[sudo-users] require password
Micha
codejodler at gmx.ch
Tue Jan 24 10:22:09 EST 2006
Hello, i'm new on this list.
I'm running Debian testing/unstable on a small homenet, Sudo version 1.6.8p12,
and like to learn about sudo. I created the following sudoers file:
Defaults mail_no_host,passwd_tries=2,listpw=always
Defaults editor=/usr/bin/nano:/usr/bin/mcedit
Defaults syslog=auth
User_Alias STAFF = michl, otter # fully trusted
User_Alias LOGIN = gast # standard privileges
Host_Alias LOCAL = woody, woody.lan0, woody.lan1
michl LOCAL = ( root ) PASSWD: /root/Scripts/useröhm
root ALL = ( ALL ) ALL
LOGIN LOCAL = ( root ) PASSWD: /usr/bin/apm # for session-chooser
LOGIN LOCAL = ( root ) PASSWD: /usr/local/bin/keyboardreset
LOGIN LOCAL = ( root ) PASSWD: /usr/local/bin/sendsleep
LOGIN LOCAL = ( root ) PASSWD: /sbin/shutdown # for session-chooser
STAFF LOCAL = ( root ) PASSWD: /sbin/halt
STAFF LOCAL = ( root ) PASSWD: /usr/bin/multi-gnome-terminal
STAFF LOCAL = ( root ) PASSWD: /usr/bin/xlogmaster
STAFF LOCAL = ( root ) PASSWD: /usr/bin/gps
STAFF LOCAL = ( root ) PASSWD: /usr/bin/nmapfe
STAFF LOCAL = ( root ) PASSWD: /usr/bin/nmap
STAFF LOCAL = ( root ) PASSWD: /usr/local/bin/bootlogin
STAFF LOCAL = ( root ) PASSWD: /usr/local/bin/ipf
STAFF LOCAL = ( root ) PASSWD: /sbin/ifup
STAFF LOCAL = ( root ) PASSWD: /sbin/ifdown
STAFF LOCAL = ( root ) PASSWD: /etc/init.d/networking restart
STAFF LOCAL = ( root ) PASSWD: /usr/local/bin/dudump
STAFF LOCAL = ( root ) PASSWD: /usr/local/bin/packup
Now i wonder why it doesn't require user 'otter' group 'STAFF' to type in the passwd when he calls sudo -l ?
I expected the Defaults directive 'listpw=always' to achieve that.
Neither does it work for any of the other listed sudo commands.
It works with a standard user 'gast' of group LOGIN, though.
-- Micha.
More information about the sudo-users
mailing list