[sudo-users] Giving access to one app for all users
Paul Thompson
p_thompson at mac.com
Thu May 18 14:14:20 EDT 2006
On 17-May-06, at 9:34 PM, Bob Proulx wrote:
> Paul Thompson wrote:
>> Pirates-Cove:~ paul$ sudo -l
>> User paul may run the following commands on this host:
>> (ALL) ALL
>> (root) NOPASSWD: ALL
>> Pirates-Cove:~ paul$
>>
>> If I understand this correctly, it seems to be saying that the
>> user paul can run all commands, and root may run all commands without
>> a password.
>
> As I read it the first line says that paul can run all commands as all
> users. It will ask for a password for this. The second line says
> that user paul can run all commands as root and will not ask for a
> password. It is root because the sudoers file did not specify (ALL)
> in the users field and so defaults to (root).
>
>> The only thing I don't see is a reference to the print
>> command.
>
> Agreed. This is so different from the file you showed that I have to
> wonder if the sudo you are using is actually referencing a completely
> different sudoers file than the one you think it is using. The file
> you showed did not have any reference to "(root) NOPASSWD: ALL" for
> any user. Are you sure you were using the right file?
>
> On my machine I can run strings on the binary and find the file path
> to the sudoers file.
>
> strings /usr/bin/sudo | grep sudoers
> ...
> /etc/sudoers
> ...
>
> Bob
Hi,
When I modified the sudoers file, I cd to /etc and then
authenticated as root before I ran visudo -f /etc/sudoers to modify
the file. I tried the command you sent as my second admin and this
is what I received back:
Password:
User paul may run the following commands on this host:
(ALL) ALL
Pirates-Cove:~ paul$ strings /usr/bin/sudo | grep sudoers
strings: can't open file: /usr/bin/sudo (Permission denied)
Pirates-Cove:~ paul$ sudo strings /usr/bin/sudo | grep sudoers
user NOT in sudoers ;
%s is not in the sudoers file. %s
unable to change to sudoers gid
/private/etc/sudoers
>>> sudoers file: %s, line %d <<<
Send mail if the user is not in sudoers
Send mail if the user is not in sudoers for this host
Require fully-qualified hostnames in the sudoers file
ignore_local_sudoers
If LDAP directory is up, do we ignore local sudoers file
Available options in a sudoers ``Defaults'' line:
Pirates-Cove:~ paul$
I then tried a command I am a little more familiar with, and I
received this back:
Pirates-Cove:~ paul$ locate sudoers
/private/etc/sudoers
/private/etc/sudoers.org
/usr/share/man/man5/sudoers.5
Pirates-Cove:~ paul$
It appears that I only have two copies of sudoers, and one is my
backup copy before I stated messing with the sudoers file. As far as
I can determine, I am using the right, but for some reason it is not
acknowledging the changes I have made to it.
Paul
More information about the sudo-users
mailing list