Post your /etc/sudoers (if you use sudo)

Peasantoid · 2009-05-21 23:30:37

I thought it would be interesting to see what other people stick in there.

root    ALL=(ALL) ALL
peasantoid ALL=(ALL) ALL

peasantoid ALL=NOPASSWD: /usr/sbin/pm-suspend
peasantoid ALL=NOPASSWD: /usr/sbin/iwconfig
peasantoid ALL=NOPASSWD: SETENV: /usr/bin/vlock # for locking screen, e.g. `sudo USER=peasantoid vlock -n`

sand_man · 2009-05-22 01:27:03

You actually thought this would be interesting?
Mine is pretty much standard.

Peasantoid · 2009-05-22 01:30:03

sand_man wrote:

You actually thought this would be interesting?

That is what I said, no?

I just wanted to see what kind of sudo hackery people had done, that's all.

tomd123 · 2009-05-22 02:16:45

My sudo is standard, only thing I do is visudo, go to the line where it lets all users in wheel use sudo.. and uncomment it. Bang.

Lexion · 2009-05-22 02:21:40

Same.

Peasantoid · 2009-05-22 03:12:16

Mhm... it's become clear to me that this is one hell of a boring thread.

von_Wanderlust · 2009-05-22 04:49:26

Yeah, most of mine is the same as the previous posts. I have added shutdown and reboot, and the shutdown helper for xfce4. I have also added a NOPASSWD entry for netcfg, which is handy when moving around a bit.

# User privilege specification
root    ALL=(ALL) ALL
vW    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
%wheel    ALL=(ALL) ALL
# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

vW ALL=(root) NOPASSWD: /usr/lib/xfce4/xfsm-shutdown-helper
# %users localhost=NOPASSWD:/usr/lib/xfce4/xfsm-shutdown-helper

# http://wiki.archlinux.org/index.php/Allow_users_to_shutdown
vW localhost = NOPASSWD: /sbin/shutdown -h now
vW localhost = NOPASSWD: /sbin/reboot

# allow me to control wireless
vW localhost = NOPASSWD: /usr/bin/netcfg2

Barrucadu · 2009-05-22 07:39:31

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

Defaults env_keep += "XDG_SESSION_COOKIE"

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
%wheel    ALL=(ALL) ALL

# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
%wheel ALL= (ALL) NOPASSWD: /etc/rc.d/mpd restart
%wheel ALL= (ALL) NOPASSWD: /etc/rc.d/mpdscribble restart
%wheel ALL= (ALL) NOPASSWD: /usr/sbin/iwlist wlan0 scan
%wheel ALL= (ALL) NOPASSWD: /sbin/shutdown -hP now
%wheel ALL= (ALL) NOPASSWD: /etc/rc.d/hal start
%wheel ALL= (ALL) NOPASSWD: /sbin/reboot
%wheel ALL= (ALL) NOPASSWD: /bin/sync
%wheel ALL= (ALL) NOPASSWD: /usr/bin/netcfg2
%wheel ALL= (ALL) NOPASSWD: /usr/bin/beep
%wheel ALL= (ALL) NOPASSWD: /usr/bin/wifi-select

hatten · 2009-05-22 09:33:46

suspend without password

bangkok_manouel · 2009-05-22 17:50:24

eb      blackout=/usr/bin/pacman,/usr/bin/abs,/etc/rc.d/*,/usr/bin/vim /etc/*,/usr/bin/aurbuild,/usr/bin/vim /boot/grub/menu.lst
eb      blackout=NOPASSWD:/sbin/shutdown,/sbin/reboot

Last edited by bangkok_manouel (2009-05-22 17:50:50)

Yannick_LM · 2009-05-22 20:08:47

Defaults insults, logfile=/var/log/sudo

root    ALL=(ALL) ALL
%wheel    ALL=(ALL) ALL

%users localhost=NOPASSWD: /sbin/halt
%users localhost=NOPASSWD: /sbin/reboot
%wheel localhost=NOPASSWD: /etc/rc.d/net-profiles restart


%users ALL=NOPASSWD: /usr/bin/pacman
%users ALL=NOPASSWD: /usr/bin/pacdiffviewer

Well, halt and reboot are there to be able to shut down the computer quickly.
(like in a menu entry of my WM)

net-profiles because it's easy to have problems with Wi-Fi ...

pacmam and pacdiffviewer for yaourt.

