Re: passwordless sudo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2011-11-30 at 17:36 +0000, Marko Vojinovic wrote:
> On Wednesday 30 November 2011 10:49:40 Mike Chambers wrote:
> > On Wed, 2011-11-30 at 13:38 +0300, Hiisi wrote:
> > > Hi, list!
> > > I'm trying to set up passwordless sudo for myself. It's a shiny brand
> > > new fresh-installed F16. During first boot I had been asked to create
> > > a new user and put him to administrative group. I answered yes and
> > > hence my user is able to run commands using sudo. However in
> > > /etc/sudoers there's not a mention of my user. I've added the
> > > following string to it:
> > > hiisi   ALL=(ALL)       NOPASSWD: ALL
> > 
> > On initial installs when this is setup, your userID is not added to the
> > sudoers file itself.  The *wheel* group is what is allowed/setup in
> > sudoers, and your userid is added to the *wheel* group in the /etc/group
> > file, such as below..
> > 
> > wheel:x:10:your-username-here
> > 
> > If you wanted to do passwordless, then comment out the line below..
> > 
> > ## Allows people in group wheel to run all commands
> > %wheel        ALL=(ALL)       ALL
> > 
> > And uncomment the line below here..
> > 
> > ## Same thing without a password
> > # %wheel  ALL=(ALL)       NOPASSWD: ALL
> > 
> > In other words, it doesn't add the username/ID itself to the sudoers
> > file, it goes through the *wheel* group and you add/drop users from
> > there on need to use basis.
> 
> Wouldn't this actually enable passwordless sudo for all members of the wheel 
> group, rather than just for one user?

Yes it would.  Or change the group to something else instead of wheel
and just make sure the groups file is updated.

> 
> What would the config look like if the OP wants to be both a member of the 
> wheel group, and have a paswordless sudo config *only* for himself?

If just using the stuff already in the config, for example the OP could
uncomment the first one with wheel and use that one with passwords, and
then uncomment the line below and put in his own group for ones without
passwords.

Not sure which one is read/used first but assuming it would know.  man
sudoers for more information.


-- 
Mike Chambers
Madisonville, KY

"The best town on Earth!"

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org


[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux