Please help me with my sudoers file

Jiran · 2009-06-11 19:05:48

So I've tried a number of solutions but nothing is working. I have Openbox and the menu has the command "sudo poweroff". So, naturally, I want this to be done without being root. So, I set my sudoers file to do just that, and it's not working. I've tried a number of solutions offered in these forums, but I'm still just not getting it. Can someone please help me?

Here is my sudoers file:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL
dylan    ALL=(ALL) ALL
dylan    ALL=NOPASSWD: /usr/bin/pacman
dylan    ALL=NOPASSWD: /usr/bin/pacdiffviewer
dylan    ALL=NOPASSWD: /sbin/shutdown

# Uncomment to allow people in group wheel to run all commands
# %wheel    ALL=(ALL) ALL

# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  dylan-laptop=/sbin/shutdown -h now
# %users  dylan-laptop=/sbin/shutdown -r now

And here's the code for my menu.xml:

<item label="Reboot">
                        <action name="Execute">
                                <command>sudo reboot</command>
                                <prompt>Reboot?</prompt>
                        </action>
                </item>
                <item label="Shutdown">
                        <action name="Execute">
                                <command>sudo poweroff</command>
                                <prompt>Shutdown?</prompt>
                        </action>
                </item>

Thanks in advance!

keegan · 2009-06-11 19:11:19

Log out and back in and see if that worked? I usually just use /sbin/halt

brisbin33 · 2009-06-11 19:34:32

here's mine, it works (login/out might be required as mentioned).

patrick ALL=(ALL) NOPASSWD: /sbin/shutdown

edit: /sbin/poweroff is a symlink to /sbin/halt; not sure which is valid in the sudoers file itself, Xyne say's poweroff is enough. and put the full path in the menu.xml just to be safe.

edit2: to be clear

sudoers:

pattrick ALL=(ALL) NOPASSWD: /sbin/shutdown

menu.xml:

<command>sudo /sbin/shutdown -h now</command> poweroff?
<command>sudo /sbin/shutdown -r now</command> reboot?

poweroff reboot halt shutdown, they all do basically the same thing, i'd just make sure the sudoers command matches the openbox command obviously.

edit3: Xyne's solution is cleanest... go with it.

edit4: i agree, it's like slow-ass gchat

Last edited by brisbin33 (2009-06-11 19:47:11)

Xyne · 2009-06-11 19:38:44

You should use the power group for that. Add this to the end of your sudoers file:

%power ALL=NOPASSWD: /sbin/poweroff, /sbin/reboot

Add yourself to the power group if you haven't already, then log out and back in. This enables me to reboot and shutdown from the openbox menu using the same entries that you've posted above.

*edit*
I should also mention that this has come up before on the forum. In general it's a good idea to use the search function at the upper right before posting generic questions. In this case, searching for "openbox poweroff" returns several threads.

*edit 2*
@brisbin33
You don't need to add halt, it's enough to have /sbin/poweroff and /sbin/reboot (that's all I have and it works).

*edit 3*
@brisbin33
This real-time editing and replying in edits is funny.

Last edited by Xyne (2009-06-11 19:42:30)

ataraxia · 2009-06-12 13:43:04

You don't have to log out and back in for sudoers changes to take effect.

You do, however, have to run with the full paths to the allowed apps. If you spell it "/sbin/poweroff" in sudoers, you need to run "sudo /sbin/poweroff" - "sudo poweroff" won't work. This is a security feature - otherwise, what prevents you from writing malware, changing your path so it will find it, and making sudo run the malware as root for you?

Gen2ly · 2009-06-12 22:27:06

keegan wrote:

Log out and back in and see if that worked? I usually just use /sbin/halt

I'm pretty sure /sbin/halt is the executable command for actually shutting down the system. It doesn't perform the checks, shutdown programs properly, or cleanly unmount the hard drive; I would not use this.

Xyne · 2009-06-12 23:00:29

ataraxia wrote:

You don't have to log out and back in for sudoers changes to take effect.
You do, however, have to run with the full paths to the allowed apps. If you spell it "/sbin/poweroff" in sudoers, you need to run "sudo /sbin/poweroff" - "sudo poweroff" won't work. This is a security feature - otherwise, what prevents you from writing malware, changing your path so it will find it, and making sudo run the malware as root for you?

I have "/sbin/poweroff" and "/sbin/reboot" in the sudoers file and yet "sudo poweroff" and "sudo reboot" work. Maybe it's because they're links to halt or maybe it's because sudo determines the full absolute path on its own but whatever the reason I don't need to specify the full path when running them with sudo.

Also, just for the sake of clarity, if you use the power group as I suggested above, you will need to log out and log back in if have to add yourself to the group. If you are already in the group then you shouldn't need to.

Arch Linux

#1 2009-06-11 19:05:48

Please help me with my sudoers file

#2 2009-06-11 19:11:19

Re: Please help me with my sudoers file

#3 2009-06-11 19:34:32

Re: Please help me with my sudoers file

#4 2009-06-11 19:38:44

Re: Please help me with my sudoers file

#5 2009-06-12 13:43:04

Re: Please help me with my sudoers file

#6 2009-06-12 22:27:06

Re: Please help me with my sudoers file

#7 2009-06-12 23:00:29

Re: Please help me with my sudoers file

Board footer