You are not logged in.

#1 2013-08-06 21:02:44

nihilon
Member
Registered: 2013-08-06
Posts: 8

Sudo won't work without a password

I want to start by pointing out that I have spent most of today and last night searching the web and these forums for a solution that works. I can't find one. So here it goes...

Problem:
I cannot get the

$ sudo shutdown

command to work without asking for the root password:

$ sudo shutdown
[sudo] password for root:

Here is the unabridged version of my sudoers file:
pastebin: http://pastebin.com/fzhtMcYA

## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias	WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users.  These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias	ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands.  Often used to group related commands together.
# Cmnd_Alias	PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# 			    /usr/bin/pkill, /usr/bin/top

##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file.  Note that other programs use HOME to find   
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods.  Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.

Defaults log_output
Defaults!/usr/bin/sudoreplay !log_output
Defaults!/usr/local/bin/sudoreplay !log_output
Defaults!/sbin/reboot !log_output

Defaults rootpw

##
## Runas alias specification
##

##
## User privilege specification
##

root ALL=(ALL) ALL
joel ALL=(ALL) NOPASSWD: /usr/bin/shutdown, /sbin/shutdown

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
%sudo ALL=(ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d

Aside from uncommenting the lines that log the use of sudo and adding the line...

Defaults rootpw

...the only added line is:

joel ALL=(ALL) NOPASSWD: /sbin/shutdown

.

I have tried a number of different versions of this line, including:

joel ALL=(ALL) NOPASSWD: /usr/bin/shutdown, /sbin/shutdown
joel ALL=(ALL) NOPASSWD: /usr/bin/shutdown
joel ALL=NOPASSWD: /usr/bin/shutdown

...and a handful of others that I found in different posts to these forums and elsewhere.

My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.

Does anyone have any ideas about what might be going on? Did I screw something up or have I managed to find the only copy of sudo that doesn't care about sudoers? big_smile


"If we don't run as administrator, stuff breaks." from Writing Secure Code, Second Edition. Microsoft Press 2003

Offline

#2 2013-08-06 21:06:23

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Sudo won't work without a password

nihilon wrote:

My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.


If you have an active logind session and you are the only user logged in, then systemctl poweroff will work (without editing sudoers).


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2013-08-06 21:46:26

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,330
Website

Re: Sudo won't work without a password

Take this with a large grain of salt as it is only brainstorming and I don't know the answer: but does the NOPASSWD option work with symlinks (shutdown -> systemctl)?

EDIT: nevermind - it does.

Last edited by Trilby (2013-08-06 21:47:41)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#4 2013-08-06 22:07:50

nihilon
Member
Registered: 2013-08-06
Posts: 8

Re: Sudo won't work without a password

jasonwryan wrote:
nihilon wrote:

My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.


If you have an active logind session and you are the only user logged in, then systemctl poweroff will work (without editing sudoers).

No dice. I received two access denied errors and had to resort to using sudo. Which asked for the root password.


"If we don't run as administrator, stuff breaks." from Writing Secure Code, Second Edition. Microsoft Press 2003

Offline

#5 2013-08-06 22:09:08

nihilon
Member
Registered: 2013-08-06
Posts: 8

Re: Sudo won't work without a password

Trilby wrote:

Take this with a large grain of salt as it is only brainstorming and I don't know the answer: but does the NOPASSWD option work with symlinks (shutdown -> systemctl)?

EDIT: nevermind - it does.


I am glad you were able to figure it out. Because I don't even know what you're talking about.


"If we don't run as administrator, stuff breaks." from Writing Secure Code, Second Edition. Microsoft Press 2003

Offline

#6 2013-08-06 22:14:50

bleach
Member
Registered: 2013-07-26
Posts: 264

Re: Sudo won't work without a password

another thing to try

since it is for joel on any machine it will only work for joel anywere.

sudo shutdown -h now

try rebooting/relogging first

in my experience it needs sudo but will not ask for pass.

Last edited by bleach (2013-08-06 22:16:42)

Offline

#7 2013-08-06 22:15:58

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Sudo won't work without a password

nihilon wrote:
jasonwryan wrote:
nihilon wrote:

My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.


