I'm trying to configure sudo so that my user account can perform system/package updates rather than having to be root. I've edited the file as shown below, but as it stands, it will allow my user account to launch the applications listed in the "Cmnd_Alias", but fails to prompt me for my user password before performing the task.
Here's my /etc/sudoers file:
*********************************
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
# Host alias specification
Host_Alias PINGSTORM = localhost
# User alias specification
User_Alias UPDATERS = jigs
User_Alias PACKAGERS = jigs
# Cmnd alias specification
Cmnd_Alias CONTROL = /usr/bin/apt-cache, /usr/bin/apt-get, /usr/bin/aptitude
Cmnd_Alias SEEKER = /usr/bin/dpkg, /usr/bin/wget
# User privilege specification
root ALL=(ALL) ALL
jigs PINGSTORM = CONTROL
jigs PINGSTORM = SEEKER
**********************************
When I list the available sudo tasks for my user account, it displays the following:
jigs@pingstorm:~$ sudo -l
User jigs may run the following commands on this host:
(root) /usr/bin/apt-cache, /usr/bin/apt-get, /usr/bin/aptitude
(root) /usr/bin/dpkg, /usr/bin/wget
jigs@pingstorm:~$
I have not used the NOPASSWD tag, so I'm a bit confused as to why it's not requiring me to authenticate my user account with the proper password. I'm hoping someone with more knowledge about sudo can point out the error(s) in my sudoers file and correct the lack of password input.
Thanks for any input...
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
sudo configuration question
Hi pigah, thanks for the reply.
I agree, the 'timestamp' does make it easier to do multiple sudos. My issue is that sudo has never required me to authenticate my user account when attempting tp perform any of the commands listed in the "Cmnd_Alias" section of the sudoers file. The first time I issued a sudo command, as user "jigs", it processed the request without asking for a password.
I tried to edit the "User privilege specification" to include the PASSWD attribute as shown below, but it had no effect on the lack of authentication.
jigs PINGSTORM = PASSWD: CONTROL
jigs PINGSTORM = PASSWD: SEEKER
Again, thanks for your reply, and any further help would be more than welcome.
I agree, the 'timestamp' does make it easier to do multiple sudos. My issue is that sudo has never required me to authenticate my user account when attempting tp perform any of the commands listed in the "Cmnd_Alias" section of the sudoers file. The first time I issued a sudo command, as user "jigs", it processed the request without asking for a password.
I tried to edit the "User privilege specification" to include the PASSWD attribute as shown below, but it had no effect on the lack of authentication.
jigs PINGSTORM = PASSWD: CONTROL
jigs PINGSTORM = PASSWD: SEEKER
Again, thanks for your reply, and any further help would be more than welcome.
If roots laughing, you better have backups!
Debian GNU/Linux
Debian GNU/Linux
lacek,
I think you found my mistake. I had added my user account to the sudo group shortly after installing Sarge. Until your post, I had forgotten all about that.
I'm currently at work so I'll remove my user "jigs" from the sudo group and update the results tonight.
Thanks...
I think you found my mistake. I had added my user account to the sudo group shortly after installing Sarge. Until your post, I had forgotten all about that.
I'm currently at work so I'll remove my user "jigs" from the sudo group and update the results tonight.
Thanks...
If roots laughing, you better have backups!
Debian GNU/Linux
Debian GNU/Linux
-
Guest