Defaults insults, logfile=/var/log/sudo

This will give you less boring messages

$ sudo su -   
Password: 
I have been called worse.

And I kinda like having every command run with sudo in a separate file. (makes it easier for forensics)

Last edited by Yannick_LM (2009-05-22 20:09:17)

rscholer · 2009-05-23 00:53:14

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Defaults specification
Defaults always_set_home
Defaults editor = /usr/bin/vim:/usr/bin/vi:/usr/bin/nano
Defaults lecture = once
Defaults passwd_timeout = 1
Defaults targetpw
Defaults timestamp_timeout = 5
Defaults tty_tickets
Defaults !fqdn

# Host alias specification

# User alias specification

# Cmnd alias specification
Cmnd_Alias CRYPT = /sbin/cryptsetup luksOpen *, /sbin/cryptsetup luksClose *
# Runas alias specification

# User privilege specification
root        ALL=(ALL) ALL
%wheel        ALL=(ALL) ALL
%storage    ALL=NOPASSWD: CRYPT

b9anders · 2009-05-23 13:48:41

Some power settings, full privileges for wireless tasks and otherwise I use sudo as one would with ubuntu, only it uses the root password to authorise. More convenient for me as I often tend to forget to log out of root terminals and just as secure.

# sudoers file.

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification
Defaults    rootpw, insults
# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL
MYNORMALUSER    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel    ALL=(ALL) ALL

# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
MYNORMALUSER  ALL = (ALL) NOPASSWD: /usr/sbin/pm-hibernate
MYNORMALUSER  ALL = (ALL) NOPASSWD: /usr/sbin/pm-suspend

### Netcfg ###
# User alias specification
User_Alias    NETPROFILERS=MYNORMALUSER, guest
# Cmnd alias specification
Cmnd_Alias NETPROFILES=/sbin/ifconfig,/usr/bin/iwconfig,/usr/sbin/iwlist,/usr/bin/netcfg2,/bin/hostname,/usr/sbin/lspci
# User privilege specification
NETPROFILERS    ALL=NOPASSWD: NETPROFILES
MYNORMALUSER  ALL = (ALL) NOPASSWD: /home/MYNORMALUSER/skiftlinie.sh
### Admin tasks for user ###

# User privilege specification
root ALL=(ALL) ALL
ADMINS ALL = SUPER

Renan Birck · 2009-05-23 15:20:57

Mine is pretty basic.

# User privilege specification
root    ALL=(ALL) ALL
renan   ALL=(ALL) ALL

# So anybody in the group sudoers can use sudo.
%sudoers    ALL=(ALL) ALL

Primoz · 2009-05-23 16:54:04

I going to ask it here, as it's no use starting a new thread:
How (and can) I set specific time it takes to "turn sudo off"? You know that it re-ask you for your password after let say 30mins? I think it is possible but I don't find this in Wiki.
Anyway my Sudo is just allowing me and root....

Peasantoid · 2009-05-23 17:23:57

Should be the option called "timestamp_timeout".

Defaults timestamp_timeout = ... # some number

ugaciaka · 2009-05-23 17:46:47

rscholer wrote:

# Defaults specification
Defaults always_set_home
Defaults lecture = once
Defaults tty_tickets
Defaults !fqdn

can you explain me this entry defaults? Thanks...

Last edited by ugaciaka (2009-05-23 17:49:04)

Primoz · 2009-05-23 19:16:04

Peasantoid wrote:

Should be the option called "timestamp_timeout".
Defaults timestamp_timeout = ... # some number

Thanks hope it works!

rscholer · 2009-05-23 20:11:56

ugaciaka wrote:

rscholer wrote:
...
can you explain me this entry defaults? Thanks...

