Re: permissions/sudo/sudoers
On Tue, 2 Apr 2013 01:45:53 +0200
sp113438 <sp113438@telfort.nl> wrote:
Personally I think it would be great if package devs added perhaps
commented by default lines sudoers or to a file in sudoers.d
There is no need for groups and logging back in for the average system
and sudoers changes take immediate effect whereas group changes don't.
Though groups can be handy. Sudo is much easier to use, encourages
better programming and is more secure and more powerful than polkit
partly due to being filesystem based and certainly less disruptive as
it is simply a tool in the proper UNIX sense.
You should use visudo as root to edit sudoers as it will warn you if
you have mad a mistake before applying the new policy
> add to /ets/sudoers:
> yourname ALL=(ALL) NOPASSWD:ALL
Or to be more secure as you really shouldn't do the above even with
Requiretty enabled and even if using a seperate autologged in user from
the console
yourusername ALL=(ALL) NOPASSWD: /usr/bin/apt-get install
[a-zA-Z0-9-]*
or to match more packages
yourusername ALL=(ALL) NOPASSWD: /usr/bin/apt-get install *
Some others may be handy too.
yourusername ALL=(ALL) NOPASSWD: /usr/bin/apt-get install
[a-zA-Z0-9-]*, /usr/bin/apt-get update, /usr/bin/apt-get
dist-upgrade, /usr/bin/aptitude
This one should have a password
yourusername ALL=(ALL) sudoedit /etc/apt/sources.list
Using synaptic to decide what to install (you don't need root to
browse) before using aptitude, isn't a bad idea.
Later rules override previous ones which may matter if a more inclusive
match such as ALL commands allowed with password comes after a NOPASSWD
match.
Unfortunately apt downloads as root. It is priviledge reduction in
things like that that distros should be focussing on rather than
wasing time on this polkit when sudo exits, especially because it's
predecessor was apparently criticised out of existence.
Reply to: