View previous topic :: View next topic |
Author |
Message |
sbdmmg n00b
Joined: 01 Jul 2010 Posts: 34 Location: NJ, USA
|
Posted: Sun Jul 08, 2012 11:34 pm Post subject: [SOLVED] sudo NOPASSWD propts for password |
|
|
Hello,
I have one line in my sudoers file that reads
Code: |
gerbaudo ALL = NOPASSWD: /usr/sbin/pm-suspend , /sbin/ifconfig , /sbin/iwconfig , /sbin/dhcpcd , PASSWD:ALL
|
and the sudoers file seems to be fine:
Code: |
# visudo -c
/etc/sudoers: parsed OK
|
Code: |
gerbaudo $ sudo -l
User gerbaudo may run the following commands on this host:
(root) NOPASSWD: /usr/sbin/pm-suspend, (root) /sbin/ifconfig, (root) /sbin/iwconfig, (root) /sbin/dhcpcd, (root) PASSWD: ALL
(ALL) ALL
|
However, when I try to run one of these commands I get the prompt for my password.
Code: |
$ sudo /usr/sbin/pm-suspend
Password:
|
Any idea about what I could be doing wrong? I looked for some 'verbose' option, but I cannot find any useful debug info.
Many thanks,
davide
Code: |
$ sudo -V
Sudo version 1.8.5p2
Sudoers policy plugin version 1.8.5p2
Sudoers file grammar version 41
Sudoers I/O plugin version 1.8.5p2
|
Code: |
# emerge --info
Portage 2.1.10.65 (default/linux/x86/10.0, gcc-4.5.3, glibc-2.14.1-r3, 3.2.21-gentoo i686)
=================================================================
System uname: Linux-3.2.21-gentoo-i686-Intel-R-_Core-TM-_i5-2520M_CPU_@_2.50GHz-with-gentoo-2.1
Timestamp of tree: Sat, 07 Jul 2012 15:15:01 +0000
app-shells/bash: 4.2_p20
dev-java/java-config: 2.1.11-r3
dev-lang/python: 2.7.3-r2, 3.2.3
dev-util/cmake: 2.8.7-r5
dev-util/pkgconfig: 0.26
sys-apps/baselayout: 2.1-r1
sys-apps/openrc: 0.9.8.4
sys-apps/sandbox: 2.5
sys-devel/autoconf: 2.13, 2.68
sys-devel/automake: 1.9.6-r3, 1.11.1
sys-devel/binutils: 2.21.1-r1
sys-devel/gcc: 4.5.3-r2
sys-devel/gcc-config: 1.6
sys-devel/libtool: 2.4-r1
sys-devel/make: 3.82-r1
sys-kernel/linux-headers: 3.1 (virtual/os-headers)
sys-libs/glibc: 2.14.1-r3
Repositories: gentoo zugaina dev-zero science x-portage
ACCEPT_KEYWORDS="x86"
|
Last edited by sbdmmg on Mon Jul 09, 2012 10:12 pm; edited 1 time in total |
|
Back to top |
|
|
kurly Apprentice
Joined: 02 Apr 2012 Posts: 260
|
Posted: Mon Jul 09, 2012 12:55 am Post subject: |
|
|
From the man page for sudoers:
Quote: | When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last
match is used (which is not necessarily the most specific match).
|
So try moving the more specific rules to the end. Please report back and let us know if this works. |
|
Back to top |
|
|
sbdmmg n00b
Joined: 01 Jul 2010 Posts: 34 Location: NJ, USA
|
Posted: Mon Jul 09, 2012 8:12 am Post subject: |
|
|
Hello,
Thanks a lot for your message. Indeed, I had one rule following the user-specific one.
However, even after moving the user-specific rule at the end of the sudoers file, the prompt for password still comes up.
Code: |
gerbaudo $ sudo -l
User gerbaudo may run the following commands on this host:
(ALL) ALL
(root) NOPASSWD: /usr/sbin/pm-suspend, (root) /sbin/ifconfig, (root) /sbin/iwconfig, (root) /sbin/dhcpcd, (root) PASSWD: ALL
gerbaudo $ sudo /sbin/ifconfig
Password:
|
My current sudoers file is here http://pastebin.com/RHQpseSd
Thanks for any suggestion you might have.
Cheers,
davide |
|
Back to top |
|
|
kurly Apprentice
Joined: 02 Apr 2012 Posts: 260
|
Posted: Mon Jul 09, 2012 2:26 pm Post subject: |
|
|
The (root) PASSWD: ALL at the end of the line is still superseding everything that comes before it. |
|
Back to top |
|
|
sbdmmg n00b
Joined: 01 Jul 2010 Posts: 34 Location: NJ, USA
|
Posted: Mon Jul 09, 2012 10:11 pm Post subject: |
|
|
Thank you, Kurly!
I wanted to have a few commands without password, and everything else with password.
I misread the sudoers man page, and just appended the 'PASSWD:ALL' bit at the end of the line.
Now working with the line below:
Code: |
gerbaudo ALL = PASSWD:ALL, NOPASSWD: /usr/sbin/pm-suspend , /sbin/ifconfig , /sbin/iwconfig , /sbin/dhcpcd
|
Many thanks,
davide |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|