You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2011-05-10 16:17:40
- Gooru
- Member
- From: Poland
- Registered: 2010-08-25
- Posts: 53
[SOLVED]Another sudoers file problem
I'm sorry to post something like this, but I can't figure out what's going on. I've been "playing" with visudo the whole day, I read FAQs, HOWTOs and man pages. It was finally working about an hour ago. Unfortunately it made me happy only for a moment, after rebooting nothing worked like before. I tried again, made some changes, it worked again and then broke after reboot. Here is my sudoers file:
## User privilege specification
##
root ALL=(ALL) ALL## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL, !/sbin/shutdown, !/sbin/reboot, !/home/piotrek/brightness/brightnessUp, !/home/piotrek/brightness/brightnessDown
## Same thing without a password
%wheel ALL=NOPASSWD: /sbin/shutdown, /sbin/reboot, /home/piotrek/brightness/brightnessUp, /home/piotrek/brightness/brightnessDown## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
Last edited by Gooru (2011-06-23 15:48:13)
Offline
#2 2011-05-10 16:31:35
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 19,774
Re: [SOLVED]Another sudoers file problem
I am not an expert, but I think negation (!) only applies to things like UID, GID, etc...
Unlike the format of /etc/rc.conf, I don't think that prefixing a ! to a command name to disable it is valid in /etc/sudoers
Try commenting out the entire first %wheel line
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#3 2011-05-10 16:42:57
- Gooru
- Member
- From: Poland
- Registered: 2010-08-25
- Posts: 53
Re: [SOLVED]Another sudoers file problem
EDIT: Ok, I finally managed to notice what is going on. Although the scripts were executable and permission was granted for them, the problem was sh command. My working sudoers file looks like this:
Cmnd_Alias PROC = /bin/sh, /sbin/shutdown, /sbin/reboot, /home/piotrek/brightness/brightnessUp, /home/piotrek/brightness/brightnessDown
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL, NOPASSWD: PROC
And it works, but I'm worried about giving NOPASSWD to /bin/sh. I think it gives the opportunity to execute any script on my computer without my permission. So, I want to know, whether I'm right and what can I do to prevent such event or whether there is any other way of using scripts.
PS
My current sudoers file, doesn't contain the "/bin/sh" expression, so do not be worried ;]
EDIT:
Ok, I finally found a solution. I encountered interesting topic on the other forum about visudo and thought maybe adding sh with accurate option will be better, so I tried:
Cmnd_Alias PROC = /bin/sh /home/piotrek/brightness/brightnessUp, /bin/sh /home/piotrek/brightness/brightnessDown, /sbin/shutdown, /sbin/reboot
And it works!
So I'll mark this thread as solved ;]
Last edited by Gooru (2011-06-23 15:47:49)
Offline
Pages: 1