Hello Everyone,
I am trying to change our /etc/sudoers (using visudo) to allow 2 commands to be run as root without a password, but it isn't working. Here is the part of the sudoers file that is in question.
# User alias specification User_Alias FULLACCESS = doug, scott
# members of the FULLACCESS User_Alias may run chown and chmod without a password FULLACCESS ALL = (root) NOPASSWD: /bin/chown, /bin/chmod
# members of the FULLACCESS User_Alias may run anything but need a password FULLACCESS ALL=(root) ALL
The part for requiring a password works, but not the NOPASSWD line. I have tried changing the order of these lines with no change in behavior. After each change to the sudoers file, I am logging out of the machine and logging back in to make sure that it is properly reading the changes.
I have also replaced the list of commands with a Cmnd_Alias, with no change in behavior.
Any thoughts or suggestions about what I am missing.
On Thu, Sep 18, 2008 at 11:19 PM, Ski Dawg centos@skidawg.org wrote:
Hello Everyone,
I am trying to change our /etc/sudoers (using visudo) to allow 2 commands to be run as root without a password, but it isn't working. Here is the part of the sudoers file that is in question.
# User alias specification User_Alias FULLACCESS = doug, scott
# members of the FULLACCESS User_Alias may run chown and chmod without a password FULLACCESS ALL = (root) NOPASSWD: /bin/chown, /bin/chmod
# members of the FULLACCESS User_Alias may run anything but need a password FULLACCESS ALL=(root) ALL
The part for requiring a password works, but not the NOPASSWD line. I have tried changing the order of these lines with no change in behavior. After each change to the sudoers file, I am logging out of the machine and logging back in to make sure that it is properly reading the changes.
I have also replaced the list of commands with a Cmnd_Alias, with no change in behavior.
Any thoughts or suggestions about what I am missing.
Hi,
Can you remove (root) and then try for NOPASSWD
Regards
Ankush
On Fri, Sep 19, 2008 at 9:40 AM, ankush grover ankushcentos@gmail.com wrote:
On Thu, Sep 18, 2008 at 11:19 PM, Ski Dawg centos@skidawg.org wrote:
Hello Everyone,
# User alias specification User_Alias FULLACCESS = doug, scott
# members of the FULLACCESS User_Alias may run chown and chmod without a password FULLACCESS ALL = (root) NOPASSWD: /bin/chown, /bin/chmod
# members of the FULLACCESS User_Alias may run anything but need a password FULLACCESS ALL=(root) ALL
Can you remove (root) and then try for NOPASSWD
Thanks for the reply. I finally figured it out later.
What I eneded up having to do is place the NOPASSWD line AFTER the password required line, like: # members of the FULLACCESS User_Alias may run anything but need a password FULLACCESS ALL=(ALL) ALL
# members of the FULLACCESS User_Alias may run chown and chmod without a password FULLACCESS ALL = NOPASSWD: /bin/chown, /bin/chmod
I found something somewhere, don't remember where though, that stated that sudoers worked down the entire file, and the following line would overwrite the access, thus requiring a password when the line were switched.
Another thing that got me for a little bit, when using visudo to edit the sudoers file, it is actually just editing a tmp file, so to completely write your changes to /etc/sudoers, you have to actually quit visudo, just like when editing cron.
Thanks again for your reply.
-
ankush grover -
Ski Dawg