NOPASSWD: HIBERNATE
>>
>>
>> This should do the trick in the way that you will be able to run any command (ALL) and you will be asked for the password, except for commands that are defined under the HIBERNATE alias.
> Hi, I have been unable to get this to work. If I do exactly as above,
> or even forgo the alias and specifically write
>
> maitra ALL=(ALL) NOPASSWD:/usr/sbin/pm-hibernate,/usr/sbin/pm-suspend
>
> in the main part, nothing works under sudo. Specifically, even a simple
> command as sudo yum update yields:
>
> Sorry, user maitra is not allowed to execute '/usr/bin/yum update' as root on (name of machine).
>
> What is wrong here?
>
> Of course,
> maitra ALL=(ALL) ALL
>
> works just fine, but of course, asks me for my password for every sudo command.
>
>>
>> Fact is that once you entered the password in sudo, it will be remembered for the rest of the session.
> Really, in my case, there seems to be a time window of around 5 minutes
> or so before it again asks for a password. I like this feature (which I
> thought was default everywhere, but I guess not).
>
> Thanks!
> Ranjan
You have a typo.
The entry in sudoers should be:
maitra ALL=(ALL) NOPASSWD:
/usr/sbin/pm-hibernate,/usr/sbin/pm-suspend
Notice the space after the colon :
More information about the users
mailing list