Bug#697490: Passwordless sudo without modifying /etc/sudoers ?

To: Chris Fordham <chris.fordham@rightscale.com>, 697490@bugs.debian.org
Subject: Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
From: Guido Trotter <ultrotter@gmail.com>
Date: Sun, 6 Jan 2013 08:55:47 +0100
Message-id: <[🔎] CAM4p=JMyH8pNsmGNYr1+_=UNoYpCik-eDUh7p0Eimr-X3Y0keg@mail.gmail.com>
Reply-to: Guido Trotter <ultrotter@gmail.com>, 697490@bugs.debian.org
In-reply-to: <[🔎] op.wqg12vh927hw59@lister.dev.xhost.net.au>
References: <[🔎] 20130106033204.GF26783@falafel.plessy.net> <[🔎] op.wqg12vh927hw59@lister.dev.xhost.net.au>

Note that debian's default sudo (at least in wheezy, I haven't checked
squeeze now) includes files /etc/suders.d/
So dropping a file with the additional line you need there is a way to
add sudo rules without modifying /etc/sudoers.

Thanks,
Guido

On Sun, Jan 6, 2013 at 5:14 AM, Chris Fordham
<chris.fordham@rightscale.com> wrote:
> On Sun, 06 Jan 2013 14:32:04 +1100, Charles Plessy <plessy@debian.org>
> wrote:
>
>> Package: cloud.debian.org
>> Severity: minor
>>
>> Hello everybody,
>>
>> while updating from Squeeze to Wheezy an image created by
>> ec2debian-build-ami,
>> I was interrupted by dpkg to manage the update of /etc/sudoers as it was
>> locally modified by ec2debian-build-ami to add the following line:
>>
>> admin   ALL=(ALL) NOPASSWD: ALL
>>
>> At first I thought that it could be simplified by simply adding the admin
>> user
>> to the sudoer group, however this does not work as the admin user does not
>> have
>> a password, and by default, sudo will ask for one to the members of the
>> sudo
>> group:
>>
>> %sudo   ALL=(ALL:ALL) ALL
>>
>> However, I note that in Ubuntu, a password is not asked, despite that the
>> configuration is very similar (using the group admin instead of sudo).
>>
>> %admin ALL=(ALL) ALL
>>
>> Does anybody know how to allow passwordless access to the members of the
>> sudo
>> group without modifying /etc/sudoers ?  This would simplify the
>> interactive
>> upgrades of our virtual machines.
>
> Afaik, this is what /etc/sudoers is for and should be edited by visudo, at
> least for interactive (SUDOERS(5)).
> For automation of this configuration I like using Chef and the sudo
> cookbook, http://community.opscode.com/cookbooks/sudo. I am not sure why you
> are looking for another way without editing /etc/sudoers.
>
>
>> Have a nice Sunday,
>>
>
>
> --
>
> Chris Fordham
>
> Backline Support Engineer
> RightScale Technical Services
>
>
> Direct: +1 805 243 0252
>
> Cell: +61 423 003 417
>
> Skype: chris.fordham.rs
>
> Email: chris.fordham@rightscale.com
>
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: [🔎] op.wqg12vh927hw59@lister.dev.xhost.net.au">http://lists.debian.org/[🔎] op.wqg12vh927hw59@lister.dev.xhost.net.au
>

Reply to:

Follow-Ups:
- Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
  - From: Bob Proulx <bob@proulx.com>

References:
- Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
  - From: Charles Plessy <plessy@debian.org>
- Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
  - From: "Chris Fordham" <chris.fordham@rightscale.com>

Prev by Date: Bug#697490: cloud: 697490: use sudoers.d
Next by Date: Bug#697490: cloud: 697490: use sudoers.d
Previous by thread: Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
Next by thread: Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
Index(es):
- Date
- Thread