[K12OSN] Visudo Sudoers

Jim Kronebusch jim at winonacotter.org
Thu Jan 26 20:57:38 UTC 2006 

On Thu, 26 Jan 2006 08:21:48 -0500, Paul VanGundy wrote
> All,
> 
> We are editing the Sudoers file via visudo to allow certain techs to 
> not have to be prompted for a password and to accomplish root 
> specific configurations without having to be root.
> 
> We edited the sudoers file and it doesn't seem to be working for us.
> This is an example of what our sudoers file looks like after we modified
> it:
> 
> # /etc/sudoers
> #
> # This file MUST be edited with the 'visudo' command as root.
> #
> # See the man page for details on how to write a sudoers file.
> #
> 
> # Host alias specification
> 
> # User alias specification
> 
> # Cmnd alias specification
> 
> # Defaults
> 
> Defaults        !lecture,tty_tickets,!fqdn
> 
> # User privilege specification
> root    ALL=(ALL) ALL
> paul    ALL=NOPASSWD:ALL
> # Members of the admin group may gain root privileges
> %admin  ALL=(ALL) ALL
> 
> As you can see in the example above we added the user paul and
> configured it to not prompt for a password. Can anyone see what the
> problem we're running into might be? Thanks in advance.

Well, I have never used this before, but since I am running Ubuntu I thought I
would try it since there doesn't seem to be much help.  I set mine up just
like yours but with my username using visudo.  I thought it a little odd to
save as /etc/sudoers.tmp but I did anyway, and was surprised to see that it
turning it into a /etc/sudoers file.  Mine worked perfectly.  So now I will
speculate at what may be your problem.

First, I hate to say it, but does the username match.  
Next if you want to do this for a group of users you could create a user alias
and list all users under this, might make it cleaner.
I tried both ways, worked fine for me still.
So now I am wondering about the Defaults section.  I see the !fqdn and assume
this means that you have to log in from a fully qualified domain name to pass
access.  I am thinking if you are logging in from another machine this may
give you trouble, so now I am asking if you are performing all tests on this
box or if you have ssh'd in from another?

Also I don't know if syntax is a problem in this file or not, I see your text
above does not have spaces after ALL = NOPASSWD: ALL as is is presented in the
example sudoers file.  I tried taking the spaces out of mine but it seams to
work.  Maybe you have trailing spaces and that is making it not work (some
config files can be messed up by trailing whitespace).

Does that help?

-- 
This message has been scanned for viruses and
dangerous content by the Cotter Technology 
Department, and is believed to be clean.

More information about the K12OSN mailing list