On Mon, Jun 29, 2020 at 12:30 AM ToddAndMargo via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > On 2020-06-28 13:15, Tom H wrote: >> On Sun, Jun 28, 2020 at 10:01 PM ToddAndMargo via users >> <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: >>> On 2020-06-28 12:16, ToddAndMargo via users wrote: >>>> I am trying to use sudo to work around the following bug >>>> I posted: >>>> >>>> ifdown access denied with USERCTL=yes >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1828100 >>>> >>>> I wish they'd fix the bug, but it does not seems like it >>>> is every going to get any attention. >>>> >>>> So anyway, I fired up `sudovi` and added the following >>>> at the end of /etc/sudo.conf`: >>>> >>>> ## Allows members of the users group to down eno2 >>>> %users ALL=/usr/libexec/nm-ifdown eno2 >>>> >>>> Now when I run it from the command line, I get: >>>> >>>> $ /usr/libexec/nm-ifdown eno2 >>>> Error: failed to load connection: access denied. >>>> >>>> Questions: >>>> >>>> 1) I thought `sudovi` caused sudo to reread sudo.conf >>>> on its exit. Am I mistaken? And if so, how do I >>>> force a reread? >>>> >>>> 2) what is wrong with the syntax of the command I added >>>> to sudo.conf? >> >> It's "/etc/sudoers.conf". > > Obviously not the right one. Sorry. "/etc/sudoers". > $ ls -al /etc/sudo.conf > -rw-r--r--. 1 root root 3953 Mar 27 01:50 /etc/sudo.conf > > $ less /etc/sudu.conf > > # > # Default /etc/sudo.conf file > # > # Sudo plugins: > # Plugin plugin_name plugin_path plugin_options ... > # > # The plugin_path is relative to /usr/libexec/sudo unless > # fully qualified. > # The plugin_name corresponds to a global symbol in the plugin > # that contains the plugin interface structure. > # The plugin_options are optional. > # > # The sudoers plugin is used by default if no Plugin lines are present. > Plugin sudoers_policy sudoers.so > Plugin sudoers_io sudoers.so This file isn't for setting up sudo privileges. >> It's better to add a file, for example "/etc/sudoers.d/ifdown", with >> "visudo -f /etc/sudoers.d/ifdown". > > # ls /etc/sudoers.d > pkg-build > > # grep -i nm-ifdown /etc/sudoers > %users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2 Sure. But you'll have an rpmnew or an rpmsave file at the next sudo update. >>> Ah ha! This worked: >>> >>> %users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2 >> >> Better: >> >> %users ALL=(root) NOPASSWD: /usr/libexec/nm-ifdown > > I wanted the command to be specific to eno2 >>> >>> Then >>> >>> $ sudo /usr/libexec/nm-ifdown eno2 >>> >>> Connection 'eno2' successfully deactivated (D-Bus active path: >>> /org/freedesktop/NetworkManager/ActiveConnection/2) >>> >>> >>> and `sudovi` did cause the re-read as I thought >> >> There's no "sudovi". There's "visudo" to edit the configuration and >> there's "sudoedit" to edit a file as another user. > > I commonly will reverse letter. > > :'( > > does sudoedit reload the conf file when it exits? There's no reload. The changes are effective immediately. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
