You are not logged in.

#1 2004-10-15 20:07:35

punkrockguy318
Member
From: New Jersey
Registered: 2004-02-15
Posts: 711
Website

Sudo without password

How can I set it up to    "sudo foobarcommand"   and do it without a passwd?  I keep getting syntax errors....


If I have the gift of prophecy and can fathom all mysteries and all knowledge, and if I have a faith that can move mountains, but have not love, I am nothing.   1 Corinthians 13:2

Offline

#2 2004-10-15 20:17:45

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Sudo without password

you have to add a user and command allowed to the sudoers file... I didn't like sudo when I installed it, because I'd end up with a file and like 40 commands.... I'd run:

cd ~/blah/some/dir
sudo do_soemthing
sudo something_else
sudo another_command
sudo blahblahblah

and then every now and then I'd hit a command I needed but didn't have, edit the file and add it... when I could jsut go:

cd ~/blah/some/dir
su
password: ******
command1
command2
command3
....

no file upkeep here!

Offline

#3 2004-10-15 20:21:23

punkrockguy318
Member
From: New Jersey
Registered: 2004-02-15
Posts: 711
Website

Re: Sudo without password

Yeah, I know how to use su.. But I want to set up so that the "wheel" group can execute "updatedb"  through sudo without a password.  I know it's possible


If I have the gift of prophecy and can fathom all mysteries and all knowledge, and if I have a faith that can move mountains, but have not love, I am nothing.   1 Corinthians 13:2

Offline

#4 2004-10-15 20:46:19

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Sudo without password

%wheel ALL=(updatedb) NOPASSWD: ALL

Offline

#5 2004-10-15 20:53:27

punkrockguy318
Member
From: New Jersey
Registered: 2004-02-15
Posts: 711
Website

Re: Sudo without password

that doesn't work... it needs to be /usr/bin/updatedb


If I have the gift of prophecy and can fathom all mysteries and all knowledge, and if I have a faith that can move mountains, but have not love, I am nothing.   1 Corinthians 13:2

Offline

#6 2004-10-15 21:12:04

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Sudo without password

bah whatever... it was close enough...

Offline

#7 2004-10-15 21:21:20

punkrockguy318
Member
From: New Jersey
Registered: 2004-02-15
Posts: 711
Website

Re: Sudo without password

but it doesn't work when you change it to /usr/bin/updatedb either....


If I have the gift of prophecy and can fathom all mysteries and all knowledge, and if I have a faith that can move mountains, but have not love, I am nothing.   1 Corinthians 13:2

Offline

#8 2004-10-15 22:42:43

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Sudo without password

hmmm see if it works without the NOPASSWD first:

%wheel ALL = (/usr/bin/updatedb) ALL

I may have the password syntax off...

Offline

#9 2004-10-16 03:14:48

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Sudo without password

make sure you edit the sudoers file with
visudo
instead of directly editing the sudoers file..it doesn't work otherwise. And you need to have the user be a member of the wheel group if you are setting it up by groups.

if you just want to do it for one user:
$ visudo

then edit file and add the following

username localhost=/path/to/command,/pathtoothercommands_seperatedby_commas,/bin/* root

it goes like this if I recall correctly
username host(s) = command(s)[,morecommands] user_su_targets

consult man sudoers for more information


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#10 2004-10-16 04:48:20

Dusty
Schwag Merchant
From: Medicine Hat, Alberta, Canada
Registered: 2004-01-18
Posts: 5,986
Website

Re: Sudo without password

man sudoers has *got* to be nominated for the 'most confusing manpage ever' award.

Try something like this:

# Defaults specification
Defaults:username  !authenticate
  
# User privilege specification
root    ALL = (ALL) ALL
username   ALL = (ALL) ALL

The Defaults section sets up the non authentication; I assume you can do something similar with groups, but I don't know.

Dusty

Offline

#11 2004-10-16 08:41:25

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Sudo without password

Dusty wrote:

man sudoers has *got* to be nominated for the 'most confusing manpage ever' award.

lol


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#12 2004-10-17 03:16:05

punkrockguy318
Member
From: New Jersey
Registered: 2004-02-15
Posts: 711
Website

Re: Sudo without password

Thanks dusty... Is there anyway to be able to execute some commands without a passwd, but a passwd is needed for others?


If I have the gift of prophecy and can fathom all mysteries and all knowledge, and if I have a faith that can move mountains, but have not love, I am nothing.   1 Corinthians 13:2

Offline

#13 2004-10-17 04:39:40

Dusty
Schwag Merchant
From: Medicine Hat, Alberta, Canada
Registered: 2004-01-18
Posts: 5,986
Website

Re: Sudo without password

punkrockguy318 wrote:

Thanks dusty... Is there anyway to be able to execute some commands without a passwd, but a passwd is needed for others?


Yes but... I don't know exactly how... read that sudoers manpage. Um.... Start Monday morning and you may have it figured out by Friday.

You can set up different command aliases and groups and everything.

Dusty

Offline

#14 2004-10-18 01:08:36

z4ziggy
Member
From: Israel
Registered: 2004-03-29
Posts: 573
Website

Re: Sudo without password

just a small comment about sudo with no password -
u can edit /etc/pam.d/sudo and set the following as the 1st line to allow wheel group to use sudo with no password :

auth           sufficient      pam_wheel.so trust use_uid

hope this helps,
z4ziggy

Offline

Board footer

Powered by FluxBB