man sudoers wrote:

always_set_home
If set, sudo will set the HOME environment variable to the home directory of the target user (which is root unless the -u option is used). This effectively means that the -H option is
always implied. This flag is off by default.
lecture
This option controls when a short lecture will be printed along with the password prompt. It has the following possible values:
always Always lecture the user.
never Never lecture the user.
once Only lecture the user the first time they run sudo.
If no value is specified, a value of once is implied. Negating the option results in a value of never being used. The default value is once.
tty_tickets
If set, users must authenticate on a per-tty basis. Normally, sudo uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, sudo will use a file named for the tty the user is logged in on in that directory. This flag is off by default.
fqdn
Set this flag if you want to put fully qualified hostnames in the sudoers file. I.e., instead of myhost you would use myhost.mydomain.edu. You may still use the short form if you wish (and even mix the two). Beware that turning on fqdn requires sudo to make DNS lookups which may make sudo unusable if DNS stops working (for example if the machine is not plugged into the network). Also note that you must use the host's official name as DNS knows it.
That is, you may not use a host alias (CNAME entry) due to performance issues and the fact that there is no way to get all aliases from DNS. If your machine's hostname (as returned by the hostname command) is already fully qualified you shouldn't need to set fqdn. This flag
is off by default.

Kn3cHt · 2009-05-24 18:29:15

mike ALL=(ALL) NOPASSWD: /usr/bin/truecrypt
mike ALL=(ALL) NOPASSWD: /bin/ntfs-3g
mike ALL=/usr/bin/pacman

robmaloy · 2009-05-25 06:54:52

most important:

Defaults insults

x33a · 2009-08-17 02:53:05

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

Cmnd_Alias SHUTDOWN_CMDS = /sbin/shutdown, /sbin/reboot

Cmnd_Alias NETWORK_TOOLS = /usr/sbin/pppoe-start, /usr/sbin/pppoe-stop

# Defaults specification
Defaults insults

# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
 %wheel    ALL=(ALL) ALL

# Same thing without a password
# %wheel    ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

# Commands without a password

%wheel ALL=(ALL) NOPASSWD: SHUTDOWN_CMDS
%wheel ALL=(ALL) NOPASSWD: NETWORK_TOOLS

Arch Linux

#1 2009-05-21 23:30:37

Post your /etc/sudoers (if you use sudo)

#2 2009-05-22 01:27:03

Re: Post your /etc/sudoers (if you use sudo)

#3 2009-05-22 01:30:03

Re: Post your /etc/sudoers (if you use sudo)

#4 2009-05-22 02:16:45

Re: Post your /etc/sudoers (if you use sudo)

#5 2009-05-22 02:21:40

Re: Post your /etc/sudoers (if you use sudo)

#6 2009-05-22 03:12:16

Re: Post your /etc/sudoers (if you use sudo)

#7 2009-05-22 04:49:26

Re: Post your /etc/sudoers (if you use sudo)

#8 2009-05-22 07:39:31

Re: Post your /etc/sudoers (if you use sudo)

#9 2009-05-22 09:33:46

Re: Post your /etc/sudoers (if you use sudo)

#10 2009-05-22 17:50:24

Re: Post your /etc/sudoers (if you use sudo)

#11 2009-05-22 20:08:47

Re: Post your /etc/sudoers (if you use sudo)

#12 2009-05-23 00:53:14

Re: Post your /etc/sudoers (if you use sudo)

#13 2009-05-23 13:48:41

Re: Post your /etc/sudoers (if you use sudo)

#14 2009-05-23 15:20:57

Re: Post your /etc/sudoers (if you use sudo)

#15 2009-05-23 16:54:04

Re: Post your /etc/sudoers (if you use sudo)

#16 2009-05-23 17:23:57

Re: Post your /etc/sudoers (if you use sudo)

#17 2009-05-23 17:46:47

Re: Post your /etc/sudoers (if you use sudo)

#18 2009-05-23 19:16:04

Re: Post your /etc/sudoers (if you use sudo)

#19 2009-05-23 20:11:56

Re: Post your /etc/sudoers (if you use sudo)

#20 2009-05-24 18:29:15

Re: Post your /etc/sudoers (if you use sudo)

#21 2009-05-25 06:54:52

Re: Post your /etc/sudoers (if you use sudo)

#22 2009-08-17 02:53:05

Re: Post your /etc/sudoers (if you use sudo)

Board footer