If you have an active logind session and you are the only user logged in, then systemctl poweroff will work (without editing sudoers).

No dice. I received two access denied errors and had to resort to using sudo. Which asked for the root password.

Is you session active? This is the correct way to shutdown/reboot under systemd.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#8 2013-08-06 23:05:24

nihilon
Member
Registered: 2013-08-06
Posts: 8

Re: Sudo won't work without a password

jasonwryan wrote:

Is you session active? This is the correct way to shutdown/reboot under systemd.


How would I determine that? I mean, I am logged in as that user, and I am the only person logged into the machine that I am aware of.


"If we don't run as administrator, stuff breaks." from Writing Secure Code, Second Edition. Microsoft Press 2003

Offline

#9 2013-08-06 23:16:52

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Sudo won't work without a password


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#10 2013-08-06 23:22:47

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,150

Re: Sudo won't work without a password

nihilon wrote:
jasonwryan wrote:

Is you session active? This is the correct way to shutdown/reboot under systemd.


How would I determine that? I mean, I am logged in as that user, and I am the only person logged into the machine that I am aware of.

Use jasonwryan's. I posted a command to check the status of the user sessions service, I think.

Last edited by cfr (2013-08-06 23:25:37)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#11 2013-08-06 23:42:08

ill
Member
From: US
Registered: 2011-06-22
Posts: 115

Re: Sudo won't work without a password

nihilon wrote:
jasonwryan wrote:
nihilon wrote:

My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.


If you have an active logind session and you are the only user logged in, then systemctl poweroff will work (without editing sudoers).

No dice. I received two access denied errors and had to resort to using sudo. Which asked for the root password.

This is a complete guess, but maybe that method won't work if your user isn't in the "power" group.

Offline

#12 2013-08-06 23:53:38

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Sudo won't work without a password


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#13 2013-08-07 00:27:22

bleach
Member
Registered: 2013-07-26
Posts: 264

Re: Sudo won't work without a password

it works for me with this

user (host/all)= NOPASSWD: /usr/bin/shutdown

shutdown -h now (halt or off)
shutdown -r now (reboot)
man shutdown

or shutdown and wait

Last edited by bleach (2013-08-07 00:29:13)

Offline

#14 2013-08-07 02:10:01

nihilon
Member
Registered: 2013-08-06
Posts: 8

Re: Sudo won't work without a password

jasonwryan wrote:

Is you session active? This is the correct way to shutdown/reboot under systemd.

Well, don't I feel dumb. After reading a little farther along in the links you sent my way, I came across a reference to something called polkit. So, bit by a curiosity bug, I clicked the link.

Turns out that polkit wasn't installed on my system. I don't know if that is normal or not but there it wasn't. I pacman -Syy'd, installed it, pacman -Syy'd again and tried the command...only to get a whole new set of errors. I rebooted on a hunch and wham! systemctl poweroff now shuts my system down, no questions asked. Thanks for the patience and suggestions. And thanks Jason for pointing me in the right direction. Lesson learned: I am going to scour the documentation first from now on.

As an aside, I really like the fact that Linux won't allow a shutdown without permission unless you're the only one logged onto the system. That's a pretty smart move big_smile. But you probably all already know that cool

Last edited by nihilon (2013-08-07 02:42:36)


"If we don't run as administrator, stuff breaks." from Writing Secure Code, Second Edition. Microsoft Press 2003

Offline

#15 2013-08-07 02:12:22

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,330
Website

Re: Sudo won't work without a password

And is X running on tty1?


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#16 2013-08-07 02:52:59

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,150

Re: Sudo won't work without a password

You should always follow pacman -Syy with pacman -Syu. Moreover, there is really no need to do pacman -Syy at all unless you are having problems with updates.


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#17 2013-08-07 03:17:08

bleach
Member
Registered: 2013-07-26
Posts: 264

Re: Sudo won't work without a password

your edit made responses irelevant why not make a new post or an edit tag.

Offline

Board footer

Powered by FluxBB