[WNYLUG-Users] sudoers problem

Joe josephj at main.nc.us
Wed Jan 5 21:02:31 EST 2011


Well, I tried the sticky bit and got scolded by the gtk+ team for my 
efforts. See my reply to Pete.

Is there any way to do this at all?

If not, I'll either just put up with the error or only run the gui when 
I need to configure or debug my firewall settings.

Maybe it will go away eventually as i upgrade kubuntu/kde.

Joe

On 01/05/2011 07:38 PM, Joe wrote:
> I know about sticky bits, but I've never been able to get them to do 
> anything i wanted. There's probably something I don't quite understand.
>
> This is a notebook computer. It has 2 user accounts, but I'm the only 
> one who really uses it.
>
> Because it's a notebook and goes with me occasionally, I don't really 
> know if relaxing security is a good idea. I do keep almost all of my 
> personal data on a USB drive that i usually don't carry with me.
> OTOH, if I lose the notebook, anyone who knows anything at all about 
> Linux can boot it from a live CD and get to everything that isn't 
> encrypted (just a few personal documents that I'm currently working on 
> and my phone book are encrypted by OOo), so I'm not sure how much 
> security really matters.
>
> Would adding a sticky bit as you suggest do anything to make it easier 
> for my notebook to get hacked over the Internet? My sense is that it 
> wouldn't, but there have been so many ingenious exploits that I don't 
> trust my common sense on matters of security.
>
> I'm also about to configure a new notebook for Rita who is not a 
> computer person at all. I would like to set up her computer (including 
> firestarter) as close to the way mine is as possible so I can figure 
> things out remotely and not have to remember too many special things 
> that work in one place but not the other.
>
> Joe
>
> On 01/05/2011 10:04 AM, Corey Reichle wrote:
>> Is this for a single-user computer? If so, why not just add the 
>> sticky bit to the binary? Then, no sudo required even. For a 
>> mutli-user machine, I wouldn't recommend it, however.
>>
>> On Wed, Jan 5, 2011 at 8:10 AM, Monkberry <peter at monkberry.com 
>> <mailto:peter at monkberry.com>> wrote:
>>
>> peter ALL = NOPASSWD: /sbin/rmmod
>>
>> (note: this allows peter to run the command "sudo /sbin/rmmod"
>> without entering a password. It MUST be put on the last line of
>> the file using visudo as root. The word ALL in this case could be
>> modified to be the machine name of the box.
>>
>> NOTE: This only allows for the command to be run with sudo without
>> asking for a password. If I am not the user above and do NOT use
>> the command "sudo /sbin/rmmod" (i.e. just /sbin/rmmod) it will NOT
>> work. Also, the command in the sudo file must be used exactly as
>> the command systax in the sudo file.
>>
>>
>> Joe wrote:
>>> I need to be able to start (and maybe kill) firestarter without a
>>> password.
>>>
>>> I set up my sudoers file to do that, but it doesn't work.
>>> There's probably a syntax error or something similar in it.
>>> I think I tried it with a blank between the ':' and the
>>> /usr/sbin/firestarter, but it didn't help.
>>>
>>> My user is a member of the admin group, so it should work anyway,
>>> shouldn't it?
>>>
>>> Just for the heck of it, I'm going to move the admin group part
>>> to the end and see if that helps.
>>>
>>> Any help would be appreciated.
>>>
>>> Joe
>>>
>>> # /etc/sudoers
>>> #
>>> # This file MUST be edited with the 'visudo' command as root.
>>> #
>>> # See the man page for details on how to write a sudoers file.
>>> #
>>>
>>> Defaults env_reset
>>>
>>> # Host alias specification
>>>
>>> # User alias specification
>>>
>>> # Cmnd alias specification
>>>
>>> # User privilege specification
>>> root ALL=(ALL) ALL
>>>
>>> # Uncomment to allow members of group sudo to not need a password
>>> # (Note that later entries override this, so you might need to move
>>> # it further down)
>>> # %sudo ALL=NOPASSWD: ALL
>>>
>>> # Members of the admin group may gain root privileges
>>> %admin ALL=(ALL) ALL
>>>
>>> # Users can start the firewall with no password
>>> bigbird ALL=NOPASSWD:/usr/sbin/firestarter
>>> shelelia ALL=NOPASSWD:/usr/sbin/firestarter
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at wnylug.org <mailto:Users at wnylug.org>
>>> http://wnylug.org/mailman/listinfo/users_wnylug.org
>>
>> -- monkberry.com
>> 115 Richfield Road
>> Williamsville, New York 14221
>> 716-553-8525
>>
>> _______________________________________________
>> Users mailing list
>> Users at wnylug.org <mailto:Users at wnylug.org>
>> http://wnylug.org/mailman/listinfo/users_wnylug.org
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at wnylug.org
>> http://wnylug.org/mailman/listinfo/users_wnylug.org
>
>
> _______________________________________________
> Users mailing list
> Users at wnylug.org
> http://wnylug.org/mailman/listinfo/users_wnylug.org
>




More information about the Users mailing list