Still not working: sudoers file has no effect

blackhole · 2009-03-10 21:18:00

Hi guys,

I've recently added the following lines via visudo to the sudoers file when installing yaourt:

schorsch    ALL=NOPASSWD: /usr/bin/pacman
schorsch    ALL=NOPASSWD: /usr/bin/pacdiffviewer

However I'm still asked a password when using pacman and yaourt. Even when I manually type "sudo pacman -Ss foo" I have to enter my password. What's wrong?

Here's my complete sudoers file:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root        ALL=(ALL) ALL
schorsch    ALL=NOPASSWD: /usr/bin/pacman
schorsch    ALL=NOPASSWD: /usr/bin/pacdiffviewer

# Uncomment to allow people in group wheel to run all commands
%wheel    ALL=(ALL) ALL

# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

TIA,
Blackhole

Last edited by blackhole (2009-03-11 07:37:08)

haxit · 2009-03-10 21:22:54

Oops, scratch that. Never mind, sorry.

Last edited by haxit (2009-03-10 21:23:19)

Allan · 2009-03-10 21:32:50

blackhole wrote:

# sudoers file.
...
schorsch    ALL=NOPASSWD: /usr/bin/pacman
schorsch    ALL=NOPASSWD: /usr/bin/pacdiffviewer
...
# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

See the slight difference in syntax there. You want:

schorsch    ALL=(ALL)    NOPASSWD: /usr/bin/pacman

blackhole · 2009-03-10 21:40:57

aaaaaaaahhhhhh, stupid me!!! Thanks a lot Allan.

@Haxit: Scratch what? ;-)

Last edited by blackhole (2009-03-10 21:47:06)

blackhole · 2009-03-11 07:36:32

Erm, it still doesn't work:

schorsch@archie:~$ sudo pacman -Rs gvim
Password:

My sudoers file:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root        ALL=(ALL) ALL
schorsch    ALL=(ALL) NOPASSWD: /usr/bin/pacman
schorsch    ALL=(ALL) NOPASSWD: /usr/bin/pacdiffviewer

# Uncomment to allow people in group wheel to run all commands
%wheel    ALL=(ALL) ALL

# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

Any ideas?

Army · 2009-03-11 09:30:29

First, please stay with your config and then try to run pacdiffviewer with sudo, I'm quite sure, that it doesn't ask for a password. If so, I understood it right

Mine:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification
Defaults !lecture,tty_tickets,!fqdn,insults
# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL
army    ALL=(ALL) ALL
army    ALL=NOPASSWD: /sbin/reboot
army    ALL=NOPASSWD: /sbin/halt

# Uncomment to allow people in group wheel to run all commands
# %wheel    ALL=(ALL) ALL

# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

I guess you FIRST have to give yourself the right to use sudo and THEN allow yourself the useage of sudo without a password for specific commands.

Last edited by Army (2009-03-11 09:33:39)

klixon · 2009-03-11 10:48:24

No, that's not the problem.
The problem is that you give your user NOPASSWD right and then overwrite those rights with the %wheel line...
You're effectively saying:
1. Give me NOPASSWD access to reboot and halt
2. Give me (i'm in group wheel) PASSWD access to everything (including reboot and halt )

Just put the to NOPASSWD lines after the %wheel line and it should work

blackhole · 2009-03-11 12:11:14

Ah, that makes perfectly sense, Klixon. I wouldn't have thought that the order of the lines in sudoers is important. I'd assumed that user specific settings overrule group specific settings. Well, I'll try...

Arch Linux

#1 2009-03-10 21:18:00

Still not working: sudoers file has no effect

#2 2009-03-10 21:22:54

Re: Still not working: sudoers file has no effect

#3 2009-03-10 21:32:50

Re: Still not working: sudoers file has no effect

#4 2009-03-10 21:40:57

Re: Still not working: sudoers file has no effect

#5 2009-03-11 07:36:32

Re: Still not working: sudoers file has no effect

#6 2009-03-11 09:30:29

Re: Still not working: sudoers file has no effect

#7 2009-03-11 10:48:24

Re: Still not working: sudoers file has no effect

#8 2009-03-11 12:11:14

Re: Still not working: sudoers file has no effect

Board footer